Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-17...ye.exe

windows7-x64

9

2024-02-17...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2024, 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe

  • Size

    197KB

  • MD5

    5485695f8bbc60562998d1755b1248ad

  • SHA1

    ba77ee5ad1c669989a4788c0caa20fac70aff9cc

  • SHA256

    520e7dd5ea39aa84c837fc3ec9ebfaeb5503d3e4400a0f77507e11ab809711c8

  • SHA512

    43e4f71bcef2ba80cbbcd032120f0d6cb76e67df53b81f45e5864cec5c3902a88898f3e161936c807550db6f99a94edc3d27ade0f8ca83610be1a3178a9fcd15

  • SSDEEP

    3072:jEGh0oWl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Windows\{B744663C-D908-4786-975E-BCC2438F7341}.exe
      C:\Windows\{B744663C-D908-4786-975E-BCC2438F7341}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:364
      • C:\Windows\{EE2DD947-A97D-4969-804E-029C25C7775A}.exe
        C:\Windows\{EE2DD947-A97D-4969-804E-029C25C7775A}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4820
        • C:\Windows\{09A8122B-39D6-4ac9-8D01-45AAF1854059}.exe
          C:\Windows\{09A8122B-39D6-4ac9-8D01-45AAF1854059}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2312
          • C:\Windows\{CDB9B907-E61F-4c90-8F09-B8B3CF243665}.exe
            C:\Windows\{CDB9B907-E61F-4c90-8F09-B8B3CF243665}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4900
            • C:\Windows\{38FFE92F-67F9-47ab-9530-539394AA1161}.exe
              C:\Windows\{38FFE92F-67F9-47ab-9530-539394AA1161}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2452
              • C:\Windows\{04890196-498C-4385-943A-6426384A41AD}.exe
                C:\Windows\{04890196-498C-4385-943A-6426384A41AD}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3992
                • C:\Windows\{076BBC40-7236-45b2-8C0E-58D54E79B808}.exe
                  C:\Windows\{076BBC40-7236-45b2-8C0E-58D54E79B808}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:3300
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c del C:\Windows\{076BB~1.EXE > nul
                    9⤵
                      PID:4976
                    • C:\Windows\{CE9D16FD-7469-4288-92C6-555A7C89CD54}.exe
                      C:\Windows\{CE9D16FD-7469-4288-92C6-555A7C89CD54}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4136
                      • C:\Windows\{6497B3CA-5E05-494d-AFA1-A64F23DC4CAE}.exe
                        C:\Windows\{6497B3CA-5E05-494d-AFA1-A64F23DC4CAE}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4468
                        • C:\Windows\{4DB301AB-25E3-4bd8-84DA-41DDEDCE62BF}.exe
                          C:\Windows\{4DB301AB-25E3-4bd8-84DA-41DDEDCE62BF}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:1676
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4DB30~1.EXE > nul
                            12⤵
                              PID:4368
                            • C:\Windows\{E394F1C6-7160-4601-80E6-7E9F76DADEEA}.exe
                              C:\Windows\{E394F1C6-7160-4601-80E6-7E9F76DADEEA}.exe
                              12⤵
                              • Modifies Installed Components in the registry
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4352
                              • C:\Windows\{9F6046A8-1F3A-4948-B7C5-B573693930BE}.exe
                                C:\Windows\{9F6046A8-1F3A-4948-B7C5-B573693930BE}.exe
                                13⤵
                                • Executes dropped EXE
                                PID:3000
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{E394F~1.EXE > nul
                                13⤵
                                  PID:2636
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{6497B~1.EXE > nul
                              11⤵
                                PID:1364
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{CE9D1~1.EXE > nul
                              10⤵
                                PID:4380
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{04890~1.EXE > nul
                            8⤵
                              PID:3084
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{38FFE~1.EXE > nul
                            7⤵
                              PID:1696
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{CDB9B~1.EXE > nul
                            6⤵
                              PID:1256
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{09A81~1.EXE > nul
                            5⤵
                              PID:5012
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{EE2DD~1.EXE > nul
                            4⤵
                              PID:2896
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B7446~1.EXE > nul
                            3⤵
                              PID:5000
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:4764

