Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-17...ye.exe

windows7-x64

9

2024-02-17...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    17/02/2024, 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe

  • Size

    197KB

  • MD5

    5485695f8bbc60562998d1755b1248ad

  • SHA1

    ba77ee5ad1c669989a4788c0caa20fac70aff9cc

  • SHA256

    520e7dd5ea39aa84c837fc3ec9ebfaeb5503d3e4400a0f77507e11ab809711c8

  • SHA512

    43e4f71bcef2ba80cbbcd032120f0d6cb76e67df53b81f45e5864cec5c3902a88898f3e161936c807550db6f99a94edc3d27ade0f8ca83610be1a3178a9fcd15

  • SSDEEP

    3072:jEGh0oWl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Windows\{6FA44326-6BAE-4cea-8FA8-D31712D0017C}.exe
      C:\Windows\{6FA44326-6BAE-4cea-8FA8-D31712D0017C}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Windows\{E4AC155A-F8B9-4c3d-8890-C165A7799122}.exe
        C:\Windows\{E4AC155A-F8B9-4c3d-8890-C165A7799122}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2932
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{E4AC1~1.EXE > nul
          4⤵
            PID:2432
          • C:\Windows\{7B928FCC-2808-4d8f-990A-EEDF58BCA7E2}.exe
            C:\Windows\{7B928FCC-2808-4d8f-990A-EEDF58BCA7E2}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2476
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{7B928~1.EXE > nul
              5⤵
                PID:2320
              • C:\Windows\{59C20C84-FFFC-41a7-8C98-8A98DDB23850}.exe
                C:\Windows\{59C20C84-FFFC-41a7-8C98-8A98DDB23850}.exe
                5⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1832
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{59C20~1.EXE > nul
                  6⤵
                    PID:1616
                  • C:\Windows\{936E81BC-139F-4637-BA27-821606B69326}.exe
                    C:\Windows\{936E81BC-139F-4637-BA27-821606B69326}.exe
                    6⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1144
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c del C:\Windows\{936E8~1.EXE > nul
                      7⤵
                        PID:636
                      • C:\Windows\{ECDFC863-75C8-414e-A687-F5E5731DF9FF}.exe
                        C:\Windows\{ECDFC863-75C8-414e-A687-F5E5731DF9FF}.exe
                        7⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:2196
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{ECDFC~1.EXE > nul
                          8⤵
                            PID:1972
                          • C:\Windows\{C73A2CE9-7831-4c33-9518-3BE027DAAF35}.exe
                            C:\Windows\{C73A2CE9-7831-4c33-9518-3BE027DAAF35}.exe
                            8⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:1588
                            • C:\Windows\{DCBB02F9-1B40-4b7c-A3AB-644DADD87F4B}.exe
                              C:\Windows\{DCBB02F9-1B40-4b7c-A3AB-644DADD87F4B}.exe
                              9⤵
                              • Modifies Installed Components in the registry
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious use of AdjustPrivilegeToken
                              PID:1128
                              • C:\Windows\{B29B8603-A5B3-4219-9197-B1C4BECCCF9B}.exe
                                C:\Windows\{B29B8603-A5B3-4219-9197-B1C4BECCCF9B}.exe
                                10⤵
                                • Modifies Installed Components in the registry
                                • Executes dropped EXE
                                • Drops file in Windows directory
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2040
                                • C:\Windows\{2C5FA84A-9B68-46d3-9501-975A2285526A}.exe
                                  C:\Windows\{2C5FA84A-9B68-46d3-9501-975A2285526A}.exe
                                  11⤵
                                  • Modifies Installed Components in the registry
                                  • Executes dropped EXE
                                  • Drops file in Windows directory
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:780
                                  • C:\Windows\{73A3E1D5-DF91-42ee-A7B8-B3384BBE7021}.exe
                                    C:\Windows\{73A3E1D5-DF91-42ee-A7B8-B3384BBE7021}.exe
                                    12⤵
                                    • Executes dropped EXE
                                    PID:1820
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{2C5FA~1.EXE > nul
                                    12⤵
                                      PID:1124
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{B29B8~1.EXE > nul
                                    11⤵
                                      PID:1416
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{DCBB0~1.EXE > nul
                                    10⤵
                                      PID:1872
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{C73A2~1.EXE > nul
                                    9⤵
                                      PID:2824
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6FA44~1.EXE > nul
                          3⤵
                            PID:2696
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:2628

