Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-01-19...ye.exe

windows7-x64

9

2024-01-19...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-19_be6a88c723dd114772f8b51a5bb8087f_goldeneye.exe

  • Size

    408KB

  • MD5

    be6a88c723dd114772f8b51a5bb8087f

  • SHA1

    0ff979602fc0fb522ae51fb481087164397ac6ef

  • SHA256

    eef59936c57c004f2d70b7b5f5d3efde38efe8badd119b0ee22073bea4fbe61a

  • SHA512

    0d795f135d8770b9df66a6acc3b16994fa531e645f0d1795fadf1af1fcdf0410f59d03822c8e6b35ccfb500732d1801462334688a88f6b58444bc7d8325e96b1

  • SSDEEP

    3072:CEGh0oZl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGrldOe2MUVg3vTeKcAEciTBqr3jy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-19_be6a88c723dd114772f8b51a5bb8087f_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-19_be6a88c723dd114772f8b51a5bb8087f_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4200
    • C:\Windows\{9605A85F-998F-4edc-A7FB-CF2BA5C0E493}.exe
      C:\Windows\{9605A85F-998F-4edc-A7FB-CF2BA5C0E493}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:404
      • C:\Windows\{DE6E1856-4E58-44b2-9648-99FA6D6015A0}.exe
        C:\Windows\{DE6E1856-4E58-44b2-9648-99FA6D6015A0}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4052
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{DE6E1~1.EXE > nul
          4⤵
            PID:4876
          • C:\Windows\{FD76470B-61D4-4c82-B38A-271A3AF1B7D6}.exe
            C:\Windows\{FD76470B-61D4-4c82-B38A-271A3AF1B7D6}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:464
            • C:\Windows\{0CA7B81B-1217-4dd2-8B35-D2DF22201019}.exe
              C:\Windows\{0CA7B81B-1217-4dd2-8B35-D2DF22201019}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2700
              • C:\Windows\{E90814CC-4A3C-4c93-93FC-EBB71B110615}.exe
                C:\Windows\{E90814CC-4A3C-4c93-93FC-EBB71B110615}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2876
                • C:\Windows\{9AE29F2C-CF58-429b-9937-18FED0D22782}.exe
                  C:\Windows\{9AE29F2C-CF58-429b-9937-18FED0D22782}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4444
                  • C:\Windows\{A8C94A45-19AD-4f69-89EE-BD3E693755AC}.exe
                    C:\Windows\{A8C94A45-19AD-4f69-89EE-BD3E693755AC}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4408
                    • C:\Windows\{E1937F83-258E-40ba-87EA-3E2069BCCE4E}.exe
                      C:\Windows\{E1937F83-258E-40ba-87EA-3E2069BCCE4E}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3888
                      • C:\Windows\{F4162DA0-A77E-499b-A2C8-7EA2A8DC3C2B}.exe
                        C:\Windows\{F4162DA0-A77E-499b-A2C8-7EA2A8DC3C2B}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:1288
                        • C:\Windows\{19DC1BD8-65FA-4bb5-9DCA-A9EC8E12F269}.exe
                          C:\Windows\{19DC1BD8-65FA-4bb5-9DCA-A9EC8E12F269}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:928
                          • C:\Windows\{6C2CBCFC-016B-4711-A7CE-308B98D704ED}.exe
                            C:\Windows\{6C2CBCFC-016B-4711-A7CE-308B98D704ED}.exe
                            12⤵
                            • Executes dropped EXE
                            PID:2528
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{19DC1~1.EXE > nul
                            12⤵
                              PID:2880
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F4162~1.EXE > nul
                            11⤵
                              PID:2608
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E1937~1.EXE > nul
                            10⤵
                              PID:228
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A8C94~1.EXE > nul
                            9⤵
                              PID:3820
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{9AE29~1.EXE > nul
                            8⤵
                              PID:2624
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E9081~1.EXE > nul
                            7⤵
                              PID:4160
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0CA7B~1.EXE > nul
                            6⤵
                              PID:4112
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FD764~1.EXE > nul
                            5⤵
                              PID:5112
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9605A~1.EXE > nul
                          3⤵
                            PID:2556
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:2800

