Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-01-18...ye.exe

windows7-x64

9

2024-01-18...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 22:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-18_309589c06a00682b259f27c71d503ada_goldeneye.exe

  • Size

    180KB

  • MD5

    309589c06a00682b259f27c71d503ada

  • SHA1

    11f79ffc3e7c67c6380a7bdf397ccdaf0c273179

  • SHA256

    08e17fb8c4ad78d79d50fdda2d4415a7a62a07545ce92bf7125d0ab04676788d

  • SHA512

    6fd1adce8a1a12e66f69661ecdc6249b29317295a58fdf19f4bc9ad3d5027c4c4bd2a49e65be1c7dd432c6aca962cee086b289304beab6bd03755a208ed4f34f

  • SSDEEP

    3072:jEGh0oIlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGql5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-18_309589c06a00682b259f27c71d503ada_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-18_309589c06a00682b259f27c71d503ada_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\{A9FCF504-C8B6-4861-9013-A0C3C76FE448}.exe
      C:\Windows\{A9FCF504-C8B6-4861-9013-A0C3C76FE448}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Windows\{25D82104-7806-46c8-9ECB-C620D26E101F}.exe
        C:\Windows\{25D82104-7806-46c8-9ECB-C620D26E101F}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1128
        • C:\Windows\{D5717373-9086-48e5-85AC-E012C5F9AF6E}.exe
          C:\Windows\{D5717373-9086-48e5-85AC-E012C5F9AF6E}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1524
          • C:\Windows\{623CA876-13BC-43aa-9469-FA1902EFE066}.exe
            C:\Windows\{623CA876-13BC-43aa-9469-FA1902EFE066}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2908
            • C:\Windows\{0B1FEB70-567D-4b98-A069-59DF32303158}.exe
              C:\Windows\{0B1FEB70-567D-4b98-A069-59DF32303158}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1600
              • C:\Windows\{6EFFE931-EE0E-4871-AF06-6B6A6D58557E}.exe
                C:\Windows\{6EFFE931-EE0E-4871-AF06-6B6A6D58557E}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1324
                • C:\Windows\{06C1262E-AE62-4f50-BBBA-BC6C781A0EFA}.exe
                  C:\Windows\{06C1262E-AE62-4f50-BBBA-BC6C781A0EFA}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2656
                  • C:\Windows\{D7D38B3D-39FE-494e-A77D-D9A7AB176CC8}.exe
                    C:\Windows\{D7D38B3D-39FE-494e-A77D-D9A7AB176CC8}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:884
                    • C:\Windows\{4CDE47E5-11DA-4d29-A865-37FA2AA27A76}.exe
                      C:\Windows\{4CDE47E5-11DA-4d29-A865-37FA2AA27A76}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2352
                      • C:\Windows\{F4ED2CE0-D1DD-4291-B011-A64348D255D2}.exe
                        C:\Windows\{F4ED2CE0-D1DD-4291-B011-A64348D255D2}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1696
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F4ED2~1.EXE > nul
                          12⤵
                            PID:1640
                          • C:\Windows\{79A52536-E0AE-4a37-AEBC-B14D1E48A0C6}.exe
                            C:\Windows\{79A52536-E0AE-4a37-AEBC-B14D1E48A0C6}.exe
                            12⤵
                            • Executes dropped EXE
                            PID:1376
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4CDE4~1.EXE > nul
                          11⤵
                            PID:2200
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D7D38~1.EXE > nul
                          10⤵
                            PID:1220
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{06C12~1.EXE > nul
                          9⤵
                            PID:2404
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6EFFE~1.EXE > nul
                          8⤵
                            PID:1348
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0B1FE~1.EXE > nul
                          7⤵
                            PID:1108
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{623CA~1.EXE > nul
                          6⤵
                            PID:2540
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D5717~1.EXE > nul
                          5⤵
                            PID:2848
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{25D82~1.EXE > nul
                          4⤵
                            PID:2644
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A9FCF~1.EXE > nul
                          3⤵
                            PID:2608
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2152

