Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-01-29...ye.exe

windows7-x64

9

2024-01-29...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-29_e8a81dbe4934882bfcd2ec8cbfb7686f_goldeneye.exe

  • Size

    192KB

  • MD5

    e8a81dbe4934882bfcd2ec8cbfb7686f

  • SHA1

    3e6a4c31e1bd1e4462a6561d6c66f853d58b0ae6

  • SHA256

    887d454bcfb9f213418ce044f2aad69d6201d2cb3d65ba50f7b8ec9703e47f8b

  • SHA512

    cb7400e5ac49f987268d840666b014bd6f0f109cfda555c71bde5b8bc7bf50c917df60544a321114fdba21a3373ff7b672c330f39427a3ce4fe9e4a04bb3c930

  • SSDEEP

    1536:1EGh0oNl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0oNl1OPOe2MUVg3Ve+rXfMUa

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-29_e8a81dbe4934882bfcd2ec8cbfb7686f_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-29_e8a81dbe4934882bfcd2ec8cbfb7686f_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Windows\{E2FBA96B-4565-4058-84F5-44A0979404D3}.exe
      C:\Windows\{E2FBA96B-4565-4058-84F5-44A0979404D3}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Windows\{5231AE8C-12C3-4aa3-87E4-A6B1E14A67D5}.exe
        C:\Windows\{5231AE8C-12C3-4aa3-87E4-A6B1E14A67D5}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2708
        • C:\Windows\{6E512EFC-326E-4124-88F5-F5DDCE71240B}.exe
          C:\Windows\{6E512EFC-326E-4124-88F5-F5DDCE71240B}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2288
          • C:\Windows\{56598158-CE65-47a3-B6F4-8B78A53708BC}.exe
            C:\Windows\{56598158-CE65-47a3-B6F4-8B78A53708BC}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1676
            • C:\Windows\{2B0D8D26-396B-4d60-A78E-CEB8EB292C47}.exe
              C:\Windows\{2B0D8D26-396B-4d60-A78E-CEB8EB292C47}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3020
              • C:\Windows\{27C02EFC-D2C2-49c2-888F-A9BD2434C66B}.exe
                C:\Windows\{27C02EFC-D2C2-49c2-888F-A9BD2434C66B}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2236
                • C:\Windows\{FD0164A5-9E45-40de-8EB0-45DFEAFF1F85}.exe
                  C:\Windows\{FD0164A5-9E45-40de-8EB0-45DFEAFF1F85}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2808
                  • C:\Windows\{FFEBC816-4EEB-4e05-A2DD-9A6C056E614D}.exe
                    C:\Windows\{FFEBC816-4EEB-4e05-A2DD-9A6C056E614D}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:772
                    • C:\Windows\{4400907F-C062-4aa6-AEE6-CB9DC1D3608E}.exe
                      C:\Windows\{4400907F-C062-4aa6-AEE6-CB9DC1D3608E}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1672
                      • C:\Windows\{87D97DCE-8DC4-465f-B12F-ABCD99CB33D6}.exe
                        C:\Windows\{87D97DCE-8DC4-465f-B12F-ABCD99CB33D6}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2056
                        • C:\Windows\{F4656B04-E09E-4d68-BBAC-F85D83BA6404}.exe
                          C:\Windows\{F4656B04-E09E-4d68-BBAC-F85D83BA6404}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2176
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{87D97~1.EXE > nul
                          12⤵
                            PID:1040
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{44009~1.EXE > nul
                          11⤵
                            PID:2444
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FFEBC~1.EXE > nul
                          10⤵
                            PID:2052
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FD016~1.EXE > nul
                          9⤵
                            PID:1092
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{27C02~1.EXE > nul
                          8⤵
                            PID:584
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2B0D8~1.EXE > nul
                          7⤵
                            PID:1908
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{56598~1.EXE > nul
                          6⤵
                            PID:368
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6E512~1.EXE > nul
                          5⤵
                            PID:2928
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5231A~1.EXE > nul
                          4⤵
                            PID:2756
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E2FBA~1.EXE > nul
                          3⤵
                            PID:2888
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2724