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{0CA7B81B-1217-4dd2-8B35-D2DF22201019}.exe
                          Filesize

                          408KB

                          MD5

                          cce585b8098806c6bb9aec2875dacb2b

                          SHA1

                          c6d1eb6a476a66e2a3c97dd5b18bcff6fc67aec4

                          SHA256

                          65508dd6e408ae748d4f1f27b8d53c3b31de117e30250c63649d833ef62f43e4

                          SHA512

                          757efcb477c975cf14d1959b22b0e8aa039e89a2d7231c6f9032cee992aa781c832f0f827a5e7a1b5d5615335b96fab94ea5007a345c5d3c01e247712ced11a1

                          Download Submit

                        • C:\Windows\{19DC1BD8-65FA-4bb5-9DCA-A9EC8E12F269}.exe
                          Filesize

                          408KB

                          MD5

                          4cd721f9d4cd5fd8f252c74d25055290

                          SHA1

                          012dfff8b0ad8e8c1fd12c71be36b6bfc0b7cfc5

                          SHA256

                          e6b891242312c53dbcb9ebdfb4e32d47562b19b4504d34e1e260d9d928eecea6

                          SHA512

                          bf88386b8f2d7bec3623f1d4ee5d0e95362992fa37f0df459a4a959c591a7133bc3c0b959cf42f2a4e3f66ffa6bfa03f7c3263c19589c60c9f5cad84514353ae

                          Download Submit

                        • C:\Windows\{6C2CBCFC-016B-4711-A7CE-308B98D704ED}.exe
                          Filesize

                          408KB

                          MD5

                          f90e77d004769baa20fb72ef13d5e9dc

                          SHA1

                          eeb43c2fa0708b03042842c41d13c0b20a5f7902

                          SHA256

                          aef248beccbfa42a7e6f52e9ea0c97ba1f7cb16457932c88f65b57a5852ad8c9

                          SHA512

                          d91727e4a253c8a56e48b7956f0f50449c34a6d6d1f44dd8b7249c982165012374baa072265ccd3e25c5ffbd4f20cd3a8dad3bf48482bb4de8ee7d0f8aa41e11

                          Download Submit

                        • C:\Windows\{9605A85F-998F-4edc-A7FB-CF2BA5C0E493}.exe
                          Filesize

                          408KB

                          MD5

                          d5ec2d5b3b853fc4a05236eeda94f06b

                          SHA1

                          38e9ee717ec1cafe8c6a979a72f78d676bf6573c

                          SHA256

                          6aa98e9e6647d66f1f41059cf97bded25574059fe847ed54cd6240f6ea713551

                          SHA512

                          8b5983efef548e97952a10d34402fc79becf468db098f1f7d224ec429f1dd365e1063a8af3d9d7ade8f21282993a40b1ba7f28df66ae0681f7541ba1975d7035

                          Download Submit

                        • C:\Windows\{9AE29F2C-CF58-429b-9937-18FED0D22782}.exe
                          Filesize

                          408KB

                          MD5

                          7cea65ead37d80f9060aaa91279d16fb

                          SHA1

                          9b8b07569f6be808105c71f8abbdf37ce0712739

                          SHA256

                          4b2439f72220e4758512f800bc24bded8d40ccc0fa97cb0e3c15feddba68ec4f

                          SHA512

                          756bc39fc186a679e45bcc2159431e46d810c5a4523a9be3680b204da6afb79a710067bf0607c659b5f5d5938b857201e5691471d5d1d16224e01b3115ec6253

                          Download Submit

                        • C:\Windows\{A8C94A45-19AD-4f69-89EE-BD3E693755AC}.exe
                          Filesize

