Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-18...ye.exe

windows7-x64

9

2024-02-18...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/02/2024, 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-18_24471f9a8df3f9edcb678263f3c7d491_goldeneye.exe

  • Size

    180KB

  • MD5

    24471f9a8df3f9edcb678263f3c7d491

  • SHA1

    594c5325cc31a26bd2ba29abb3cd8d85ad5a1df9

  • SHA256

    bdbd1f0d43f53a3fbf019381c0ccf661401fb7a6bba1914a6f3b400d1ca89480

  • SHA512

    6717618ea628c4eb7b99bd0af96d16577a9c88b8781dbe6d35ca4fbb30210577b04e5df1eddd250afa41247ec0ff4f6a36a81278c473e668d1986fe7ea3b50ff

  • SSDEEP

    3072:jEGh0onlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGNl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-18_24471f9a8df3f9edcb678263f3c7d491_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-18_24471f9a8df3f9edcb678263f3c7d491_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3180
    • C:\Windows\{B340EF08-2BD6-4205-A187-58A9EEBBB63D}.exe
      C:\Windows\{B340EF08-2BD6-4205-A187-58A9EEBBB63D}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1768
      • C:\Windows\{8F409A45-FC72-4470-83A4-DFEB06428E59}.exe
        C:\Windows\{8F409A45-FC72-4470-83A4-DFEB06428E59}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4864
        • C:\Windows\{40924F63-7C6E-470d-A4BB-9750F3AA3201}.exe
          C:\Windows\{40924F63-7C6E-470d-A4BB-9750F3AA3201}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5080
          • C:\Windows\{61C1EC8B-8F41-4beb-9DAE-8C6A253F4EB4}.exe
            C:\Windows\{61C1EC8B-8F41-4beb-9DAE-8C6A253F4EB4}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3132
            • C:\Windows\{C1BBA179-6BE0-47f0-BE4B-73C5B0C0F763}.exe
              C:\Windows\{C1BBA179-6BE0-47f0-BE4B-73C5B0C0F763}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4852
              • C:\Windows\{F5E27668-CEDB-444d-9947-5B554B0A9E0C}.exe
                C:\Windows\{F5E27668-CEDB-444d-9947-5B554B0A9E0C}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2460
                • C:\Windows\{60993E86-70C5-47ea-B07D-2DCCE5AC77FA}.exe
                  C:\Windows\{60993E86-70C5-47ea-B07D-2DCCE5AC77FA}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4776
                  • C:\Windows\{7B8A3068-C258-4f4d-B364-DBEEE1B85BCE}.exe
                    C:\Windows\{7B8A3068-C258-4f4d-B364-DBEEE1B85BCE}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2052
                    • C:\Windows\{230E22A5-0857-4896-870C-A6D674E9F0ED}.exe
                      C:\Windows\{230E22A5-0857-4896-870C-A6D674E9F0ED}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3212
                      • C:\Windows\{4B137BD1-B2F8-4a00-B3BE-6E8DF24788EF}.exe
                        C:\Windows\{4B137BD1-B2F8-4a00-B3BE-6E8DF24788EF}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:2076
                        • C:\Windows\{10A692B7-9CB2-407f-8E0C-BACD5C1C7FCB}.exe
                          C:\Windows\{10A692B7-9CB2-407f-8E0C-BACD5C1C7FCB}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4652
                          • C:\Windows\{452DBAD8-59BC-4261-BC57-09038BF31A83}.exe
                            C:\Windows\{452DBAD8-59BC-4261-BC57-09038BF31A83}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:3764
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{10A69~1.EXE > nul
                            13⤵
                              PID:1196
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4B137~1.EXE > nul
                            12⤵
                              PID:4988
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{230E2~1.EXE > nul
                            11⤵
                              PID:2780
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7B8A3~1.EXE > nul
                            10⤵
                              PID:776
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{60993~1.EXE > nul
                            9⤵
                              PID:4936
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F5E27~1.EXE > nul
                            8⤵
                              PID:4412
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C1BBA~1.EXE > nul
                            7⤵
                              PID:4084
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{61C1E~1.EXE > nul
                            6⤵
                              PID:1784
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{40924~1.EXE > nul
                            5⤵
                              PID:508
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{8F409~1.EXE > nul
                            4⤵
                              PID:4888
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B340E~1.EXE > nul
                            3⤵
                              PID:4648
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:3848