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{27C02EFC-D2C2-49c2-888F-A9BD2434C66B}.exe
                        Filesize

                        192KB

                        MD5

                        cae8e510ec708deec2cda5d8efecb7a3

                        SHA1

                        d986f145cce23349693f445fda97a01edba5504d

                        SHA256

                        305536299eb8fc5cb41b2607870d2d81194273880fb53770a639154dde3761de

                        SHA512

                        87b64e48054b11bdb388c378f01d54760c4bf4fded727332e5c02a059a9f8003d1237767ddf287f875da73b29ea14b22e32b2a8cd8c6068994fee62851c55ed6

                        Download Submit

                      • C:\Windows\{2B0D8D26-396B-4d60-A78E-CEB8EB292C47}.exe
                        Filesize

                        192KB

                        MD5

                        3e470341c1d8ca9f9172208409ba4be8

                        SHA1

                        55c8894e72050e8445374634978362ef24666d8a

                        SHA256

                        350795c64d9064c37778d3ef81ff72edf09939eecaaab9bd14709482c9ef4424

                        SHA512

                        888e5db13111e66fe88244644a7428a70c8e935246aaefae88eeff86f56303da02680e6c791847f0a14c158d43c0b465a6bf259b65d1da04b5814a5bf87f717e

                        Download Submit

                      • C:\Windows\{4400907F-C062-4aa6-AEE6-CB9DC1D3608E}.exe
                        Filesize

                        192KB

                        MD5

                        e244e1ad5889f9d589a9890fe3a80b86

                        SHA1

                        c9ec92f567458591681f930044a63238293040d4

                        SHA256

                        fc56f80bafe0c474b892b7873098dce55775da06dfd1d0aeeab7787e9ab99890

                        SHA512

                        65d2c994f20d2c48315a02918df4143e527a1e5cbf313e301533f4a6d475ada9c7b96bed2961b229a0879aedd80f8ca22b6c8a4f65bc3f4d1d2ccfc78193e4c0

                        Download Submit

                      • C:\Windows\{5231AE8C-12C3-4aa3-87E4-A6B1E14A67D5}.exe
                        Filesize

                        192KB

                        MD5

                        33aeabffe42c2441f5590ad13b52c9ee

                        SHA1

                        a8ec9ac3deccd2ee0124699aa809602b00213e3d

                        SHA256

                        81363c7fe13ba2f43e8590ee790e627c11655464f473c9292afcaabeff6042c1

                        SHA512

                        5f944bc6b6d1b659ca28df8eb50d6aed1c88cb7cf99b6e7b69dc70978ea96d0dbb36c9763397fcd50fc1ce87e673c6191b0e611870f210e576ec6723f54a193f

                        Download Submit

                      • C:\Windows\{56598158-CE65-47a3-B6F4-8B78A53708BC}.exe
                        Filesize

                        192KB

                        MD5

                        3b1546d61c2906b0cf7a43e3e4149d41

                        SHA1

                        a8876433d03362203505432eb6109828afe59480

                        SHA256

                        372588780acfba0e92a7382002e80180c172e770be880b790e3a5746e4b515d5

                        SHA512

                        22a4b40b6c3c52db06e189cee146eb86f09a0b121f57fd46f5457bc35fae651d9b06f1cd91a8997cf95b7f523831eb17e2c8a6a320ae3ac65e05f4698840e7aa

                        Download Submit

                      • C:\Windows\{56598158-CE65-47a3-B6F4-8B78A53708BC}.exe
                        Filesize

                        108KB

                        MD5

                        77ee69396c933d5e1bda5734d7dfe4a2

                        SHA1

                        86cb31a6eb70b74b6a3d4b381344a17f3b8f2a4e

                        SHA256

                        6155e96134ef2556961b9d936c6b09517a128090776ec24ea4eab0edd186f90c

                        SHA512

                        d8803b3a54114d1fdd59eb7e017b91b20cede2483cea5ea410d74073fec8bcdffd45dbd7f7e90ff5b4aa06be26b2fb5c712f24c1fd6e9bd2fc6353ba2e84f4ea

                        Download Submit

                      • C:\Windows\{6E512EFC-326E-4124-88F5-F5DDCE71240B}.exe
                        Filesize