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{06C1262E-AE62-4f50-BBBA-BC6C781A0EFA}.exe
                        Filesize

                        180KB

                        MD5

                        f66fda2bf8d41e179a07e3edc74a0f34

                        SHA1

                        6df53cd8f70d2a7d327f8a3915dfc624f73845a7

                        SHA256

                        1fb602a8b64bb160c7bcfb721f389efd0d04c7a6ad117e233155976ad633ccc5

                        SHA512

                        e789229de67d016f069f46cb1646f1f03a6e10cc7eef11353e1d2702d2fd8c17ffb8493d6c1e9e333bfbdf65ced9ba1f88ecae9beb88f61ce8087b564e2a257a

                        Download Submit

                      • C:\Windows\{0B1FEB70-567D-4b98-A069-59DF32303158}.exe
                        Filesize

                        180KB

                        MD5

                        3c57fb9c53b47453eefc98228c1cab16

                        SHA1

                        ba6ce9bcd6e88c8ab84c5b543a09118573cd5622

                        SHA256

                        d38a6dac72c7b8d4e00533ca436b7deddf5ac0625708259942b1efb173cbe42a

                        SHA512

                        a46b60f4ddbc4e2c790f1f5a2555b4836ca925a62fc7fb5b42df7c84b49989f57af2bcf7d2de8fda4a4037d1dce4367c608edde30fdb94c287c591077f630fc6

                        Download Submit

                      • C:\Windows\{25D82104-7806-46c8-9ECB-C620D26E101F}.exe
                        Filesize

                        180KB

                        MD5

                        e5ef94ae487a6afee0b0e6f5f4f76bca

                        SHA1

                        b64f01be843588bcc712e7df46ebf727d66f4eed

                        SHA256

                        5ad294ca0481ec25829eb40dcf387fb3955dcb52e5466f48edda3349a6865bd3

                        SHA512

                        facf41bf05410081b1163e87afd2752abd9bfd951992d3021686904b31bf0079e36e7c8ec2260e116edced556546e61063c046d50467ec2281c7fc5aed40656a

                        Download Submit

                      • C:\Windows\{4CDE47E5-11DA-4d29-A865-37FA2AA27A76}.exe
                        Filesize

                        180KB

                        MD5

                        ec70ea47c351a5d06cee9093d98d2232

                        SHA1

                        c05651f1ca02c306337d03f6f7047b6269fe6855

                        SHA256

                        3932e75fc48db254edd5cc96b52c706a10608bf4112ada40ee435ffee4593ce7

                        SHA512

                        7679ba8050b43d332db3c6e324d09f7c97d774e422f207556318b4721dade4a884b82a382112e826bc9e59d4ed29ecaad352342f5297693a038dc0c14de396ea

                        Download Submit

                      • C:\Windows\{623CA876-13BC-43aa-9469-FA1902EFE066}.exe
                        Filesize

                        180KB

                        MD5

                        dde6d6bc915e4cdf1987cec2de9f63d3

                        SHA1

                        451b83b3b09d32337c37011aff086eb5a6be41f1

                        SHA256

                        638473e076b961b33d47750e8741e6c31cd431ea1175b6c8328a5d2b56f67f6f

                        SHA512

                        434bcc19264935c3a6723804ffc24bed75f1d19efb03d9fb2276558deff9482f0471ab0681b670d1c4b529c5785397efb0c46fe5d563933e8b673b7d798410d5

                        Download Submit

                      • C:\Windows\{6EFFE931-EE0E-4871-AF06-6B6A6D58557E}.exe
                        Filesize

