Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-19...ye.exe

windows7-x64

9

2024-02-19...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 03:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_824b3bd8c222fcdbc3e533c9c859236f_goldeneye.exe

  • Size

    197KB

  • MD5

    824b3bd8c222fcdbc3e533c9c859236f

  • SHA1

    6d8373ce4735a22ad1cf27660f01776c3624a48d

  • SHA256

    89cb50d7ef8764e6651f530632d972d9003683f06b28ac58be4048996ebe5c83

  • SHA512

    e0de70d5ac1e7528e3c5bb2eab13f21ed90f340ad32aa7f89a535655430aaaaf232923d6519fa741115d550c73569f2b74e06365e48f158f17086762799e17a1

  • SSDEEP

    3072:jEGh0oSl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGwlEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_824b3bd8c222fcdbc3e533c9c859236f_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_824b3bd8c222fcdbc3e533c9c859236f_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Windows\{05185A97-1A8F-40a5-BBB2-B588AB14CB3D}.exe
      C:\Windows\{05185A97-1A8F-40a5-BBB2-B588AB14CB3D}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\{476DD9C3-04E1-4045-ABD3-8B5FDB4F9D83}.exe
        C:\Windows\{476DD9C3-04E1-4045-ABD3-8B5FDB4F9D83}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Windows\{EB4AA939-95DA-4539-9217-9DCAAB4B62D7}.exe
          C:\Windows\{EB4AA939-95DA-4539-9217-9DCAAB4B62D7}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2580
          • C:\Windows\{1667A5B7-E47F-484a-AF61-37225B6D4631}.exe
            C:\Windows\{1667A5B7-E47F-484a-AF61-37225B6D4631}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2152
            • C:\Windows\{2BE12E3A-2FE5-4365-95EE-626ECFDB12C1}.exe
              C:\Windows\{2BE12E3A-2FE5-4365-95EE-626ECFDB12C1}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2988
              • C:\Windows\{A02D684E-CCC6-4bf0-A03E-91AF3C074A63}.exe
                C:\Windows\{A02D684E-CCC6-4bf0-A03E-91AF3C074A63}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:888
                • C:\Windows\{274F7BEF-A5F0-4465-8054-5209236072EB}.exe
                  C:\Windows\{274F7BEF-A5F0-4465-8054-5209236072EB}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2856
                  • C:\Windows\{468F7DD2-441B-43e0-B626-DFFA0F6D965A}.exe
                    C:\Windows\{468F7DD2-441B-43e0-B626-DFFA0F6D965A}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1308
                    • C:\Windows\{70DC48A6-D4A4-4060-A43B-803264A02811}.exe
                      C:\Windows\{70DC48A6-D4A4-4060-A43B-803264A02811}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1672
                      • C:\Windows\{8D4C1D97-501B-4be1-8E08-A0DB8075371E}.exe
                        C:\Windows\{8D4C1D97-501B-4be1-8E08-A0DB8075371E}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2004
                        • C:\Windows\{636E2E3A-5610-46a6-A404-17E38180E451}.exe
                          C:\Windows\{636E2E3A-5610-46a6-A404-17E38180E451}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2756
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8D4C1~1.EXE > nul
                          12⤵
                            PID:2540
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{70DC4~1.EXE > nul
                          11⤵
                            PID:2260
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{468F7~1.EXE > nul
                          10⤵
                            PID:1680
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{274F7~1.EXE > nul
                          9⤵
                            PID:1468
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A02D6~1.EXE > nul
                          8⤵
                            PID:2016
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2BE12~1.EXE > nul
                          7⤵
                            PID:2852
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1667A~1.EXE > nul
                          6⤵
                            PID:3012
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{EB4AA~1.EXE > nul
                          5⤵
                            PID:1032
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{476DD~1.EXE > nul
                          4⤵
                            PID:2620
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{05185~1.EXE > nul
                          3⤵
                            PID:2348
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2396

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{05185A97-1A8F-40a5-BBB2-B588AB14CB3D}.exe
                        Filesize

