Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-19...ye.exe

windows7-x64

9

2024-02-19...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_53c449c5307d19634656a1f4b52cbdd7_goldeneye.exe

  • Size

    408KB

  • MD5

    53c449c5307d19634656a1f4b52cbdd7

  • SHA1

    b963f4e3218a62eb09a08824b9f1ee4f27308627

  • SHA256

    ed6408bf498f7605be9705172a2d9fcca7c90200fdf838f3d0611e259fa63997

  • SHA512

    19bc6dd188ce56524c10639a6725084692222fcea28d600f60fae9f7cafc2b4546d1e751f81bcadcacad276ac26f2b07a88f8149fdc15d90c42d63468951270f

  • SSDEEP

    3072:CEGh0okl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGCldOe2MUVg3vTeKcAEciTBqr3jy9

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_53c449c5307d19634656a1f4b52cbdd7_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_53c449c5307d19634656a1f4b52cbdd7_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\{058DAFBC-CA4F-4ee4-9364-52F2A9616DB5}.exe
      C:\Windows\{058DAFBC-CA4F-4ee4-9364-52F2A9616DB5}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1092
      • C:\Windows\{C7E998A2-FB75-4dfc-BAC4-FA0240AC1CC9}.exe
        C:\Windows\{C7E998A2-FB75-4dfc-BAC4-FA0240AC1CC9}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2104
        • C:\Windows\{8605C2E1-BED7-4b10-BE48-990C1834C4C0}.exe
          C:\Windows\{8605C2E1-BED7-4b10-BE48-990C1834C4C0}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1984
          • C:\Windows\{1A23F58B-9ACB-45fb-88C1-BD02A4CD3072}.exe
            C:\Windows\{1A23F58B-9ACB-45fb-88C1-BD02A4CD3072}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1980
            • C:\Windows\{0752C483-13E8-4f90-90E0-7D0A99AC0B2D}.exe
              C:\Windows\{0752C483-13E8-4f90-90E0-7D0A99AC0B2D}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1988
              • C:\Windows\{08A8420F-128E-4222-AB77-B9144701F389}.exe
                C:\Windows\{08A8420F-128E-4222-AB77-B9144701F389}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4460
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{08A84~1.EXE > nul
                  8⤵
                    PID:2556
                  • C:\Windows\{F3AC7129-A174-4d56-ABF3-D9B5F7C479C9}.exe
                    C:\Windows\{F3AC7129-A174-4d56-ABF3-D9B5F7C479C9}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:3616
                    • C:\Windows\{A293211C-C249-4244-A713-CE9EB707DAF6}.exe
                      C:\Windows\{A293211C-C249-4244-A713-CE9EB707DAF6}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4632
                      • C:\Windows\{C86E8A57-92B9-4f82-83E4-7B1C4245AECD}.exe
                        C:\Windows\{C86E8A57-92B9-4f82-83E4-7B1C4245AECD}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4708
                        • C:\Windows\{3F7D6852-C7B7-4550-8621-6BA286C8F375}.exe
                          C:\Windows\{3F7D6852-C7B7-4550-8621-6BA286C8F375}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:5088
                          • C:\Windows\{6E2FAE55-9715-422a-A45A-55EC6A31F1BB}.exe
                            C:\Windows\{6E2FAE55-9715-422a-A45A-55EC6A31F1BB}.exe
                            12⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1976
                            • C:\Windows\{0183783B-A5DC-4ec1-8C8E-F5C090DE3D44}.exe
                              C:\Windows\{0183783B-A5DC-4ec1-8C8E-F5C090DE3D44}.exe
                              13⤵
                              • Executes dropped EXE
                              PID:3100
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{6E2FA~1.EXE > nul
                              13⤵
                                PID:3436
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{3F7D6~1.EXE > nul
                              12⤵
                                PID:2536
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C86E8~1.EXE > nul
                              11⤵
                                PID:4004
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{A2932~1.EXE > nul
                              10⤵
                                PID:4920
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{F3AC7~1.EXE > nul
                              9⤵
                                PID:4488
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0752C~1.EXE > nul
                            7⤵
                              PID:2144
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{1A23F~1.EXE > nul
                            6⤵
                              PID:3956
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{8605C~1.EXE > nul
                            5⤵
                              PID:648
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C7E99~1.EXE > nul
                            4⤵
                              PID:220
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{058DA~1.EXE > nul
                            3⤵
                              PID:2844
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2980

