Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-17...ye.exe

windows7-x64

9

2024-02-17...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2024, 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_3bd883a76624714dee9486c354149228_goldeneye.exe

  • Size

    180KB

  • MD5

    3bd883a76624714dee9486c354149228

  • SHA1

    327d598f506014ab15c84b2d257be584ea8f4b09

  • SHA256

    05e11945edd1cd745c5772ab50288fbf34ccf696c5a3bf927e6132370d4d1c92

  • SHA512

    21a086d3c5270e2ba5fd93614ad7e11c28165966292b1022f5a3b380bc3770b8418771562ee7d7501f25307f6a49c2dd30aa7f6f959d33ce2a597e205fd8c6ee

  • SSDEEP

    3072:jEGh0o4lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGal5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_3bd883a76624714dee9486c354149228_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_3bd883a76624714dee9486c354149228_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Windows\{6503F6C6-3DD6-4919-A349-CFC6D971D2B4}.exe
      C:\Windows\{6503F6C6-3DD6-4919-A349-CFC6D971D2B4}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Windows\{5B47225E-3BC1-454e-862D-AE302A7C3810}.exe
        C:\Windows\{5B47225E-3BC1-454e-862D-AE302A7C3810}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:116
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{5B472~1.EXE > nul
          4⤵
            PID:1192
          • C:\Windows\{E101EB6A-66BB-4443-A1B8-C200029AE730}.exe
            C:\Windows\{E101EB6A-66BB-4443-A1B8-C200029AE730}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:5076
            • C:\Windows\{81455815-0605-417d-B933-7732CA887EC4}.exe
              C:\Windows\{81455815-0605-417d-B933-7732CA887EC4}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4672
              • C:\Windows\{AFEFBB1E-EF66-42dc-8A35-74AA30624A82}.exe
                C:\Windows\{AFEFBB1E-EF66-42dc-8A35-74AA30624A82}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3484
                • C:\Windows\{66E8EE6C-E92C-42b9-ADB1-BB8699D84B53}.exe
                  C:\Windows\{66E8EE6C-E92C-42b9-ADB1-BB8699D84B53}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4360
                  • C:\Windows\{1E7B339C-17CC-4c30-BF6B-E5158B783FD1}.exe
                    C:\Windows\{1E7B339C-17CC-4c30-BF6B-E5158B783FD1}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4840
                    • C:\Windows\{9E8D31F5-B5D2-4ebb-8830-1DE6E8FB792F}.exe
                      C:\Windows\{9E8D31F5-B5D2-4ebb-8830-1DE6E8FB792F}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2772
                      • C:\Windows\{9859E64D-6833-4957-9546-52201C139E43}.exe
                        C:\Windows\{9859E64D-6833-4957-9546-52201C139E43}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4092
                        • C:\Windows\{12EB2277-8D11-44c7-929F-0B34147C90D6}.exe
                          C:\Windows\{12EB2277-8D11-44c7-929F-0B34147C90D6}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:2620
                          • C:\Windows\{3C18789D-5245-4d27-9696-654776A9EE16}.exe
                            C:\Windows\{3C18789D-5245-4d27-9696-654776A9EE16}.exe
                            12⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2328
                            • C:\Windows\{885D4B3F-5B46-480e-8581-FF2B4E5BC6C7}.exe
                              C:\Windows\{885D4B3F-5B46-480e-8581-FF2B4E5BC6C7}.exe
                              13⤵
                              • Executes dropped EXE
                              PID:2540
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{3C187~1.EXE > nul
                              13⤵
                                PID:1512
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{12EB2~1.EXE > nul
                              12⤵
                                PID:2580
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{9859E~1.EXE > nul
                              11⤵
                                PID:3400
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{9E8D3~1.EXE > nul
                              10⤵
                                PID:5084
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{1E7B3~1.EXE > nul
                              9⤵
                                PID:2640
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{66E8E~1.EXE > nul
                              8⤵
                                PID:1044
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{AFEFB~1.EXE > nul
                              7⤵
                                PID:1888
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{81455~1.EXE > nul
                              6⤵
                                PID:3648
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{E101E~1.EXE > nul
                              5⤵
                                PID:972
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{6503F~1.EXE > nul
                            3⤵
                              PID:4904
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2580

