Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-01...ye.exe

windows7-x64

9

2024-02-01...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-01_519a9ee44e1923b099f49d5da225601d_goldeneye.exe

  • Size

    180KB

  • MD5

    519a9ee44e1923b099f49d5da225601d

  • SHA1

    a16736e2704c5fcbae6df7ed58778d0794e597f6

  • SHA256

    f9341249d04a4d712c8a6d7c248ffc28e8f2f779c41f416e8a5c9876cb4aa46a

  • SHA512

    38342e8c2a166b541f23e3050412f88b4bc316c91fa98930fea02491981fa3280128425fd699244f0c558a2f196695da11ec6998da75de638358e189490d52bd

  • SSDEEP

    3072:jEGh0oblfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGNl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-01_519a9ee44e1923b099f49d5da225601d_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-01_519a9ee44e1923b099f49d5da225601d_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\{8DD5DDE6-56E9-4a5c-B352-EF4832867499}.exe
      C:\Windows\{8DD5DDE6-56E9-4a5c-B352-EF4832867499}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Windows\{AF5F0101-73EB-4125-983E-CC749989DAF8}.exe
        C:\Windows\{AF5F0101-73EB-4125-983E-CC749989DAF8}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2972
        • C:\Windows\{492F62AD-21BB-48a9-B12E-9537B8123ABE}.exe
          C:\Windows\{492F62AD-21BB-48a9-B12E-9537B8123ABE}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2572
          • C:\Windows\{0562EB9C-9337-4403-9D5F-9390AC0F78E7}.exe
            C:\Windows\{0562EB9C-9337-4403-9D5F-9390AC0F78E7}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1956
            • C:\Windows\{5D5C6CD6-E8DA-40b0-8DFA-0DB651BFE3EB}.exe
              C:\Windows\{5D5C6CD6-E8DA-40b0-8DFA-0DB651BFE3EB}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1520
              • C:\Windows\{8F99BF73-1807-462d-AA92-0F01EBA0FAA5}.exe
                C:\Windows\{8F99BF73-1807-462d-AA92-0F01EBA0FAA5}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2896
                • C:\Windows\{8B2F513C-51E0-4f6f-8404-BA5366AE8EE8}.exe
                  C:\Windows\{8B2F513C-51E0-4f6f-8404-BA5366AE8EE8}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1936
                  • C:\Windows\{07CB0C66-9D7A-437e-AC10-BF72E354787B}.exe
                    C:\Windows\{07CB0C66-9D7A-437e-AC10-BF72E354787B}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1216
                    • C:\Windows\{FBAC4E96-A986-4809-A621-57B6D60065B2}.exe
                      C:\Windows\{FBAC4E96-A986-4809-A621-57B6D60065B2}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2356
                      • C:\Windows\{512C1CC0-DAD2-40cb-8497-3788903F5631}.exe
                        C:\Windows\{512C1CC0-DAD2-40cb-8497-3788903F5631}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2312
                        • C:\Windows\{AF5FAD61-E36A-40f7-B0F2-363DE4EA1243}.exe
                          C:\Windows\{AF5FAD61-E36A-40f7-B0F2-363DE4EA1243}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2340
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{512C1~1.EXE > nul
                          12⤵
                            PID:2152
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FBAC4~1.EXE > nul
                          11⤵
                            PID:2396
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{07CB0~1.EXE > nul
                          10⤵
                            PID:2564
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8B2F5~1.EXE > nul
                          9⤵
                            PID:1800
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8F99B~1.EXE > nul
                          8⤵
                            PID:1192
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5D5C6~1.EXE > nul
                          7⤵
                            PID:2932
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0562E~1.EXE > nul
                          6⤵
                            PID:1652
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{492F6~1.EXE > nul
                          5⤵
                            PID:672
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{AF5F0~1.EXE > nul
                          4⤵
                            PID:3044
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8DD5D~1.EXE > nul
                          3⤵
                            PID:2808
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:1820

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0562EB9C-9337-4403-9D5F-9390AC0F78E7}.exe
                        Filesize

                        180KB

                        MD5

                        0750270020822847caa7c26a9fb05391

                        SHA1

                        b972e1d0729c72d731eb4b48e4f3e196633b97b6

                        SHA256

                        0cf1c2d96d56b9c258b7d25b0eadb033f5c115cc9777db1b127f5fe7a7a3b7bc

                        SHA512

                        8602c34a77ff4f4d6dbd805cf00522882fe49a8f2e3a8ba8fe7d741ba8d04f197e712c305f3658dfa372b851889c40aa72293189252e4986d45d32fc60c4a895

                        Download Submit

                      • C:\Windows\{07CB0C66-9D7A-437e-AC10-BF72E354787B}.exe
                        Filesize

                        180KB

                        MD5

                        f8b82d86f4f4861f2c807f4a8d057c6e

                        SHA1

                        e99a8f127921453224ef23370721a1e272150c7a

                        SHA256

                        e0c2732f885dc9127b772c72b1b4b36253d5580942d6d044644bf49a5585b933

                        SHA512

                        1628870a319fce461d6d780f9fbb71572711077222f07cf0bf0d8dd58613da771d1007dd37a028ea8aedd123daa82742a98c3aed2769c27df0a1bdcc935543a3

                        Download Submit

                      • C:\Windows\{492F62AD-21BB-48a9-B12E-9537B8123ABE}.exe
                        Filesize

                        180KB

                        MD5

                        e7bc3f0d1e73a8246887151aaa02f890

                        SHA1

                        555db1dd0da7844401e47c77c558c6f847dd1fe6

                        SHA256

                        9da6aae500aa1707a72a7701e676b712000c4985b3e9ccf99d967416498da525

                        SHA512

                        276a66912a8a3c9eb62257b61af0041fd5a91f159ae14a4cc19576fb4a0712280a6fe1dc22388b1314ae0aba80716745b8a51a12667b2685088d6a5a1f0e33ae