                        192KB

                        MD5

                        c96a5c7c7f47b8cdf82faadf2a04d1b8

                        SHA1

                        b62eb2378f4e8051e26bd1d727f3caca041991dc

                        SHA256

                        0ee90d989d1fbf15ae388ab4cc8edbaa9419339c8f7920a594d6be42fecedfe6

                        SHA512

                        724ddc1e5d4c3ca256a5bfe5aaad3726142826357c7084008bc5ccb8f813eef0493fa94dd3b2427726b7b5a5cef4d8c595308b679a5d7082dea70af4c332c087

                        Download Submit

                      • C:\Windows\{87D97DCE-8DC4-465f-B12F-ABCD99CB33D6}.exe
                        Filesize

                        192KB

                        MD5

                        ecee0a86dfcadeccbbe0ac4221dbfefa

                        SHA1

                        429017f7a5a84bac3c923ba327b9e1ad6d0bc93b

                        SHA256

                        f09c7008e8972a3aaed6719b2092b616847cd3d0093fe6faf1e98d9d327ad307

                        SHA512

                        86cd432a493e38ee35d3e644651b255b1218bc38daa1f1090c1646a3b2de4efed3af40aa4cbada7ea339e8215164c713f2f0ab382b979ac7568d1bf39ef23334

                        Download Submit

                      • C:\Windows\{E2FBA96B-4565-4058-84F5-44A0979404D3}.exe
                        Filesize

                        192KB

                        MD5

                        2b98c57e8c8ddd4e01c2637279485774

                        SHA1

                        7c3ddb4e2c0f30e62471c6ff0d056e759d941372

                        SHA256

                        759dab059d3db16f88ed96b3bef2f9386955c0fcf3fd2e17f61e2daca8879f2f

                        SHA512

                        3fae3e277da6358109a5accc83bc7841ecbe55ce19bba7d1218db779b7bb640e287f2633240ea55e85b1896c0ca3c401a237a582e27074ee59842b772aca6c94

                        Download Submit

                      • C:\Windows\{F4656B04-E09E-4d68-BBAC-F85D83BA6404}.exe
                        Filesize

                        192KB

                        MD5

                        130c6a71420acc91bd4c7363eafe4cde

                        SHA1

                        1411b24e93292e6cfb6cb93a96cee213adf5c48c

                        SHA256

                        c08bcc4b8405e0f9c75675776445a0e6adc04f9cbddf8eaf627ab29a2a508ad8

                        SHA512

                        af52139f27fedbacdd9fe92ee88bebfee95bacb5f1f421e32ef018b062a3509d29b0705ea80084fa9c7f593bfc6aadda632ee3c45affcdf655e63129f4b8b4f8

                        Download Submit

                      • C:\Windows\{FD0164A5-9E45-40de-8EB0-45DFEAFF1F85}.exe
                        Filesize

                        192KB

                        MD5

                        530eaa2dafaa7e9fe9ca78fbe13f414b

                        SHA1

                        b9099381ddc272cd795b11888d825ade693af756

                        SHA256

                        8a1b341a1e148b2001195816349364e1457f00a0e27f8e24092d750e34a3599f

                        SHA512

                        5b4bea2b222fbcffb58084bf1bbb4d3f4180d47f1c48ae61d9fbbac031f4173aa4f3e618009d9826c5beac6e075797d478125f7ef5568a5e431ab3883d245e5b

                        Download Submit

                      • C:\Windows\{FFEBC816-4EEB-4e05-A2DD-9A6C056E614D}.exe
                        Filesize

                        192KB

                        MD5

                        6d5bac35cdbb60269eec7fed0db6a516

                        SHA1

                        18ee36f7849a9cbff70c9e5f3b4e861947650f42

                        SHA256

                        3c113ba7375e1edff2defd13b368c3c02db98a3137bacd24672c871f151b1bb1

                        SHA512

                        e6fa37f4259cf2fed041c627964b9789a6c340985f7481d33535a5c2734e2f8cf7ecbda8520ef5f74775f594c4a5cf18fe6c95b2d2d018bf4e0d13b3b2a31bd3

                        Download Submit