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{12EB2277-8D11-44c7-929F-0B34147C90D6}.exe
                            Filesize

                            180KB

                            MD5

                            c986af3eea28833590f36ac4b9933f3f

                            SHA1

                            73816dabdac85ca6164ec3774abb7fa576af3003

                            SHA256

                            65b47444e0196effdbd92b570345f64c9628061d373c49904d4eca8f7ace55b6

                            SHA512

                            e6359b0cf4fa73e5dd9562efc8924d03f98741fa04cc1043ce684e8a16a4d01be7a15016f5801deeca4720297bfe7fbcae772b9aa4aa571f3c7ca946d722baa7

                            Download Submit

                          • C:\Windows\{1E7B339C-17CC-4c30-BF6B-E5158B783FD1}.exe
                            Filesize

                            180KB

                            MD5

                            e407e2fb56b38f60d214ecf6c759b6f3

                            SHA1

                            0d73c9888171747af70769fdb17c3fff8dbd6525

                            SHA256

                            700d82c9f868b688b348bfa21df0872d14d70f328c179b8a352855e228f028e8

                            SHA512

                            1c5f0bbff93fa04cda0142df2c9a0ee30888edeb34dade5f3986727f66516bb3a5f8b09d39aae412a250164b1de079d7b39abb03d57d1312e51917aac647f0bd

                            Download Submit

                          • C:\Windows\{3C18789D-5245-4d27-9696-654776A9EE16}.exe
                            Filesize

                            180KB

                            MD5

                            926ec3c62e8d997cb6852c36910eab5e

                            SHA1

                            85c6030dd38e951e77b442aca34b288cd7f01973

                            SHA256

                            1d3615a1e20579d988a49c87cd7d46774d2febb674adc0e738118f7eb3881613

                            SHA512

                            feabbd1266387ead143896430bf716d0288410dea0fe86201a3f2c7bcb5fbc4ade6860b4d30662e213950fa7f6b10f0e421e73338490fb0502ffb49594f1824e

                            Download Submit

                          • C:\Windows\{5B47225E-3BC1-454e-862D-AE302A7C3810}.exe
                            Filesize

                            180KB

                            MD5

                            2d3f2838ddc84bba807f0500472d5ae8

                            SHA1

                            73b8f8feb1031bb002fa353037833d6f1a117d87

                            SHA256

                            123fef105beda923c9fc0a90b59ee244d58c7d0952011375dad06862b4c1ec33

                            SHA512

                            181dfe967706e32634191ae5a65dfa042cbbcbf105edeca613d423d7a323b80e40134bfb29997070fb766da474f8543b174ad741bf9104fca0f492033e7e4c35

                            Download Submit

                          • C:\Windows\{6503F6C6-3DD6-4919-A349-CFC6D971D2B4}.exe
                            Filesize

                            180KB

                            MD5

                            4411da23ad689746973ff606db961988

                            SHA1

                            42834b8c83fad91bce3d8309486e49c8858fb6e5

                            SHA256

                            fcbf533c52a28c2aaffc99b26cb2acce5aa94155aa0ef793e372fbe56bcd7415

                            SHA512

                            2af68f89e87299ccdf3531c593109e65e8dd9b391465c6d65df19d6294f6e90588c942485f56139348bf6357bdc8a30a5be22473771ba868e3dc1456a7f4b28f

                            Download Submit

                          • C:\Windows\{66E8EE6C-E92C-42b9-ADB1-BB8699D84B53}.exe
                            Filesize

                            180KB

                            MD5

                            365bd6478100f1899136c5496d73462c

                            SHA1

                            78c4aa6906ff212b841ec24d7ed3d3664f1a1fd9

                            SHA256

                            a3d50947083aff2d3f6719ce59068f94776efd2639a1e5da92246e649965c2bd

                            SHA512

                            38bf79b9f7f6e1e33cd39858f5af0f739354564f5e9708f5767bc9abdea2ad49bb59a4f272473c5b2ecec8d93b83b9b9ca164e0ab6a692209f945a41e81f92dd

