Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-21...ye.exe

windows7-x64

9

2024-02-21...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    162s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-21_6a9af0b6e639d9980880308b947e7d8f_goldeneye.exe

  • Size

    380KB

  • MD5

    6a9af0b6e639d9980880308b947e7d8f

  • SHA1

    b2daa996d4643c047d99bfa7b24702d5eae2767b

  • SHA256

    9f45b969c0cf639c63420fc32dd732ef2234281b7e716b1d69edd3f33d213bb4

  • SHA512

    c288bfd66784c26c04186f2a1f3be24796bfa52493031aff6ea59fd23f2bd3af8da62d30b7599e9334e8370377b2e04baa320338db05d36da47349ee88b0b196

  • SSDEEP

    3072:mEGh0oIlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGOl7Oe2MUVg3v2IneKcAEcARy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-21_6a9af0b6e639d9980880308b947e7d8f_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-21_6a9af0b6e639d9980880308b947e7d8f_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Windows\{47CD645A-D79B-4a92-B44B-4B06362228DF}.exe
      C:\Windows\{47CD645A-D79B-4a92-B44B-4B06362228DF}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:860
      • C:\Windows\{97E231B6-72C4-46e9-A588-8755A8CF668F}.exe
        C:\Windows\{97E231B6-72C4-46e9-A588-8755A8CF668F}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2660
        • C:\Windows\{D32A66DE-1CE6-42df-B11A-157B9D52202B}.exe
          C:\Windows\{D32A66DE-1CE6-42df-B11A-157B9D52202B}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4652
          • C:\Windows\{81CC9984-D239-4003-B847-C81DA534F0B8}.exe
            C:\Windows\{81CC9984-D239-4003-B847-C81DA534F0B8}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1452
            • C:\Windows\{3BDB1564-7B9A-42eb-B41E-4EC17B97CE15}.exe
              C:\Windows\{3BDB1564-7B9A-42eb-B41E-4EC17B97CE15}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2412
              • C:\Windows\{104F4DCD-8D5B-4899-B43C-65359BE6E977}.exe
                C:\Windows\{104F4DCD-8D5B-4899-B43C-65359BE6E977}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4892
                • C:\Windows\{E5B491F0-9BB3-4771-9ACF-AAB18F2D54D2}.exe
                  C:\Windows\{E5B491F0-9BB3-4771-9ACF-AAB18F2D54D2}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:3160
                  • C:\Windows\{EA28F2F2-F0FE-4fa7-BFE1-FF97C35FCBC0}.exe
                    C:\Windows\{EA28F2F2-F0FE-4fa7-BFE1-FF97C35FCBC0}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4296
                    • C:\Windows\{0FAE959D-B7CC-4aad-B777-0D9E371A8802}.exe
                      C:\Windows\{0FAE959D-B7CC-4aad-B777-0D9E371A8802}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:228
                      • C:\Windows\{D3CDD7D7-8928-43b0-A9FA-976037F99136}.exe
                        C:\Windows\{D3CDD7D7-8928-43b0-A9FA-976037F99136}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4992
                        • C:\Windows\{8B01A7A5-12D7-4d10-910C-CAC400879EBA}.exe
                          C:\Windows\{8B01A7A5-12D7-4d10-910C-CAC400879EBA}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1576
                          • C:\Windows\{453796C1-1476-4261-8E0A-A806CF13EA71}.exe
                            C:\Windows\{453796C1-1476-4261-8E0A-A806CF13EA71}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:5096
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{8B01A~1.EXE > nul
                            13⤵
                              PID:1496
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D3CDD~1.EXE > nul
                            12⤵
                              PID:4524
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0FAE9~1.EXE > nul
                            11⤵
                              PID:464
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{EA28F~1.EXE > nul
                            10⤵
                              PID:4868
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E5B49~1.EXE > nul
                            9⤵
                              PID:4292
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{104F4~1.EXE > nul
                            8⤵
                              PID:2576
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3BDB1~1.EXE > nul
                            7⤵
                              PID:3892
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{81CC9~1.EXE > nul
                            6⤵
                              PID:2080
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D32A6~1.EXE > nul
                            5⤵
                              PID:1040
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{97E23~1.EXE > nul
                            4⤵
                              PID:2876
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{47CD6~1.EXE > nul
                            3⤵
                              PID:4144
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2952