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0183783B-A5DC-4ec1-8C8E-F5C090DE3D44}.exe
                            Filesize

                            408KB

                            MD5

                            a4708030c4bdae38ca3118aed1a428e4

                            SHA1

                            f6456428e126509fcb4a8f420cb5ad88c86a1c82

                            SHA256

                            eec539a0a0d41fc28bd8cf821f15b31bd547812599863d354f784068797b19f3

                            SHA512

                            b370b6b3bce61664aafb40ff9967543bb89b271355d0c16272362901b7fbfeefe64bd179c78df2113eac9bf82c25ff27c34654e28157ccb690919cf17bf106c0

                            Download Submit

                          • C:\Windows\{058DAFBC-CA4F-4ee4-9364-52F2A9616DB5}.exe
                            Filesize

                            408KB

                            MD5

                            9b7a82f8c9c8782d7889f707a8d9e4b3

                            SHA1

                            adaf8fe2f1abc83b684ec40a1c2d954fbe4d9ce4

                            SHA256

                            e86d07f9bed45badefdef1bf6d4060b69541ee4921611edd5047696cf7cfe096

                            SHA512

                            33584efa9aefbfc439d190d35c1275b4f331976b33221d033a347caa6b9d8ab254cdb3a6d0c8d6e745c950840109c27da51c1dcc74610225845ef280c204ce18

                            Download Submit

                          • C:\Windows\{0752C483-13E8-4f90-90E0-7D0A99AC0B2D}.exe
                            Filesize

                            408KB

                            MD5

                            ae94c4188dbc5fb8bf54025f74010692

                            SHA1

                            6b9175871f8538893857e01d9772347cf3f1b2ba

                            SHA256

                            8211466822722d5d9dffa09c13693b7ecc6104dee7b52ea9ff48b66bebaccd3d

                            SHA512

                            da382f10f80feab83ecae47c07d0594d51c5d369c16a7f5dfb745bb0c07d2fbc6d6bdf5159334b4a40535479d99625e4bb1ac8f7d326864df884a8b25c70d13a

                            Download Submit

                          • C:\Windows\{08A8420F-128E-4222-AB77-B9144701F389}.exe
                            Filesize

                            408KB

                            MD5

                            800fff30e06aa68b1bbaed457e5cdce3

                            SHA1

                            2d08fc9cdbf797a4aa1da781c3d3ea795fb6ae5d

                            SHA256

                            925ed0dee9f599d3930735a14933086df24c7a2e75c7802c437d907ebf674edb

                            SHA512

                            c28ef7d1fa0008bbbebc742459debe5ee80d02a35839b1ba65d24ccbfb74071910ce64c4a368a100a3998bff6020580bb92865ae5282a3d824b05c0ac81d37ed

                            Download Submit

                          • C:\Windows\{1A23F58B-9ACB-45fb-88C1-BD02A4CD3072}.exe
                            Filesize

                            408KB

                            MD5

                            0031ed847a562bdaf34e0c413d1c9198

                            SHA1

                            43050ee8b596fa10e6ecdf53326dac5e2e8a336d

                            SHA256

                            9ddc0eb72deb2ceaf9b44b248218730ddc9b9c679ad675f8759b89a13d37002a

                            SHA512

                            aaea119a72dbc8460869f407188b968272e8682b47f32a2791a34f9116cfa7123c9bfce4408c501db620a4bd3ac6de8d0a4981511a9d54fbad54f957d7b8aadc

                            Download Submit

                          • C:\Windows\{3F7D6852-C7B7-4550-8621-6BA286C8F375}.exe
                            Filesize

                            408KB

                            MD5

                            44fe57cc5f2db09479a908c0f37a41b2

                            SHA1

                            6212fe26d22221cba38b6d57e4b8d3bd45b2706e

                            SHA256

                            5fe4ffb4fd7cc3ad5bc79085432f3b15ea0da97a3098f6841f61a8c6664c66ba

                            SHA512

                            29b298036c92f730e0b9a21c5bf42668629b3770b78f89823be85b3d77f92e0b320bc7f289df19e8a4ebb7da81b4dbdd47d739ae873135cd7cfcf8c7e003e350