                            Download Submit

                          • C:\Windows\{81455815-0605-417d-B933-7732CA887EC4}.exe
                            Filesize

                            180KB

                            MD5

                            5e2fd183d814fbffd50053008aa1cd10

                            SHA1

                            2e42669d383c00db3f96bea1d72c6da2699f6a88

                            SHA256

                            bd6e0995ed06a490f020842d1d7f417eb9af172c4fb84366f8fa706e987de4e8

                            SHA512

                            a3f8fa74c3ea423a06ac93ba6af0aa637d20a89a5c6b6ecef7733c1beb304ae44bd1f72e98c7d69428de6461bc152f834843dd977a8ce3e9db2c60b0bf85d3cb

                            Download Submit

                          • C:\Windows\{885D4B3F-5B46-480e-8581-FF2B4E5BC6C7}.exe
                            Filesize

                            180KB

                            MD5

                            fcbde505c6f9cbb88f5f1419f5516e83

                            SHA1

                            c601eeea96811b32816aed9d5e0efb5bfd67857b

                            SHA256

                            18e946a37d26c0c89a354daa2ec127ee17345ba76fee5af36cb38f74f00d36a8

                            SHA512

                            e81108bef2855f62dcb857bf79400eab0d1ee29b743c636e8d6db3e3d9f5abd504179b9aa120b56f0ec1b906a9f835ff6ee54602144f0c5128fd25cfda19f581

                            Download Submit

                          • C:\Windows\{9859E64D-6833-4957-9546-52201C139E43}.exe
                            Filesize

                            180KB

                            MD5

                            abc90c7e80a0fe3ae3c92085a256b7e9

                            SHA1

                            879362e63bfff419132bfc7b927198bafbd4afda

                            SHA256

                            8ee352b94e6e8073ea7960b7e0404df56159b17dc77bf26100e0d9944d4a0516

                            SHA512

                            1ae76a0e7878d1f56bbf2795abbacb18f852c870c40e65867bf16e1c7be00feda9b5e438f4a5bfe93fd5f5d4dcc82bcda03c30d0a50e68ee7d3da0e2bf421d61

                            Download Submit

                          • C:\Windows\{9E8D31F5-B5D2-4ebb-8830-1DE6E8FB792F}.exe
                            Filesize

                            180KB

                            MD5

                            b39b3db871d7bd8a42e9ab4b6d1e5654

                            SHA1

                            99dfbd46ecc29b47ead1c881f2d811cb5ebc965b

                            SHA256

                            da18991f8dd35974af1e84ac6c29e4c8f34d4cda266076494080698f06916a57

                            SHA512

                            ef502538c72840d18d4d0a1d4a870d5c7705512b3c436d0af725a95ff056071674d83030fbd0e79c330b7f307e9f7a7ff71b14a0f19111aa52c8beb72e186bfb

                            Download Submit

                          • C:\Windows\{AFEFBB1E-EF66-42dc-8A35-74AA30624A82}.exe
                            Filesize

                            180KB

                            MD5

                            467a114b6f2850fed3ece62b9c1c711c

                            SHA1

                            db8622eab941e9d6a57bddb6abfd38add0c8b01a

                            SHA256

                            8c00c99f4b5983677584fea038b78fc621b8e2449459d058580fe27f150bdc22

                            SHA512

                            1579fce988934b8b00375b90991ba24a93120aefc9d558f4cca44338e0413fd069c0fd74aec2af4ac637717bfe0969a728a91b507703875a1a4d319b1a6b6b14

                            Download Submit

                          • C:\Windows\{E101EB6A-66BB-4443-A1B8-C200029AE730}.exe
                            Filesize

                            180KB

                            MD5

                            7df3e8b02ea342ec27704b93cbfc081d

                            SHA1

                            33327f5b12be27a40cde6c0cc6e549c72fc43396

                            SHA256

                            b66e738f6df975f6b59490188a7e907378a76c7a43491f08e1948671a27f3d1d

                            SHA512

                            4f6a264e514bf3f5b8b3b731db724695bea370c41766e33e4489f84b26ea73f5f6f15e19c925fb12755a3fa46ff97904fe3894805c6c7e810f62f6adf1570b04

                            Download Submit