Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-14...ye.exe

windows7-x64

9

2024-02-14...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2024, 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-14_5b565c5ea920a1012aff194d0970473a_goldeneye.exe

  • Size

    168KB

  • MD5

    5b565c5ea920a1012aff194d0970473a

  • SHA1

    bec133f194b20f3129a7c2dfbe0f770d1da74433

  • SHA256

    35b55f6af4ff536fbf252954356cb8a78dc07aa681ddae455095969dcf7830d3

  • SHA512

    6fc4738d695cbed95aa136bf8452cf633e663d9f508819dedb3f99e4cdd3b87689b65ffc5a016bc1f96871b2c87ce3253bdbb1da1be7fb8c5359a333bf1e4ed3

  • SSDEEP

    1536:1EGh0oglq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oglqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-14_5b565c5ea920a1012aff194d0970473a_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-14_5b565c5ea920a1012aff194d0970473a_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Windows\{CA7BA42F-8294-4f0d-86B1-5D183DD662FC}.exe
      C:\Windows\{CA7BA42F-8294-4f0d-86B1-5D183DD662FC}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Windows\{BF1183EE-89DA-41a6-90E9-CA5737AC8EF7}.exe
        C:\Windows\{BF1183EE-89DA-41a6-90E9-CA5737AC8EF7}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{BF118~1.EXE > nul
          4⤵
            PID:1628
          • C:\Windows\{7EA70D90-E0B6-4387-BE11-D210DA816A3F}.exe
            C:\Windows\{7EA70D90-E0B6-4387-BE11-D210DA816A3F}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2760
            • C:\Windows\{C4A093FF-FE48-4936-A2BD-FC2545C9E1E9}.exe
              C:\Windows\{C4A093FF-FE48-4936-A2BD-FC2545C9E1E9}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2988
              • C:\Windows\{A32099B6-7D0E-4e66-BF02-C601F0098B72}.exe
                C:\Windows\{A32099B6-7D0E-4e66-BF02-C601F0098B72}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2032
                • C:\Windows\{3D545307-9F2C-47d7-9A77-80318025B68D}.exe
                  C:\Windows\{3D545307-9F2C-47d7-9A77-80318025B68D}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1528
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c del C:\Windows\{3D545~1.EXE > nul
                    8⤵
                      PID:2680
                    • C:\Windows\{AC9B01C7-34AF-4cae-B818-4C46ACEE9000}.exe
                      C:\Windows\{AC9B01C7-34AF-4cae-B818-4C46ACEE9000}.exe
                      8⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2952
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{AC9B0~1.EXE > nul
                        9⤵
                          PID:1368
                        • C:\Windows\{AF3D909D-6B6D-4df2-9A78-961E706BBFD6}.exe
                          C:\Windows\{AF3D909D-6B6D-4df2-9A78-961E706BBFD6}.exe
                          9⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1148
                          • C:\Windows\{CFAD5316-5495-452c-8134-15DC40D85B00}.exe
                            C:\Windows\{CFAD5316-5495-452c-8134-15DC40D85B00}.exe
                            10⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1764
                            • C:\Windows\{0648DA6A-523E-486a-A10B-A1E9366B9B70}.exe
                              C:\Windows\{0648DA6A-523E-486a-A10B-A1E9366B9B70}.exe
                              11⤵
                              • Modifies Installed Components in the registry
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2956
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{0648D~1.EXE > nul
                                12⤵
                                  PID:1812
                                • C:\Windows\{FC0FFECB-1E80-415b-A811-02800123707E}.exe
                                  C:\Windows\{FC0FFECB-1E80-415b-A811-02800123707E}.exe
                                  12⤵
                                  • Executes dropped EXE
                                  PID:1864
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{CFAD5~1.EXE > nul
                                11⤵
                                  PID:932
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{AF3D9~1.EXE > nul
                                10⤵
                                  PID:2084
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A3209~1.EXE > nul
                            7⤵
                              PID:2652
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C4A09~1.EXE > nul
                            6⤵
                              PID:2120
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7EA70~1.EXE > nul
                            5⤵
                              PID:2100
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{CA7BA~1.EXE > nul
                          3⤵
                            PID:2864
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2804