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0FAE959D-B7CC-4aad-B777-0D9E371A8802}.exe
                            Filesize

                            380KB

                            MD5

                            bf8e84b0f0a7f45a65d9e074e9ee3d2b

                            SHA1

                            dfe0d4631a814bdb7d57606f08da726c79bbf152

                            SHA256

                            9c557b58bd2817b026d1be751cc584eb1772f57fea9127445e6a61c787a371ca

                            SHA512

                            3e9c92749871e44b55e7bdfc4f8cb29b8ed6d453615022bf389e6dc2ed75621cf1e327b48b964132475c5799b7a17af832dd2e0f12d83b163a9ecda27eaa3e5a

                            Download Submit

                          • C:\Windows\{104F4DCD-8D5B-4899-B43C-65359BE6E977}.exe
                            Filesize

                            380KB

                            MD5

                            90c3dea12b66f52595c75a4c557fae5d

                            SHA1

                            5179b515830265b0d4dbfc27161736ffebc3cc0f

                            SHA256

                            f77a9b3c9b379a346df9f9f5ec07200f873e948eba42a4737f4c4a4f02e0e7ee

                            SHA512

                            858076afe889984dab008800fbc275f77921b1ca23995aacd015b85953ab4a506a8a0bfed064fe83ef3cb13adc9d15038d8a0e49ea3ca9073c77c32ffd234963

                            Download Submit

                          • C:\Windows\{3BDB1564-7B9A-42eb-B41E-4EC17B97CE15}.exe
                            Filesize

                            380KB

                            MD5

                            c59b279a01859d3ae16c7d46cc9c6aff

                            SHA1

                            a380b3dc026e3610cf5c18a86f1abd67bee78522

                            SHA256

                            228d04e1f8d7020601a1559e6f6903e02c3e22f094add9dd8692cabc9527dd96

                            SHA512

                            b25d6f478200aa35058c912d041e15120324128687934192fe5fc86ffdf26c4cdd6646b6bd2f9f6ec0e01b4ebebb64267bd4e03c76d38c4403804b568624ac30

                            Download Submit

                          • C:\Windows\{453796C1-1476-4261-8E0A-A806CF13EA71}.exe
                            Filesize

                            380KB

                            MD5

                            9c44a0ad71a2213c50180873ed26d67b

                            SHA1

                            2ca9133521118b67d16e31fbd9a8a997e715d241

                            SHA256

                            21ef717573e75905aa495812f725e2c6b316b4a5ca193b4ebcce49bb320a95f9

                            SHA512

                            e6829dd2e822a519d7d0658d03ab802c8b080906f41453b1a7e3bba70232a524b2c74e176e29e1f08a9b6e1ff0fccc98dedbf2c9043981dcb10adf6bd9fa8c60

                            Download Submit

                          • C:\Windows\{47CD645A-D79B-4a92-B44B-4B06362228DF}.exe
                            Filesize

                            380KB

                            MD5

                            1f238ce674457e7867fa1c2b6bdd846b

                            SHA1

                            908b4060921525f9f7411acfd4e51e4e7df3c0fd

                            SHA256

                            be465f2f034ae5fe62be516a3f06b12a23baa6fa3e3a9e996e30f4e8844551df

                            SHA512

                            aea841ccf17eeea5919f49160c26cd29c98da778181709dc1d88991a44524475b052e96beb1b8bd1e6071a802860d22fd05b28c35cf199ec3dd52cbc26ff3328

                            Download Submit

                          • C:\Windows\{81CC9984-D239-4003-B847-C81DA534F0B8}.exe
                            Filesize

                            380KB

                            MD5

                            61caa13cdab5579b1fecd7997bdf59c1

                            SHA1

                            91ca414081c2128c1964b34160ece14b8666a1e7

                            SHA256

                            db12d0bc7b8cb90b12c6e079780b4bce047266ae45a9f53276b489d68764b2ca

                            SHA512

                            91034c955a35be7da5adeb1be4f045b8bf0cbb80f8f47125b3b03d47d5b4ad05af9034c04082715e43faf8e18d9b0c4819c3438c169c627740a692c54bf0bed4