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{10A692B7-9CB2-407f-8E0C-BACD5C1C7FCB}.exe
                            Filesize

                            180KB

                            MD5

                            a3374321ecc96ddf7a7bcb3eee39533e

                            SHA1

                            e1d3bfb5dd1f6965e7a5bf6f3eb2c852ea032c86

                            SHA256

                            0d128eaf0e5fc5c22fb293036d13b25ee5824a1340d5e7fc51bf7c9ec346e573

                            SHA512

                            d1e81320bce88b678e546d38ccec720ffd7070c39d3d8f1678e2462a1201b5f4e8796ad4a4ea0eda0d6486d20ad4ca9f00e479d90caa7dd11d681534ba6e7fef

                            Download Submit

                          • C:\Windows\{230E22A5-0857-4896-870C-A6D674E9F0ED}.exe
                            Filesize

                            180KB

                            MD5

                            0d7d92b632bc2a54eb1ffb64c06cdf5e

                            SHA1

                            abeaeeb4bd875ad76d26139617a16891b749fe10

                            SHA256

                            16065e97b75f573477c46e47a691b728674145d92039f0bd26717db0ada98ba4

                            SHA512

                            2854ae250a2d761a083f333460fba3e712778db42abb96f8420be9f6128e1936ebbc35f01225b4289406d799c2d3fb18f2873381942e904d006df4344ef04644

                            Download Submit

                          • C:\Windows\{40924F63-7C6E-470d-A4BB-9750F3AA3201}.exe
                            Filesize

                            180KB

                            MD5

                            0f4104b972d7c1c4eaf26f7481726467

                            SHA1

                            466c60112dc53ef4263ba3164202f87222fddcb9

                            SHA256

                            07f914cd65d0d6ab681493f2c1702683acd5bb2ff0bd4327f7e8dff1ac32ab1d

                            SHA512

                            4ad5856a83ea32d5d4c8e6c737d36bb561f16bc3d632c041cc61ff5a9b7bffb8ce6cad00a9fffdac28e6ebcca2fc98b6a565d5b8b2759173222248a3d98d7e0c

                            Download Submit

                          • C:\Windows\{452DBAD8-59BC-4261-BC57-09038BF31A83}.exe
                            Filesize

                            180KB

                            MD5

                            10ac872a318f05478d5bca6413f3639b

                            SHA1

                            ef77a1cd9540aae0b153abdb5c254eba5f5cf99c

                            SHA256

                            85cb298e9c37857e2ecfb5f1d87d89e02aca650b17a0ecb6c56148cb013f09f9

                            SHA512

                            437387b55a5416d5d76cdd462ebbb5f9a4d634046c55f22d9f30d154e1e17c599765f4b4685919e83a7372bc260d6abc33501e1d45b0de0457957af2d6c310ca

                            Download Submit

                          • C:\Windows\{4B137BD1-B2F8-4a00-B3BE-6E8DF24788EF}.exe
                            Filesize

                            180KB

                            MD5

                            fb0937308764f18aa35d516d0d0723a7

                            SHA1

                            d817a43fe41c300349d6607190033e63278507ce

                            SHA256

                            c86db533aeba63645a50b53d68c3c5018b994a5897e13bf9dce655785c875d22

                            SHA512

                            5fe7ccbf4b19021179c7d8ed3e78d4e0ea345dd4022ca99c80bd3c15414c73446f0ddf5a4f2e6cc788efac13e975c053282389f606cc9fdaf23026d7234acd75

                            Download Submit

                          • C:\Windows\{60993E86-70C5-47ea-B07D-2DCCE5AC77FA}.exe
                            Filesize

                            180KB

                            MD5

                            30ebe5863f6ab127eb5ad017fd0586bb

                            SHA1

                            9cc5de75c635ee5843122167941cbd983694d135

                            SHA256

                            8f3b3dc285525ffc20be5ffd5bd52d822853f0013ca8ace844c0f5a522d92271

                            SHA512

                            8c05be015c3f07a420da1f95dfeba546d245b27ec58acd81f13a0ed2b7cb023d771dce5819e3b30e4f454f5043787c4c718a24ccbef6b67eb3b0ea8464f495cd