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{04890196-498C-4385-943A-6426384A41AD}.exe
                            Filesize

                            197KB

                            MD5

                            a115860b5b0d76f583f2d5fa575ec721

                            SHA1

                            26b19c0f25fa87726ea0b2cd054137ed2d5b8a6c

                            SHA256

                            623d000b8912ba0bfe0929e0e45a6940ec3497d2bb956ad72f18e73116005892

                            SHA512

                            54d9babbca76e7deb25ec6be441d7a31ed5105c8c3b2dcb01b0f7a56618a09e0faaa23b412b3a365db3cc1396a6438261c2d74bbe094b2150d21e68ed7f0f4c4

                            Download Submit

                          • C:\Windows\{076BBC40-7236-45b2-8C0E-58D54E79B808}.exe
                            Filesize

                            197KB

                            MD5

                            db3f2bc18e1ddc3538fb4c17a82ef492

                            SHA1

                            7f4d8d9df17d5bcc086cc9d08fc6794f8865c7a8

                            SHA256

                            8da629b3ae92ea9c0b43072bc2a1c29c2d3c5596cecd5b27eb5e1a30506bdd1f

                            SHA512

                            73b6d87740fc26152a131ce2b722402644dbffcc782ff9c9d771b889596f801a1df1f512561ff1da50f4eef835c0794f7e9dc4da2082166a94339432a1b707c6

                            Download Submit

                          • C:\Windows\{09A8122B-39D6-4ac9-8D01-45AAF1854059}.exe
                            Filesize

                            197KB

                            MD5

                            5fe1c486b7a869574fbd935a64f096e2

                            SHA1

                            a0053ec5ad6dac9286eddfdab998033589766b3a

                            SHA256

                            ab8747eccc87cf9e6a1dda4e577f940fa5fffb1058bf2c80e32f256399dc0c49

                            SHA512

                            1bd299f568c7b707dff10636aa5cc37eda778f78c17131ae8cfc6505fb003cf2a6aa574cb4d8f7181ee35f17f19b4f9001ec5cbbd50b7cb5f36bef5a854f06b1

                            Download Submit

                          • C:\Windows\{38FFE92F-67F9-47ab-9530-539394AA1161}.exe
                            Filesize

                            197KB

                            MD5

                            ffcdb5b579382c7cff462c89691b45bc

                            SHA1

                            92b05de2d858ca0897bd7943136969793658ec0b

                            SHA256

                            f4beccc8b17374667ed4f5d79eb3b67d9afcc2f071f9cbad20a7e68abc22f349

                            SHA512

                            0b86b57d03ef5c2faeb993bb9a777b0317093c045fa21b3ec17c8f5a9dcacaf4afc4a74e32611806ebb961f695893eedd297e102b5a073681d20a5c2624ad607

                            Download Submit

                          • C:\Windows\{4DB301AB-25E3-4bd8-84DA-41DDEDCE62BF}.exe
                            Filesize

                            197KB

                            MD5

                            6113628a99c426d64c7c8adc925f4d3b

                            SHA1

                            ee2838599a1a119c02757fd820f128e35d9c67e2

                            SHA256

                            3d0eea84a0b111f0586498c27ada76bd0be43c428724a77da7c2683732e1b0ca

                            SHA512

                            4c267795147b2d96b84ea2b34da7e9908d0acd2ad318832e3d7dfcbe8477a61f90e81e8a0f8bfc6a9a9f2e021612532f71a3493d58877be76d1bff0b221859b3

                            Download Submit

                          • C:\Windows\{6497B3CA-5E05-494d-AFA1-A64F23DC4CAE}.exe
                            Filesize

                            197KB

                            MD5

                            2db2e2fbf3b4b4c080619c7f79a3e402

                            SHA1

                            b335e4a0a496951845a2b41444c790ac8de36244

                            SHA256

                            b951ade41eb3071a5d379add46bec9d9ebf0b3cf1db4269da74ff6954378006f

                            SHA512

                            88e9f5f23f7abcbd171f845f951278cee2c92ddb6016b1cc363d89054edb599bb4d34db8db3f6535131e6b490409375cc43c5c1bb16a58bba718d29fa60da331