                        197KB

                        MD5

                        81fc64e93828a1f65d667f94b7f0a0be

                        SHA1

                        d2d5b63530e6078d7380369669c26c54080dfc4b

                        SHA256

                        f18e5ad19892ead33e7b023a90ca9138eeab5b7110b2078dd26abb0ea9d30ce5

                        SHA512

                        13337a6e155231aa57618fae561d9ecaef68074c8d5872e6533e976cd834fb8f26d0f7705146571e055e159590751076d4b5e73807a5a5ef62ae855c3c0637c1

                        Download Submit

                      • C:\Windows\{05185A97-1A8F-40a5-BBB2-B588AB14CB3D}.exe
                        Filesize

                        173KB

                        MD5

                        8446909832e4a17440ce674bfe060da2

                        SHA1

                        918e207bd1933892ab7c1dac5a28bdc652dbc55f

                        SHA256

                        267e58cb9e0a6cf7c673df03300de664c83b3d36d2ddf88da0380ce17e2d5e15

                        SHA512

                        e6349fea615149c34c55e60b96feb44b50f36f8e14dda91d7c60f78f194cbf000dd19942c64eca988274edebc701a07208843c70c66167712a0dc23bdcdfc1ac

                        Download Submit

                      • C:\Windows\{1667A5B7-E47F-484a-AF61-37225B6D4631}.exe
                        Filesize

                        197KB

                        MD5

                        58363e5483815be9e3a13913c2077381

                        SHA1

                        2d8721ed71bfc17f06fffd3a3ee15dbf361e3d00

                        SHA256

                        4489171b6548d9271b208d65a3767da776040fc67be584bd50e497ce511e8e35

                        SHA512

                        c98adfb29d4c6448a2a631b0fd6d1635f328bce8c5f7f6aa679d5f74e88d6cb8810c1406e021833d963fe8e5a5890c561a9c0e3d56651c41f82f9bde23041858

                        Download Submit

                      • C:\Windows\{274F7BEF-A5F0-4465-8054-5209236072EB}.exe
                        Filesize

                        197KB

                        MD5

                        27a7f3d5abc5207d39c00cf031c9116c

                        SHA1

                        b477310843fbf96a2cc014cfffe19b2dcc7b6756

                        SHA256

                        3e4529f5820841242ef931dd45fbfa7445547e6a4607359410bbb7feb8c8e438

                        SHA512

                        236ec8311d2c73ab18d8316c54388ae9653e4c8e69b50c931d9c7c3aeee009262e745df59c95193a40ad15b084587e9520cec6053a6a5e593fce23438655df3e

                        Download Submit

                      • C:\Windows\{2BE12E3A-2FE5-4365-95EE-626ECFDB12C1}.exe
                        Filesize

                        197KB

                        MD5

                        3897ae86446d9a43baa2878d8e001af1

                        SHA1

                        134465ad92cc4517c6ba09fbc2601bd9d71b4971

                        SHA256

                        513bce5c1d1327de2ad97e9b34b996171fccfd6da17f1e970803e06734954a91

                        SHA512

                        8bc7f36a820e06285cf5614405aaef1344921c9f14000e49c27e9528ff9bbc5bd6721a05194493fed201c97a1028a01c2178949032d6fabb790b2c0a987d140f

                        Download Submit

                      • C:\Windows\{468F7DD2-441B-43e0-B626-DFFA0F6D965A}.exe
                        Filesize

                        197KB

                        MD5

                        2ee408799d3d057e83b40d66300753b9

                        SHA1

                        5471db481f0655d0d1933ce3685feb0604729f0a

                        SHA256

                        746475d14d1f6e6ac15db02a6d989b1588d060dd0d122d052eae42d874341cae

                        SHA512

                        e32d05ad6ab7d3599208f81633e3468c1e52adc5c353dfc94f59f85f47a0d6fb6e78f43407d104e844c57c072b9025281ec1cf12080d9df903df29a6bc9f4440

                        Download Submit

                      • C:\Windows\{476DD9C3-04E1-4045-ABD3-8B5FDB4F9D83}.exe
                        Filesize