                            Download Submit

                          • C:\Windows\{6E2FAE55-9715-422a-A45A-55EC6A31F1BB}.exe
                            Filesize

                            408KB

                            MD5

                            bd6c8ccd9aad4d50d1e0452fc466b364

                            SHA1

                            d171289a248e1016c654bfe27dbf8861254c6378

                            SHA256

                            b51b99b97d7312dbec3466ca286fbb21e91922cf428106195d4ac4bb0bc5f945

                            SHA512

                            af515338aa11ce55daf508170d7d9e070cc30f1a3509620b98426257e36c071648c01294875d8aa93deb4c89494782c1a3aef76a614d7e51548f11161346b70e

                            Download Submit

                          • C:\Windows\{8605C2E1-BED7-4b10-BE48-990C1834C4C0}.exe
                            Filesize

                            408KB

                            MD5

                            a0e91ee53b353b185b71382054f8bbf6

                            SHA1

                            7d08d6f2a264ba833e33074a69c2469ed48bfb99

                            SHA256

                            a9f688cb17e2e0dcfb1f71ea80430a5986e93d33fa556092581739f5a83d172b

                            SHA512

                            431ee43d7d6834d4b41e276bbaf03f05838061723b1c88c2c2241d5372c2e60d15ce132dd92194ca9c2a76161df21cc54b7ca2910a952f578f324c71efacead7

                            Download Submit

                          • C:\Windows\{A293211C-C249-4244-A713-CE9EB707DAF6}.exe
                            Filesize

                            408KB

                            MD5

                            3180bf08598fb60c636119e75680d3a8

                            SHA1

                            e096d1f5ea921bbeedcf4733a134c848647e4a80

                            SHA256

                            0dd1994f3cb90889429226ecd62721b8fd19c44fbed7d25d39f43c72884e28f4

                            SHA512

                            c70f5538eddb375273a9613adb27c555d5847318ed51d166cf3d096b289473710a5fbc68dc137b130ab818bdbcdcad1f7c5460903bcb7dab62efc07ccf0757a8

                            Download Submit

                          • C:\Windows\{C7E998A2-FB75-4dfc-BAC4-FA0240AC1CC9}.exe
                            Filesize

                            408KB

                            MD5

                            262d138c0401d3b57068eda0b69808d3

                            SHA1

                            87e8595d0611a81d68c26f37ff0c89a53148a7fa

                            SHA256

                            916457112416229045a75167da2404bb6d58dc6ffe282c9a327b75c7e81e31af

                            SHA512

                            a31a347f31eda8a16794108f5259a0d9ec372a59e6fb8d1661942df5df3fa39bb1671a10118d8b47a6e192639483351d61beca2ee2131f849ba5d8fff28c3dd2

                            Download Submit

                          • C:\Windows\{C86E8A57-92B9-4f82-83E4-7B1C4245AECD}.exe
                            Filesize

                            408KB

                            MD5

                            316c44f01098c19f82d5bceb11574e4d

                            SHA1

                            b8f9fb4354efd5d40d40bca2095cf79ecbd28072

                            SHA256

                            0f2674d8fe7ef72c52e94007eef80d805365862975c99428be43e903ac3c8c08

                            SHA512

                            cf734567166356e5e5f06e24a95c69b4204f9ae719d10534022574fa9942471be8d4524f78359c731bdb3f5e61a56e12a8687d552c59822e6d89dd8130095d58

                            Download Submit

                          • C:\Windows\{F3AC7129-A174-4d56-ABF3-D9B5F7C479C9}.exe
                            Filesize

                            408KB

                            MD5

                            4fcea612fad61b3b54f007df428d916d

                            SHA1

                            e9946d790b87cc04d788f454277e2880a399fefc

                            SHA256

                            1839d03a09a537c46dbda3e0ab642b6454537e1d362356be0912bf2d60ca8b26

                            SHA512

                            f9924e8054717ca07ec5064256dd60c37492ce57576ab6c9b584eb81b2e4f8c6d03a6e0199cce81df889bce24ff205488208344884ae0e2e1de4b314375fcaed

                            Download Submit