                            Download Submit

                          • C:\Windows\{8B01A7A5-12D7-4d10-910C-CAC400879EBA}.exe
                            Filesize

                            380KB

                            MD5

                            60e737695fe88aeee8ce7d84664c8775

                            SHA1

                            e0e33731d78172b3fdd85ed08b9f054e11c1dda1

                            SHA256

                            7337417264eff61887d915eff268c20aa76c54e7bb53f563eb78aa3f2dd761e4

                            SHA512

                            b107314ce3cf72f371152abc6efaf37af9c266ba9e86c7530edab4d015053c86ece888a042e75e5d8c128876693e1bca64c00779b7e70bedd5b04a62152d09e1

                            Download Submit

                          • C:\Windows\{97E231B6-72C4-46e9-A588-8755A8CF668F}.exe
                            Filesize

                            380KB

                            MD5

                            d04b88957b16e1a8114323727d2fae42

                            SHA1

                            cba45c9f55b5560cd3efeacadddfd6610f16faa4

                            SHA256

                            b85a8b6dc0716f8ecf941460371f5c8a08d51056187cd2ad172bd60e8430fb30

                            SHA512

                            73ed5162a240875f24dda3256bc38228827c2495bd9a0c8d309436da14d5e6bc0decb1e9a4801161e7ffaee597cc29d6e911b3827cd22b45b6964448fcb12182

                            Download Submit

                          • C:\Windows\{D32A66DE-1CE6-42df-B11A-157B9D52202B}.exe
                            Filesize

                            380KB

                            MD5

                            9176270b7597a8271495374295b7be51

                            SHA1

                            7ad954a0d1cc062440477b4ae57d6ac61f4f8ca6

                            SHA256

                            df92b8653ad105576ceb0d9a2fd795f9e4109dbb18e94de518ec945f14438562

                            SHA512

                            4155cfbbdf989eeeca2329f1f4566c8375abb775a7f7528dfc3b9cb29f81a19ea1fc630164c8eb4aa764dab408c2dfd6bb649d17768b60677f028486fa853e03

                            Download Submit

                          • C:\Windows\{D3CDD7D7-8928-43b0-A9FA-976037F99136}.exe
                            Filesize

                            380KB

                            MD5

                            4c8089043083357265991e5a56b4a405

                            SHA1

                            ba2cdda9c8f5b8f72cf37f44d8cbca9540f539fd

                            SHA256

                            73c462ae2d6be663b61c406f17e0112224ea129a31f4444c36033af52df3e55c

                            SHA512

                            c991ba3066e9816b9f207a1fc9f7fc7bbf7c7d2fc9e0a86ce82162e60dcf4f3f19325c6eafa3225309b2a06543708f643a859284bc0f7751adb9caf8eed4517a

                            Download Submit

                          • C:\Windows\{E5B491F0-9BB3-4771-9ACF-AAB18F2D54D2}.exe
                            Filesize

                            380KB

                            MD5

                            f66a601015fcd38397524ee0d37fe880

                            SHA1

                            3c2558d840fd119fa0b05e7a83713b6a767fa63f

                            SHA256

                            04231ffc8b493e811e4b07619eb21fd3599a2fbd9b683c24038ec7a81d6d34f2

                            SHA512

                            bd3ae6ca92c7517ab1102346bd85a4fd0324b215cf96cf6d1d3661a81d1ded95f163b73319d1d387bfce3fc4f6c535b9c451d9905cffd9ed323dc57b98fb7122

                            Download Submit

                          • C:\Windows\{EA28F2F2-F0FE-4fa7-BFE1-FF97C35FCBC0}.exe
                            Filesize

                            380KB

                            MD5

                            62fc37c2fed28edc841e72e02a61a79f

                            SHA1

                            98147aa82c101c841ab1489627c5c74dcf47e657

                            SHA256

                            3970e8b1cb8dabe6755120e04afcc8f71c10f37e5305467b921c66ec9b450349

                            SHA512

                            1ddb1f2f3c085a2f6fa0c53cc59caa21b79346a95c18b6621d9074f906906ed01b32dc603a8c8f0c29b941a31a8a6afebf272953213cea7f246e687f6642608a

                            Download Submit