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{2C5FA84A-9B68-46d3-9501-975A2285526A}.exe
                          Filesize

                          197KB

                          MD5

                          2fbddbb4e3a1bcc5bb5b12736f5dbfa0

                          SHA1

                          1848fe7b4e4f5485b7bee3b297b4a78128fcc371

                          SHA256

                          e4f937ab90299d1c64750a27577a151e3c5f8abc50247a23633bbbca69659ea0

                          SHA512

                          534e0ac5078734eb8f76536e37137c9306bc06b4e7edc21f16316b76f9039faa523c122d184cef200657bde916b07accbb664483d0c65125a3752bf32a7e7b56

                          Download Submit

                        • C:\Windows\{59C20C84-FFFC-41a7-8C98-8A98DDB23850}.exe
                          Filesize

                          197KB

                          MD5

                          557c7cdc41cb7686174688e5f6b7c385

                          SHA1

                          00db0c939243efd590d86c9c4df11e343656e436

                          SHA256

                          3b20e7def4c4472405b4658e51f6f41514e2c88a873eb87f291156b2925602c2

                          SHA512

                          e4bf60ed439669f59bb4e0f3dbd90cce154d7bed5a65436e14d31fb8745c17d9e4e98d81958261730ee6b0a9a3307c7840c5ceddfc0b57591781d673a6d3a352

                          Download Submit

                        • C:\Windows\{6FA44326-6BAE-4cea-8FA8-D31712D0017C}.exe
                          Filesize

                          197KB

                          MD5

                          dfac218e92096d267b863cc6a8e3b01d

                          SHA1

                          f2558f259640525ab8e4d519e2918e61da48b77e

                          SHA256

                          0add0fb607a65c1c80164054dd0b21ac19e85137e504a4640b23ae33e3cd7bc5

                          SHA512

                          f525646b8eaa6f2322c2dbde4886fde487efcba3f9fa7f8cc06e24a2b056ccd6d4fce30e94dbc7c4973c2099d0be6eb4b9d1a62b7e8270c81a110aec7774bc05

                          Download Submit

                        • C:\Windows\{73A3E1D5-DF91-42ee-A7B8-B3384BBE7021}.exe
                          Filesize

                          197KB

                          MD5

                          35e87f19266b1ec6cbc81aef7415907e

                          SHA1

                          b549c3045c1413b1e09a81a4f1cf54516c405056

                          SHA256

                          cc6493f1e063a6d6a64b710df7440ec9878d5a62b837ad01ae4abb0e3a8297ac

                          SHA512

                          cac2caff999689dad35a7e151702007aaed4e83eaf4c77d56380253f6ba1be54b6939571944528de7d8bbb19b828b805c738dd03ac850ce94f191560899873ae

                          Download Submit

                        • C:\Windows\{7B928FCC-2808-4d8f-990A-EEDF58BCA7E2}.exe
                          Filesize

                          197KB

                          MD5

                          a1bab32167e7144d30fcd9bc65bab71c

                          SHA1

                          013a5ee63df32d51d906a6f6f55e0a59bf2c6d00

                          SHA256

                          bdaa21ac88772458d3720a47c2cfc87254a79314d9e189c491d1815a8f22ff78

                          SHA512

                          dffbecc94bcdaa829a076af55215cf052f4417b87df21f8a93f897794868bba8465afb9533a78882901ec4e21328ce58b87c3382544f9f3224869fbf21eaaf4a

                          Download Submit

                        • C:\Windows\{936E81BC-139F-4637-BA27-821606B69326}.exe
                          Filesize

