Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-18...ye.exe

windows7-x64

9

2024-02-18...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/02/2024, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-18_0261ff0691822157084b12b89134cdef_goldeneye.exe

  • Size

    180KB

  • MD5

    0261ff0691822157084b12b89134cdef

  • SHA1

    10926bd56456880084aa75e5d92b4ec098c0fffa

  • SHA256

    7a09b43a183020add390a6282120f0b3d26f27242bd1f82d87c17eb35056410d

  • SHA512

    cdd5867a457f37ac31f9df712a7e5ee8580789a5af26d3204708d59dba0441eab23d47b5e5796d5d05c603656e06cd41cd2696f68a682b6cfec521c1ea864b2a

  • SSDEEP

    3072:jEGh0oelfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGgl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-18_0261ff0691822157084b12b89134cdef_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-18_0261ff0691822157084b12b89134cdef_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Windows\{3BC13664-3F71-4e86-BF51-A54F92898DD2}.exe
      C:\Windows\{3BC13664-3F71-4e86-BF51-A54F92898DD2}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1080
      • C:\Windows\{3664E6B5-1852-4386-8E03-A5EF13827BE3}.exe
        C:\Windows\{3664E6B5-1852-4386-8E03-A5EF13827BE3}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3796
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{3664E~1.EXE > nul
          4⤵
            PID:3432
          • C:\Windows\{367460B3-76F5-4249-930C-72CDF0A66BF3}.exe
            C:\Windows\{367460B3-76F5-4249-930C-72CDF0A66BF3}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3928
            • C:\Windows\{F2D6BAD6-43F1-4644-AAD6-18DA1C7C8C61}.exe
              C:\Windows\{F2D6BAD6-43F1-4644-AAD6-18DA1C7C8C61}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3512
              • C:\Windows\{C3CF2F20-EAAF-402e-95C8-6DEE2E2C282E}.exe
                C:\Windows\{C3CF2F20-EAAF-402e-95C8-6DEE2E2C282E}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4456
                • C:\Windows\{9CDEAB6F-D366-4258-A0E6-B5C985CED154}.exe
                  C:\Windows\{9CDEAB6F-D366-4258-A0E6-B5C985CED154}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:564
                  • C:\Windows\{EBB3E995-BE08-4edc-8241-7FA36071A553}.exe
                    C:\Windows\{EBB3E995-BE08-4edc-8241-7FA36071A553}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2528
                    • C:\Windows\{BB5F1A7E-12EF-4cda-A624-9FEB1207F42E}.exe
                      C:\Windows\{BB5F1A7E-12EF-4cda-A624-9FEB1207F42E}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3628
                      • C:\Windows\{01F0C363-6B82-4fd6-8017-DDD5EC5223B8}.exe
                        C:\Windows\{01F0C363-6B82-4fd6-8017-DDD5EC5223B8}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:3388
                        • C:\Windows\{0250B675-A806-4622-86E1-A8492CFD9EF6}.exe
                          C:\Windows\{0250B675-A806-4622-86E1-A8492CFD9EF6}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:1580
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0250B~1.EXE > nul
                            12⤵
                              PID:3828
                            • C:\Windows\{99F00ED9-89EF-4b9f-A5B2-75433443B8AE}.exe
                              C:\Windows\{99F00ED9-89EF-4b9f-A5B2-75433443B8AE}.exe
                              12⤵
                              • Executes dropped EXE
                              PID:4432
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{01F0C~1.EXE > nul
                            11⤵
                              PID:2312
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{BB5F1~1.EXE > nul
                            10⤵
                              PID:3420
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{EBB3E~1.EXE > nul
                            9⤵
                              PID:2344
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{9CDEA~1.EXE > nul
                            8⤵
                              PID:384
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C3CF2~1.EXE > nul
                            7⤵
                              PID:3572
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F2D6B~1.EXE > nul
                            6⤵
                              PID:1244
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{36746~1.EXE > nul
                            5⤵
                              PID:3876
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3BC13~1.EXE > nul
                          3⤵
                            PID:1940
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:3688