                          408KB

                          MD5

                          cbcbb7526b3438db3c0c33ae1e4d5d86

                          SHA1

                          71a0833b867284c103bd6c55f1bcd8bab36d826d

                          SHA256

                          3dc07d312a31e1f9d46f0ea0a82a79d0618e0c595b22ae28544e628f4455061e

                          SHA512

                          c5ee2f4f8c077d42c6c133a160b27cdddc599f990994c00138d06d61ad32356cb748ddf33dd397ec3e9525f966148649975e85826b014851d5784c2c3116a431

                          Download Submit

                        • C:\Windows\{DE6E1856-4E58-44b2-9648-99FA6D6015A0}.exe
                          Filesize

                          408KB

                          MD5

                          8e8277642d83595b20039ca865901257

                          SHA1

                          054d3b58590e33ed0cd653f69936e25b4a78efdc

                          SHA256

                          2ba6499269fe3e3f26a34d97b690f93ef17e6390faa97f7fe0d3e077748390fb

                          SHA512

                          b5c2448c781c5b0293dc25197923a223dd8d2a16e73c6b97b59162723ab2c420505a8e70fb125026a1b2ed74d64f1a17bae50c9d3f55ce028237f2b4f101e189

                          Download Submit

                        • C:\Windows\{E1937F83-258E-40ba-87EA-3E2069BCCE4E}.exe
                          Filesize

                          408KB

                          MD5

                          6704880a2eb18de6457b93edd299e210

                          SHA1

                          98729c9854560f8d985a4606aa20e28a36e1bb31

                          SHA256

                          b4ba50bed35d93ab31b0d5aae27d0c13079b6f12cca0d805d631658ace610064

                          SHA512

                          d0777b4f0a15dcaac689aec953b86d977063ea15567dd32a39512680b264b1dd76a5cfd04e64eaff78cbfc98d1004d442852b763cd4c60be5615d7ec04b31631

                          Download Submit

                        • C:\Windows\{E90814CC-4A3C-4c93-93FC-EBB71B110615}.exe
                          Filesize

                          408KB

                          MD5

                          f4f89fcf864fc5a2d11abc36072fa83a

                          SHA1

                          252e3eb1799d6463fefeb6dc5b10ab4e74d9ea72

                          SHA256

                          fac04df983019cd8873699c3aef574f0d1ba242afd58597a38541628deee1eca

                          SHA512

                          a8a8251a2d6f61f1357741aee2f90f21ccb38cb122dd9659c49c787eb9f1c0cbb78e212292708b2c88de796830d04e78d95f017848406f85a37ef1958bef5f16

                          Download Submit

                        • C:\Windows\{F4162DA0-A77E-499b-A2C8-7EA2A8DC3C2B}.exe
                          Filesize

                          408KB

                          MD5

                          9d933beb7829dac64277f23a1adaaf44

                          SHA1

                          334fabce792235e25019f975a7222a896fde4c2c

                          SHA256

                          6aee825e1c4c1803364f967c758de312175fdfa20941484af67a3e980ac607b6

                          SHA512

                          d46cecc1c84189290d3ff7165e085c3170ee5586c9617313076cf4096fdebed40ee787753994bbd880144bb392b15a2ef0b4acfd4535b13f1b57980bcc475247

                          Download Submit

                        • C:\Windows\{FD76470B-61D4-4c82-B38A-271A3AF1B7D6}.exe
                          Filesize

                          408KB

                          MD5

                          2752458dbb496aedc3ddca71cee6cf34

                          SHA1

                          21c263f69adff24167f21c534ef2b5a128db5276

                          SHA256

                          d1537e49c85b6bdf5eb90591d117964018f41a27b77d26646c56d3404193a7a1

                          SHA512

                          6c265058b310193673152dc22b664fe6b9e735310667b4d915cd44349a72084a7a8cae48f9a7468f07236c7822bdd6bf9f5e467e204763d1a3eac8608326cedb

                          Download Submit