                          197KB

                          MD5

                          c2bdbe62f43a28574ab04fdd3406452d

                          SHA1

                          a04940fd1a004f6957aee35d11c884daf6042138

                          SHA256

                          a3122c4fc521cc2b5d85966b979881622a40f73abbf0e1135a0dfdbb5ecc4ddf

                          SHA512

                          7ea5cb5f43d89b1291e0c8070599e06d4921de54b8b47e1bc836c121a1feae419153e3eb2634cb8efa765586b14d14fb3b2be3ba62414d1e8812c5d1ecf1bd7c

                          Download Submit

                        • C:\Windows\{B29B8603-A5B3-4219-9197-B1C4BECCCF9B}.exe
                          Filesize

                          197KB

                          MD5

                          1aa3922530460aee08bf51c0b36be2cf

                          SHA1

                          126067b9844a246ae5cc0e9b8e1700959a1616af

                          SHA256

                          b09f182c01ace2469101babe9d753385adce0ec9d0f460e66242fd369e25d516

                          SHA512

                          6aa813232d900a90ae03871f0938dc019622f1d1b93a47ed7146a97673485193a1d21e200533f09d86823b10b809b86976b1249873a4bf38fb1c1c23eaea0410

                          Download Submit

                        • C:\Windows\{C73A2CE9-7831-4c33-9518-3BE027DAAF35}.exe
                          Filesize

                          197KB

                          MD5

                          e25bb8fe6f8a974b2dc685d0224143dd

                          SHA1

                          9b521d6edf5992470f07797d16eda2b7149278d8

                          SHA256

                          aa280d385f199f02eee3ad528d6ae82bcf4ec8c14a67d09d6bca8d805f5ff4ec

                          SHA512

                          53d7ea644375e66c61f253e462831253386f8b4c3803398461408ef4d99fcffa3563b80360e22448ca107c16c355c15adc12a12e83e63b57964dd0bf45344b86

                          Download Submit

                        • C:\Windows\{DCBB02F9-1B40-4b7c-A3AB-644DADD87F4B}.exe
                          Filesize

                          197KB

                          MD5

                          aab9c8136f0a9c65e86aceabf5cab5f7

                          SHA1

                          4c674f6f3c33f1d97d15e967713ede8f374b1791

                          SHA256

                          d041e3bee017735cd55e77f2f969f6339b843124dc2febec726c7b0c28b57b43

                          SHA512

                          972561735aa819ea1b596ded7dd12e95d5413b49e7d22d3d12304f09cac574f9f02bd0baf1a9d73b8f11475ee9375144d9ef59d7f5f75486c1e90d22f4426b34

                          Download Submit

                        • C:\Windows\{E4AC155A-F8B9-4c3d-8890-C165A7799122}.exe
                          Filesize

                          197KB

                          MD5

                          bff5ebe4d3ed2b1564f912593f50ebeb

                          SHA1

                          454ad1c420d70bc949688f799e65d186a6e84dd3

                          SHA256

                          01a520b76e577e0f1d5b19155bbbcbf76f5fbdc0bacac692dec66fee0f328ece

                          SHA512

                          324ac996daa7e1db372f39d828b1f55365fa95345c56820367f469d3e50f602044cb2417753103ffdaf94d1368e06d76cc8eef90b3e955705b2115df756e276f

                          Download Submit

                        • C:\Windows\{ECDFC863-75C8-414e-A687-F5E5731DF9FF}.exe
                          Filesize

                          197KB

                          MD5

                          642e66c2232c51f3b75f104d6071584d

                          SHA1

                          e951e64ead4b6fc9c3761aeec429a4c6894c128c

                          SHA256

                          0eb1a8e701a285ed740fb54158ed15e7b637b7efd823373bd3608255565ee96c

                          SHA512

                          79ddd75748d578b682306cd877dc31d9083b1ca7d3001208bdc842a330c28f08859e1ba77a14bc751bbc5294532ae63490807cdc5b42fbfcc9e4703df6eee473

                          Download Submit