                        180KB

                        MD5

                        5bd48cc7aeb7f9ecb1563e3a5bd2bb72

                        SHA1

                        07b17f95aa91e577275ac4391232e3e0029e6f9d

                        SHA256

                        1d0240eb68fbff1d83c4d40b4e05bfeb65fa95ff0df7c04f950338894b135fe1

                        SHA512

                        13b76a1e475bb1b8929cefdf883bce4fd2477e16b5ace8cd14312dec1bcaef8d660ff5d352833926158ea7a92bbebbf3de256db4fc8dc25f9b18987e79644bd3

                        Download Submit

                      • C:\Windows\{79A52536-E0AE-4a37-AEBC-B14D1E48A0C6}.exe
                        Filesize

                        180KB

                        MD5

                        c7bdcefacd3f6f7d6bdf4104d03d09a3

                        SHA1

                        c866d40e73d411c2949f6916b54e28e1ae157c49

                        SHA256

                        22b795f6e568544d759c6be563126b1c107c3b475f7b69b2843cf0d7cdba6c8e

                        SHA512

                        12c4dcaeac0b8d4114934f7b834894cf409fe43fd18e649e42f74fe0628f3a9620cf58979d90ba40ad127b4b5e5af9a17873c1d34ef0896f7286dcf0735603b9

                        Download Submit

                      • C:\Windows\{A9FCF504-C8B6-4861-9013-A0C3C76FE448}.exe
                        Filesize

                        180KB

                        MD5

                        477c16fb55b80869660007bb05ee5b00

                        SHA1

                        62ce1ef883e85e5fe0cdf760671f945520d661b2

                        SHA256

                        6000d780fdeb21d7538b5403b54a223913e163d9b503641458845da1fee0e616

                        SHA512

                        e7b4e921d0b4fcc55961c08e6565e3db4978526605d736d3370f4e255a0ace49a8eeca379c11b4ecf0927819288d6540d55f782532a5d6d32f7d245f4084cdf1

                        Download Submit

                      • C:\Windows\{D5717373-9086-48e5-85AC-E012C5F9AF6E}.exe
                        Filesize

                        180KB

                        MD5

                        94136f04bbcdeec2c8550b9d1733afc0

                        SHA1

                        f0e2602447172bbd8a54ffdf266287f16e98c2c8

                        SHA256

                        97bc2ce76f2e5a8814535e59d6118e9f500b011400719f5e0358211fb150bc68

                        SHA512

                        eaca4a645ada2b8a858edc2c1ff1343277417d86a3d23b7a19cd66477a904367ed3a3d6e4e727180a09ed2b8f5f8555a34aaa630208b391b9b53dc167da2477a

                        Download Submit

                      • C:\Windows\{D7D38B3D-39FE-494e-A77D-D9A7AB176CC8}.exe
                        Filesize

                        180KB

                        MD5

                        e4836fa8e63ea9d852c02f6436c227c1

                        SHA1

                        da5722724155d33a9540f130f7f25d44297dcde4

                        SHA256

                        3f59af8d968a5ba64c3281fe6f02750124b59c7f14156c79708214c8d1ab341c

                        SHA512

                        d6a123dca34d4ca293958a52d11d6dfca0bb62881f999c0e3c5c34f6ae93eb04baa5b24d25eef26034323cab3d90f257ce4ad37297c699587905b0ac9bd0f6da

                        Download Submit

                      • C:\Windows\{F4ED2CE0-D1DD-4291-B011-A64348D255D2}.exe
                        Filesize

                        180KB

                        MD5

                        4e964db2130b31e417b3090d96dc9b89

                        SHA1

                        c59168b27e27de8c0d3ae7de0895d7c2490e4709

                        SHA256

                        60aec8ba3b6004cfbd2f890546cf6d7f51540dd7f93bf5e74490edee77af6830

                        SHA512

                        4a6d0c338201df3045710a90b0e393961a474597c38c8675a8bd1c084dae5b87d0920b965e9b8e2e38dfa779e96662f444dcdedba84be0e838bb8f6a95ab659b

                        Download Submit

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.