                            Download Submit

                          • C:\Windows\{61C1EC8B-8F41-4beb-9DAE-8C6A253F4EB4}.exe
                            Filesize

                            180KB

                            MD5

                            cc6ad5e5339c89cdbfa9ce423d633f7e

                            SHA1

                            3ed1f0c4b67f905008cf03db69e5f977faa48add

                            SHA256

                            47a3e0fcdade1bf71babfe1d8cf9b8aaafd826c1e9086c28b0f1a071bbc6128c

                            SHA512

                            298d3b0532b81ba4ca422488d2a539aeefb058987f5b7771820a19809fc8e7eba6b903761454b67acdb04b39e936c452a248b38834e51580d8e2ef92c54a2f87

                            Download Submit

                          • C:\Windows\{7B8A3068-C258-4f4d-B364-DBEEE1B85BCE}.exe
                            Filesize

                            180KB

                            MD5

                            aefd3576b21b7208c939f01f146b3a76

                            SHA1

                            a55f1c711b59db789326e7536ece53e6148ba5d8

                            SHA256

                            f5b4c99bead71f151d3faa48666df80e33eb3662b3b490e17f8ba9f77f64e2aa

                            SHA512

                            82935ecd6f06c036ac690f2d5b560461bb3180aa37a1c70d8746d6836597251d0a9fde81821b4b9bf15e6a5696beff8b85ec31619715ef28d8af758684a4696a

                            Download Submit

                          • C:\Windows\{8F409A45-FC72-4470-83A4-DFEB06428E59}.exe
                            Filesize

                            180KB

                            MD5

                            21d71cb001ccfe17f21329ae5f8d4b31

                            SHA1

                            5178f36ee4ff65858d11b67d45525f02943ee142

                            SHA256

                            a0657d949d338760bf9222bac6a90fb223cc65d1a8de2b2d491d2d5a7595b17e

                            SHA512

                            330a44510868e491716984614fe32ef97dccd89ec41c473eb136578a9f45b00922b1e2bf1fc35484d9343bbb3675c85fc2b3d6dc348598a60e31cf8af1d4b311

                            Download Submit

                          • C:\Windows\{B340EF08-2BD6-4205-A187-58A9EEBBB63D}.exe
                            Filesize

                            180KB

                            MD5

                            fdf325b9f9f01379b952917504e63a31

                            SHA1

                            29590437456cf7d3b78e79a81dff2dedc642903a

                            SHA256

                            9f5cba783f72b65ba73a591150965da33dc742278fd4744bd3c9447c6b05cd36

                            SHA512

                            07ca10845c9df2784665d42c27500b6af34ef62d977957f5f8e962bda2ad1a4ef9ed77b145508849c68f156808a136cbc967a529e0d0f4cf5a4ac24888274f1e

                            Download Submit

                          • C:\Windows\{C1BBA179-6BE0-47f0-BE4B-73C5B0C0F763}.exe
                            Filesize

                            180KB

                            MD5

                            e31a906b48d92177dc1e3acb7450208e

                            SHA1

                            6a66eb9539d7cfd4b14cbd3d81f80f25670969ab

                            SHA256

                            0618baf99eb24be817d6a914ee9e9889605583ac4e13320ec358c18ba651c953

                            SHA512

                            0f87f9666ee44cf78e86d274460bb83ba1d77d90372e6a63175c395ff768b5b7122d76f906f23d39bfb94978feab84aaa6e4061a4b592a3c9ce4a257db7c44f7

                            Download Submit

                          • C:\Windows\{F5E27668-CEDB-444d-9947-5B554B0A9E0C}.exe
                            Filesize

                            180KB

                            MD5

                            f277af7d9ee4fdcd7563db61095fdc00

                            SHA1

                            85620bf4b7ab77b040ecc96200c2d5d505a084dd

                            SHA256

                            86980e62d1fc429410bb32a7f153a540ed55c3f7f2d8b43ee1650c79af184edb

                            SHA512

                            55c712fb25a022b3106c88c4f0897f0754fda9b654480f6f89c3a7d23849091f4041547ff30da747ae110167a3dc7c24bf7268e408c136a04ee0b4a44af28d3d

                            Download Submit