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{01F0C363-6B82-4fd6-8017-DDD5EC5223B8}.exe
                          Filesize

                          180KB

                          MD5

                          c0918c8ca739b3e56210f48be2c621e8

                          SHA1

                          9b62d8982a97b0a3422564d7db2fdd1b33801825

                          SHA256

                          d211a2a43d1ae47dd853d0b75a8238b66922c87d671a2047b66c71048ac525b5

                          SHA512

                          d154750b9656e25408721b991713f4d29e3598a62c5718703d07a57250939b353fbb7da637c505f6d0eb47ad40a2def3d9acd63a4eb35fdc943c94373519cbde

                          Download Submit

                        • C:\Windows\{0250B675-A806-4622-86E1-A8492CFD9EF6}.exe
                          Filesize

                          180KB

                          MD5

                          bc0ff541a9106bd8badf141d630260f1

                          SHA1

                          f748e065fdab72feab832d5b874d030ac9a2499d

                          SHA256

                          6ff76d7c8a5ff6bd73718c39202dae1cb81142eb5d9f7916db2a26fba1794afd

                          SHA512

                          46f6bd1dd61528bc6999e2fa1290abefb76abb128b761c4c090ad0b80874fc3ddd2b4112c33081515d89e5ea7e408057a8fcaeb9b1176aa607ecfedf3074789d

                          Download Submit

                        • C:\Windows\{3664E6B5-1852-4386-8E03-A5EF13827BE3}.exe
                          Filesize

                          180KB

                          MD5

                          cf7fcf17ea195bc0e196bc2fa405e1fb

                          SHA1

                          95a9134e0fe18f71914e99dc309d4db78e2553bf

                          SHA256

                          e53391d282b759e02b5c854c7de9852575755801f7f0e2bcaf306b47aeb77855

                          SHA512

                          8c276a140746a539c71a804d9cee69d0742904d9fd3e802453b8b0c53651f1303b6c156f37b043960006a2beeb930cee1ddf78ebfc0f4131469c072d212cf785

                          Download Submit

                        • C:\Windows\{367460B3-76F5-4249-930C-72CDF0A66BF3}.exe
                          Filesize

                          180KB

                          MD5

                          608e271538b1e00b06d0f7f7ececfb23

                          SHA1

                          bf5974007f38aa4ce19151e6f8e325e5ce2be04b

                          SHA256

                          30e72f5cf4db04814bd5676e1702390ec81142b617a911001b3135549c43e8cd

                          SHA512

                          fc2fa6576e32a5f73488428dd0645a9988e87aacd6309684ea211305a4f1eb007d022b254b64a671b75f47ffa3064061aa97fed75938940ce3f2880a2ae9fac4

                          Download Submit

                        • C:\Windows\{3BC13664-3F71-4e86-BF51-A54F92898DD2}.exe
                          Filesize

                          180KB

                          MD5

                          dc3d2137d88cb57a360e4b1578c54c28

                          SHA1

                          c78dc6890bd6050e36a1a7be26ce7208d52b72bc

                          SHA256

                          a0df258b04b034407bc500d2743d26938531cf15e7fd8352c91030a4a9ee1014

                          SHA512

                          b1fc5194aa59fe5b20723673958199addf220d750d946e3c851caa4f195898da5fe65c36fe6edaf6a7c2f1f9db6fbf30a0d991e8eedafccc8f9231d071c24330

                          Download Submit

                        • C:\Windows\{99F00ED9-89EF-4b9f-A5B2-75433443B8AE}.exe
                          Filesize