                        Download Submit

                      • C:\Windows\{512C1CC0-DAD2-40cb-8497-3788903F5631}.exe
                        Filesize

                        180KB

                        MD5

                        5c8268cf340d1d8f0215a2e689c67326

                        SHA1

                        bf90a3a8e61354ebaf0a0684e19c34b46ddae2f9

                        SHA256

                        bc12c1b9ea6b61e5fff2559da444a482cc4bf362871bb404abecebddd6a14714

                        SHA512

                        970bb06df8bc7fa3c9983c4d4d615643508fcf54c1f71576c6aef1617079ef0789f0b7356a4418e8392b33f03bba0d03a53b6e047c8a063c138e80f2836ca1cb

                        Download Submit

                      • C:\Windows\{5D5C6CD6-E8DA-40b0-8DFA-0DB651BFE3EB}.exe
                        Filesize

                        180KB

                        MD5

                        0be126ca322fbf9046ba1b65562f2313

                        SHA1

                        9a7b46674a54723bfc1fc7a7f8ed18a8c04a8097

                        SHA256

                        3e218bc5b48e91e3853f112ec35ac8500e0850f97b2aa07753efdd970babfeb2

                        SHA512

                        8ec3efa4732cedc115ae8578305ed8b4b08562d8e562ab623b28c5ec225e6a9ad25da4c53f924fdd10da19247a0e11d0298e89a561b9c28dd60c8d82548b6673

                        Download Submit

                      • C:\Windows\{8B2F513C-51E0-4f6f-8404-BA5366AE8EE8}.exe
                        Filesize

                        180KB

                        MD5

                        1384772100e4a8547c436fa3af83bf61

                        SHA1

                        2f9966b0db0c36f38040260078f7823a0896c64a

                        SHA256

                        49ccfed31ab5bee91b8cb2ce3b54d85d075b6f8f4d54c7122a68e54beaf35706

                        SHA512

                        cc27c99b85148614cb35cc59113e07629272b1bff525eeed5afb75d5eac3e0b97a1bdee740549bbfdd19d66562f1718188bcdcb55bb0f9b8ac9cb63316bfb10d

                        Download Submit

                      • C:\Windows\{8DD5DDE6-56E9-4a5c-B352-EF4832867499}.exe
                        Filesize

                        180KB

                        MD5

                        280c9a3292f87aeb82922428a7a4f9e3

                        SHA1

                        e5dd49e6feb161adac045795815b64005a8d2243

                        SHA256

                        5673f3b7f1e192a16f3198977bde3b80122ae6ef2d43082f7dd482bd099faa65

                        SHA512

                        15dcfb7d2594d394d035d7e25b62e6f8abe82a1d2989cb031024954919a582c1f7fecbac844ecfe623b3257b4f67fe896aa5e55f7478ddb9e02213497a57c089

                        Download Submit

                      • C:\Windows\{8F99BF73-1807-462d-AA92-0F01EBA0FAA5}.exe
                        Filesize

                        180KB

                        MD5

                        a237f1137f558340095b475e611f71d8

                        SHA1

                        e3a2e1370811c1197cd019675707e3579280f070

                        SHA256

                        fc275366264326367abdcca12351fae5ddb86bc2da4a944507ab15e86481be78

                        SHA512

                        95bfbd78c9c58817b973f0f8e78d7ed7127a0f2b01a44f4e35e54923693c61df59a48f1d2b3ba1a67f279030c498503fe30085e31c1ed531d371736d04ed9947

                        Download Submit

                      • C:\Windows\{AF5F0101-73EB-4125-983E-CC749989DAF8}.exe
                        Filesize

                        180KB

                        MD5

                        099293bbff9f8931b6a2193cba74dec2

                        SHA1

                        5c4a94f6ad6220ab43711b810cd06b9e560ffcb0

                        SHA256

                        7e64b6e2172f575683b7f7d7df71dd2ed8583a3e1ce891c90a42e9d60787c98c

                        SHA512

                        ee0cd78cba589f228f3d5ca082f78aaa1b2275f22d027892e97460b1bd779ff399d7a2c699190b22a48af0bacf2f78a9edc5e266a394d6152b521c2a412b59ae

                        Download Submit

                      • C:\Windows\{AF5FAD61-E36A-40f7-B0F2-363DE4EA1243}.exe
                        Filesize

                        180KB

                        MD5

                        d6a336e3134c17074e661ce52573112f

                        SHA1

                        d51da3d890e5edd141eebfe697bfc892d03b4fc6

                        SHA256

                        6f43dd60e0c136f3e5f0ede5ed4b889dc189bfdf09338b63d0ec7bc129b28bb4

                        SHA512

                        cb6778e94851578e7084958374bad7db56a2521d7196eccf4394b0a925ac11ca6345d1bc388b00b54fd5cfae391cdfaf6abf5703c301515561f44e63ea6044d5

                        Download Submit

                      • C:\Windows\{FBAC4E96-A986-4809-A621-57B6D60065B2}.exe
                        Filesize

                        180KB

                        MD5

                        85896ee7a2589a0eed1c8040557c9839

                        SHA1

                        1ea824d8556714e759de023045fdf9131a4277f7

                        SHA256

                        306a2553a07e86f9e6602b15a4ce55b067f6d3887aa4840e407d36e1a46cb44f

                        SHA512

                        cc05059df68525dd7ba9bd2511d68ce4abc4d184dc844ccc6249fedc7225504b51f07499f782a2869d4960085a224e7f5fba1d9d58a68520ca7131d51fb9c76a

                        Download Submit