                        197KB

                        MD5

                        fc0a546b0c985360f7cd83adaf715704

                        SHA1

                        90d89ec1e562b4b5e0f1f1b9cfffd90da9c1d0ac

                        SHA256

                        d915d4aea9420bf7ba0af87bdfe30bc5f520bd9b26bc805ef9fc04af07e66354

                        SHA512

                        204f4070bf0c78ae20581f8a11a0d6bd2dcfc9b71a389b9c95b328910eb60a00c0a903fa087f2509572769811f75ea3068a8c5a0ced2fee6955c0cad3d591673

                        Download Submit

                      • C:\Windows\{636E2E3A-5610-46a6-A404-17E38180E451}.exe
                        Filesize

                        197KB

                        MD5

                        086ac28f0882f7f2da38275c34ad4a75

                        SHA1

                        5a926acde0c47240ac49b346392e6f467d210a2e

                        SHA256

                        382d423412f2a705b0ce78b1b8f707391108c48e316401d881cfc325ca60955e

                        SHA512

                        c04e699ede320c20d4ddc4622f46db0b0d65c376c2161929b9733625189f7f9c3fb4f14b980890535f832036623d64e08c7eccacb1af5809ef86f6549b043c34

                        Download Submit

                      • C:\Windows\{70DC48A6-D4A4-4060-A43B-803264A02811}.exe
                        Filesize

                        197KB

                        MD5

                        dd6911f0ee05b40e100d8aa47998dc16

                        SHA1

                        ba12aa9c972089995c579240616f4832e4acd480

                        SHA256

                        250e9caf9b401b35b35d3ab2349610d04068afe655b1acfa8d1a179c81de63ee

                        SHA512

                        aa8999f83749e3a44186b25b1690f937d94a250d15163c68b4ca4e09d1cb54668bdef7742c2d66416a0d1c7a988c3ae38c5cc0fed55a959634761daa31a7c012

                        Download Submit

                      • C:\Windows\{8D4C1D97-501B-4be1-8E08-A0DB8075371E}.exe
                        Filesize

                        197KB

                        MD5

                        b02c482e7e7533a044d73706225586c0

                        SHA1

                        9f5a4b98cf16c468d66f0cdeab2e87ace8dad302

                        SHA256

                        fccc44fc52ea2f460e7fbf0e0cd3c4ba7d96cd38564906d58cdcace8a01da0f2

                        SHA512

                        78ebf573b4ceb8aa4a67d4afb5055df61ba8507a007ce124d2c4ecdb4cf4cb43c01d9c3e203a5e4a4c3cdaa836819cbd4ceaef5a4ecce22163312c557833397a

                        Download Submit

                      • C:\Windows\{A02D684E-CCC6-4bf0-A03E-91AF3C074A63}.exe
                        Filesize

                        197KB

                        MD5

                        d5c1ee68f754f327b0e60e034a99b344

                        SHA1

                        a2a2ba42ed52872a056468200a122914cc99667e

                        SHA256

                        ac497799405d791b9361a0deae7d9919e86d2cd773ce6ddab2c43f962f4b0242

                        SHA512

                        f22f9e4b61e9bb0bcc346ad2ef5fdbcb3a30cab90765cc3b25660a0791e9ecde335cf6420a1abff7e83b547cea0c39c14b8b78ae41676e46045929b5c5db6251

                        Download Submit

                      • C:\Windows\{EB4AA939-95DA-4539-9217-9DCAAB4B62D7}.exe
                        Filesize

                        197KB

                        MD5

                        67dda83fc1f56dc49711a98492512974

                        SHA1

                        c1784dc6740cfd20b83833e6e5bd89335b7f3ed8

                        SHA256

                        dd375901198c77af2deeeef0c25e2d56e2594b4e7f7db2edcad402fe3cadca8f

                        SHA512

                        bef75d0c7751bf0d93bcb4714f79d7c23581bf475df866314b1a4ac759ecb9b418754c582ea8e8a60d5919068b2e81af58c98b2a1bbc1de685d591b341570d46

                        Download Submit