                          180KB

                          MD5

                          0feee34ecda5adedcfefc950ff69b6be

                          SHA1

                          42c733056b0105a2a354a942ed2d0d2d01ae72e4

                          SHA256

                          f5009e108c1e4bb50157b1df8b576178cc3cf2ff0285c43dbf0962605cbb545d

                          SHA512

                          21835d4e66bd48d3571b9004b0a0c072729a7810fa0febb0d341f19264cb888f63e968c8aa2dcb11731d30dd701c6cbdea9724fa010da0f784a8625230e5a879

                          Download Submit

                        • C:\Windows\{9CDEAB6F-D366-4258-A0E6-B5C985CED154}.exe
                          Filesize

                          180KB

                          MD5

                          23851af05b622a0ea7ed6422d79fe7e5

                          SHA1

                          a0f65d8f0c3b7e23d91a406e89007df4a4957e93

                          SHA256

                          e2d229ece10721ce88af61a0635ddaf92436b2660b50ca0003c2b90d4bf1693d

                          SHA512

                          e59fc4f58ddf808830924007d3f37f885319aeb3acd859727d0084dbf69dcd23ce5c036447fd56e77a3a0cba6a56d0ce118b11fdc985dabbccae3fd64265ee56

                          Download Submit

                        • C:\Windows\{BB5F1A7E-12EF-4cda-A624-9FEB1207F42E}.exe
                          Filesize

                          180KB

                          MD5

                          09cf6df1e80573286fb22adc1f448afc

                          SHA1

                          c2a5b64173f62fc9af019939baadc7e9e30cf882

                          SHA256

                          b436bbc0cd5b9fc6ffc96719278a7ec35920b27e7ba31000103bfbfe9fbfb5eb

                          SHA512

                          329a3ff4ad849de5b55da59da81a743ed070825534c3528b5ff752826dd33a39f10735dab022d08861fc38104039095f6d0e927d83c701f154cc640e70b20f6e

                          Download Submit

                        • C:\Windows\{C3CF2F20-EAAF-402e-95C8-6DEE2E2C282E}.exe
                          Filesize

                          180KB

                          MD5

                          cd96b866d78c383fb8ec3abf1901d287

                          SHA1

                          02dbb44e878b9dc63b3d283101433652e2fee416

                          SHA256

                          9f3155510d4ca3999a4665c84e6521500a281c2372fc75bda7f0debf40ca74d3

                          SHA512

                          1e26801de6189c472d3bc7f7f70dad3b378914e8a9e9e58fd6f125624936855e27a4e1009274f4fff7f35a3d681fcfc05b4fde3fa9ccc6fcf48b67fecf00c677

                          Download Submit

                        • C:\Windows\{EBB3E995-BE08-4edc-8241-7FA36071A553}.exe
                          Filesize

                          180KB

                          MD5

                          c6e5a765c5b04792c897f109103d4334

                          SHA1

                          a30722a2e52879a94fccdabe78c9962aff811499

                          SHA256

                          53fa59adb136e34ffca98830a9226128ef6049d9b0790b04d238c520cd301f21

                          SHA512

                          c1277d8e50aaeceb440ffa56ab3a82fac51d747c2d3cc587483e3d76dd5b82e2be473c990ede37236f9a96cf464eea0c9b18cccedbeaacb4762ddda282824fe5

                          Download Submit

                        • C:\Windows\{F2D6BAD6-43F1-4644-AAD6-18DA1C7C8C61}.exe
                          Filesize

                          180KB

                          MD5

                          70d5808e5f19a7adb4426dc93b8e629e

                          SHA1

                          401244888a209e1fb3b4f7c14b672871bbf797d4

                          SHA256

                          5e09daead2f9e1399a04e2ae5f895e2c22c7bff9879a435a70b470bbc991c8d1

                          SHA512

                          599719e01f19bae1caed831b92da73268f771ebe6833b57b3b85c7527cfe2228b570ca1a668a2b4f2c232fece6aa5a0c29989ee4e12157ad500a20fef5305b02

                          Download Submit