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0648DA6A-523E-486a-A10B-A1E9366B9B70}.exe
                        Filesize

                        168KB

                        MD5

                        9a6c021a9dd79146789d856f146432fb

                        SHA1

                        6c2abf2c19e0185e0f10dddbaa5ab688f084821f

                        SHA256

                        c87793aa70964b9003f3d1b2f742d245be42d0a0e4807b6d971f898ab6b6347c

                        SHA512

                        f4c7fb45112d9a1258ff261ff9ff1e80fbfd2bb4b9dc859f24d731151555a0f061eb61116f05965195e801e16e9c12c0e800bb35754eaf2bb557d6b34ec57602

                        Download Submit

                      • C:\Windows\{3D545307-9F2C-47d7-9A77-80318025B68D}.exe
                        Filesize

                        168KB

                        MD5

                        070f50c67d3c145b20997e01e23b4959

                        SHA1

                        fe5d09ebd12709f03440957668e00dddd50808e7

                        SHA256

                        b53b7a6cb1cd85562700946534ed74c6e60b60083c8b20df14182cd55727cd28

                        SHA512

                        57545ac9381bac612f016c94499b2240d75db5def912f1ec549288b08487004fc62948b94ffe33f68da5a85c42db623e28344522647baf64fea525b94e81ced1

                        Download Submit

                      • C:\Windows\{7EA70D90-E0B6-4387-BE11-D210DA816A3F}.exe
                        Filesize

                        168KB

                        MD5

                        317aa52328d71a85d3b2db4bd47c4f93

                        SHA1

                        9d89865a5a03cf86995d989a440b290f707e3743

                        SHA256

                        d16eeca89d4b3dc045d2dba657ecf9981fb77b9397fb6d58e2a190d2943692b6

                        SHA512

                        ff10a70d16f0f6eb16bb4b6e99f6aa331b321ccd97edf3308c558b3af50d8d8756dba6a7b2719451204408c80bf7fd4eb35865edae2bd4b731ac29488c208213

                        Download Submit

                      • C:\Windows\{A32099B6-7D0E-4e66-BF02-C601F0098B72}.exe
                        Filesize

                        168KB

                        MD5

                        df0ce93539e4046f5e6fa9ef485736f4

                        SHA1

                        9055df4b60799232d42551f7ccb818b91d2423aa

                        SHA256

                        522b917b6b639c824297cb39422908f517e3154324cc3b7ff0714bc9347213dc

                        SHA512

                        3279c5084d282110935847e5560eaf503cd6f071cf2763c9240761b2f195c0866474051b2bdc51654f4f17608a14b18120fcb617016c9676c651c6e545c51643

                        Download Submit

                      • C:\Windows\{AC9B01C7-34AF-4cae-B818-4C46ACEE9000}.exe
                        Filesize

                        168KB

                        MD5

                        6818df10a83c0b8388ba422a9e2b0197

                        SHA1

                        c58745c83e2c145023d1dacfdc37a2d2ec07cfc9

                        SHA256

                        38db506876b9b0d3282de8ecafe59329aefc5273dd38e4dc2c620333db0b90af

                        SHA512

                        de1c01657ddbcbb10323eceb074826f5fd3e0434433901931f319bdf76c3fa98890b2b6502e8c58c9a7fff450e4fdbfcfca973e7048530ec9ca6e57899a41e51

                        Download Submit

                      • C:\Windows\{AF3D909D-6B6D-4df2-9A78-961E706BBFD6}.exe
                        Filesize