                            Download Submit

                          • C:\Windows\{9F6046A8-1F3A-4948-B7C5-B573693930BE}.exe
                            Filesize

                            197KB

                            MD5

                            dcc4c17ace228ae79e335dfb6e6f0d04

                            SHA1

                            6c9fdd46f22c7406f290e19300697e31b1f1141a

                            SHA256

                            48d006a23acbc34c19648653ec12743adaf11fbd5545e2b72125538fe500ba6b

                            SHA512

                            c79d72a5dbd532642061eedc4fe57f1af18ba69125b2e001a308290d1f6860b3ff0985bd5e0fadd5746309484c8bccbefd5876e44b0948ed09dff73b3c23ebf1

                            Download Submit

                          • C:\Windows\{B744663C-D908-4786-975E-BCC2438F7341}.exe
                            Filesize

                            197KB

                            MD5

                            41fa90a94c83649dc8fa7c3fc75a4d4b

                            SHA1

                            a6d60726576352fda4e11de233a226ec613a95a0

                            SHA256

                            8284bce116d47a532f4a3a126b70bf682dd854d7c4423c013af362853e114a91

                            SHA512

                            1ee325980d98213e8a479b5eb236bff28d470cbfe9a3f7a343e0e7458e92411f19e1dde04d2e322295c031d5165baee2f758ca0fa54512a0dc8c61ec9fa75e4a

                            Download Submit

                          • C:\Windows\{CDB9B907-E61F-4c90-8F09-B8B3CF243665}.exe
                            Filesize

                            197KB

                            MD5

                            ec7c96c49cbc3c4e8f85c46a20250e7d

                            SHA1

                            2e7bec3496d7b9c29ab7dfe0130fca2fc03cf87b

                            SHA256

                            382beb3554c768005d8155d785cbd78989c84ec05c31680025549aa41eaaaf52

                            SHA512

                            cbc9c803f98fbf5ce851330961ea4263dc421ab12533bab0eaa8a103f570fb5a7c7e2d1e4231824ff904622dcd905b9de6a86280e0a44d15c091bbc9f4054d3b

                            Download Submit

                          • C:\Windows\{CE9D16FD-7469-4288-92C6-555A7C89CD54}.exe
                            Filesize

                            197KB

                            MD5

                            ccb6954cc7d2c349c430ea0b3652975f

                            SHA1

                            035584d02e4a3c4534a2b9e69dbc80a4d03b7de8

                            SHA256

                            d24fc4d8fbed194ac632d614709b6d0841dc557896837c7e3de038f8de7d0d81

                            SHA512

                            7f58fe1de81229c2d5052388dfec0774ac901f2e9580d2eda7986a4cae73208079f2e35f5f6b2f836d7c9d4f3e006609e7a244abc2c984f0fddd99730a47edc4

                            Download Submit

                          • C:\Windows\{E394F1C6-7160-4601-80E6-7E9F76DADEEA}.exe
                            Filesize

                            197KB

                            MD5

                            e008c715d169db8b555feb78d36c678f

                            SHA1

                            0baf539cf082a3cebd218a2a97322548035a544a

                            SHA256

                            5ac07e3dae26e723f3634fd6195eed8a02a5bfb8c5d74d13a354c6585829d42c

                            SHA512

                            4d74cc8e26733d3de7c8e0b0ee560f1e14cb0d97577dadbf2532b84b7190ea4f9e7a4f5e9dc173918af2ec3c9bb1f53563e3616568a9d0bd291737b3ab43d808

                            Download Submit

                          • C:\Windows\{EE2DD947-A97D-4969-804E-029C25C7775A}.exe
                            Filesize

                            197KB

                            MD5

                            d3d33b17f98e502a42024ed73f867a48

                            SHA1

                            6e4eb493bf8ffc0e0d6839e4f031b7958553d6fd

                            SHA256

                            05a70a80f631002ecec80d5b1761f78a46cc3e43abd2d30cb824267f03681d20

                            SHA512

                            b29046d25c68de3d48ca5b4deca6771c7d94143aa646b01014d2587c33e368e8729dd8c9735ca5f53b72faf40b79501707974d0e39355c098116ac4a65e09226

                            Download Submit