                        168KB

                        MD5

                        733715265a50c5f9efb08cf93ce915e9

                        SHA1

                        2b4cecea8809ea63de226bf7d7f1fa41577e9e2d

                        SHA256

                        c23a6d61c30052e2e9b6cf7751b5e7c04261fce79b1d9e61d788668a6f5b7e1c

                        SHA512

                        cc2c97211ffb8c1c7b40256837976f2fbc5c09239512e92f3c96384d75e5c7069460b5d82308d93cb8b2c1475730ee41f47be77ba3fd22d6afcf52cfe4e0055a

                        Download Submit

                      • C:\Windows\{BF1183EE-89DA-41a6-90E9-CA5737AC8EF7}.exe
                        Filesize

                        168KB

                        MD5

                        591d5588750939552bfac0ee873518bf

                        SHA1

                        ed09915b7157509794b96440d629776f2cf88f56

                        SHA256

                        66d724d601ca5a7c52e7b78cd95621b46ab8708c7a4fb373c63427a34de1c397

                        SHA512

                        2f28598f6c9b3fcd4e218f560289104a2ecf097a58e3be952d534838d6df5bb323027ef3a73c340ce99f8ac8f579957d8b6b488225ac67bcaf3bc5c0b0921331

                        Download Submit

                      • C:\Windows\{C4A093FF-FE48-4936-A2BD-FC2545C9E1E9}.exe
                        Filesize

                        168KB

                        MD5

                        f645ce79b5b192ffb7f65121e57cc2fe

                        SHA1

                        b498130b9a78d7fcdbb3983d5d7c379858d913e0

                        SHA256

                        fd37d988286734615ed6756ed3292b38976d0920a301ac2691c47b6af26b092f

                        SHA512

                        bf0ef19416f5dcf39e7c905a34b9a8e696b1c57b9693b81a543089c361b2b6c718b8b0d07afe9305a59bde86e6275a55bdfe147e10ca340934930533a7bd139e

                        Download Submit

                      • C:\Windows\{CA7BA42F-8294-4f0d-86B1-5D183DD662FC}.exe
                        Filesize

                        168KB

                        MD5

                        1f811236789cb6bb246e2a27d32c30cc

                        SHA1

                        9cadfdcc78bbce84177ced38d2bce603330bc25e

                        SHA256

                        2e2eafab8e8789cef418e31eb332b6ff7ef955726721bfb59d1e15963552ee3e

                        SHA512

                        32919a5e7be091e8da1bf361ba450b76805042f85bc2e439ceaded8960678e780258e3d16012ad131b2a92dd311adb400bf906dd599e3a8b95e9502379120d8d

                        Download Submit

                      • C:\Windows\{CFAD5316-5495-452c-8134-15DC40D85B00}.exe
                        Filesize

                        168KB

                        MD5

                        38b90e640639f45d05f132fd5038e8ae

                        SHA1

                        9563701bcf65e61f430200e369990002823f8358

                        SHA256

                        0587bb8eb79d4415fd2f52910fb52b97ffe882397bc758965364b38303b8121e

                        SHA512

                        1f405abecf3cc2681f3eeba36fa51ec363e35bfe57956ca390dda880165ca4d548bfdc852d74cf555539077ab1f71cf1d0208040eabc95871659ae886709210d

                        Download Submit

                      • C:\Windows\{FC0FFECB-1E80-415b-A811-02800123707E}.exe
                        Filesize

                        168KB

                        MD5

                        f2326b4f97e863c5631831670164a206

                        SHA1

                        2d0d6ff2e4fe436295bd94ff7e6e78b40ea7148b

                        SHA256

                        c5d0c789d4d9a9765c65118c3446dab0d951e28d2654b273fcbd8175c94e1899

                        SHA512

                        3f3366ef34b1d85f1771fa276b0879f6b91a5484c35064accd467d723c1da4b005325ae266853d1dc15642ee0053050df154c9a970b5179ba49c71167054508f

                        Download Submit