Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-23...ye.exe

windows7-x64

9

2024-02-23...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_4f6c09e04013bf5246d5d2b728161717_goldeneye.exe

  • Size

    197KB

  • MD5

    4f6c09e04013bf5246d5d2b728161717

  • SHA1

    58f618fd92edbc8825b3043f8b617df33f277396

  • SHA256

    192c384d910f442f1a8969223d0abc2f6f18360d453d0de6476cd3501c7f5798

  • SHA512

    b44678e9d57765be335502fb68ff2f5ca1addbc684abfbfcbc31a307dce10094a9c001b50608608dbabde48cec765259e8bc10de35bd088348eeca336e7914f5

  • SSDEEP

    3072:jEGh0okl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGmlEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_4f6c09e04013bf5246d5d2b728161717_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_4f6c09e04013bf5246d5d2b728161717_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Windows\{923D457B-D5A4-4c7c-B136-52D828C9D4CE}.exe
      C:\Windows\{923D457B-D5A4-4c7c-B136-52D828C9D4CE}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Windows\{D70F30D8-DCA0-46e4-B398-7FFC3027F581}.exe
        C:\Windows\{D70F30D8-DCA0-46e4-B398-7FFC3027F581}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3024
        • C:\Windows\{5DB84009-CD15-4d6d-ABCF-EF9F1369CAD0}.exe
          C:\Windows\{5DB84009-CD15-4d6d-ABCF-EF9F1369CAD0}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2544
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c del C:\Windows\{5DB84~1.EXE > nul
            5⤵
              PID:1664
            • C:\Windows\{85306343-1C1B-4e98-BB6D-B9BB78FF26BA}.exe
              C:\Windows\{85306343-1C1B-4e98-BB6D-B9BB78FF26BA}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2860
              • C:\Windows\{B0B4815C-FCD7-49d6-8C97-EDD9A4B87FE2}.exe
                C:\Windows\{B0B4815C-FCD7-49d6-8C97-EDD9A4B87FE2}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2724
                • C:\Windows\{0D7132CE-B1B3-4593-A15F-4E5282830DA7}.exe
                  C:\Windows\{0D7132CE-B1B3-4593-A15F-4E5282830DA7}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1704
                  • C:\Windows\{490E0F29-F931-4d6d-95DA-0CB3FCBB5993}.exe
                    C:\Windows\{490E0F29-F931-4d6d-95DA-0CB3FCBB5993}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:808
                    • C:\Windows\{D7D466F2-35BC-45e0-81A4-151DE5378018}.exe
                      C:\Windows\{D7D466F2-35BC-45e0-81A4-151DE5378018}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1792
                      • C:\Windows\{FFE68F3E-A2D6-46b9-8A96-A379DEF5368B}.exe
                        C:\Windows\{FFE68F3E-A2D6-46b9-8A96-A379DEF5368B}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1676
                        • C:\Windows\{27D6C699-8AAC-4ab0-9C15-D618168A6321}.exe
                          C:\Windows\{27D6C699-8AAC-4ab0-9C15-D618168A6321}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2028
                          • C:\Windows\{22BE5929-9302-403d-9E9D-A79C775DAC6F}.exe
                            C:\Windows\{22BE5929-9302-403d-9E9D-A79C775DAC6F}.exe
                            12⤵
                            • Executes dropped EXE
                            PID:692
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{27D6C~1.EXE > nul
                            12⤵
                              PID:1492
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FFE68~1.EXE > nul
                            11⤵
                              PID:2036
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D7D46~1.EXE > nul
                            10⤵
                              PID:2056
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{490E0~1.EXE > nul
                            9⤵
                              PID:1508
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0D713~1.EXE > nul
                            8⤵
                              PID:1952
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B0B48~1.EXE > nul
                            7⤵
                              PID:1936
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{85306~1.EXE > nul
                            6⤵
                              PID:2820
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D70F3~1.EXE > nul
                          4⤵
                            PID:2888
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{923D4~1.EXE > nul
                          3⤵
                            PID:2764
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2584

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0D7132CE-B1B3-4593-A15F-4E5282830DA7}.exe
                        Filesize

                        197KB

                        MD5

                        912c3aa752daefb6a0426ebb7c212cd2

                        SHA1

                        fcfb2125ad4a1ce6360e659b0ee6f23e6b46a1e3

                        SHA256

                        3a15a156d33bd2c7da0c01cf4e663ae1c9f5dd6ffae63f20d21f97954c51a324

                        SHA512

                        d8b33cbc7d775f18d17afb57c2ab449bc791e3fd67a67a85ff3f7b6c7980ead006cb6f29c48c3b4d53af572d02221d5a031f6fd9f4016afcd1b53fd6d320c0e1

                        Download Submit

                      • C:\Windows\{22BE5929-9302-403d-9E9D-A79C775DAC6F}.exe
                        Filesize

                        197KB

                        MD5

                        5de304cbe2ae505086ce30f55fe5cd86

                        SHA1

                        8cea200383f82d34ca54e7cf4a03e154713162ed

                        SHA256

                        6cc23b18a3788d7c4ca78f30520b81d164a7a1bba2ccd10df44a9f496e738a1d

                        SHA512

                        b0b99f4139193bda7e28ae4a99bec8b7f30b9458707a9e400182106ca62a1c01b64a4699df574c24ee7685d1bfeec00389ba5aa521c16c447dc8cf68a9ed58b9

                        Download Submit

                      • C:\Windows\{27D6C699-8AAC-4ab0-9C15-D618168A6321}.exe
                        Filesize

                        197KB

                        MD5

                        6c770e3fe998b9e19ec555d48be404a9

                        SHA1

                        07f66927e91af0a23bf7988dc4c55e6d1bc7a70a

                        SHA256

                        eb0bd1569ad83001636b8dc3b3e8ee5c32109b326fa4b905e0b2d3178b69714f

                        SHA512

                        f7bd0c78b36132a4147d345390502b9e4043e39b7ef0a1ab09442cd2adc9066b465e51b219e4b603c4a4684d64492543eadaf04ec570b1e74a6c83051a4c34a3

                        Download Submit

                      • C:\Windows\{490E0F29-F931-4d6d-95DA-0CB3FCBB5993}.exe
                        Filesize

                        197KB

                        MD5

                        720ce63345403d75e8c430f083c43d1d

                        SHA1

                        ee7c2b5f731c2e65f1f96dd5cecd3c60d1e8f089

                        SHA256

                        003c7436cd54a81f38eff9069f72a825ee4bb477a85c77b1b93ec201bfccd403

                        SHA512

                        e179f2348d1f7bf7196b0daaba95527490f8a99c43a72c37681d33907fd01d2ef66be9959da5e9b6cba66a126da3dbaab876c75821f2b0bdadb60220e66bbf67

                        Download Submit

                      • C:\Windows\{5DB84009-CD15-4d6d-ABCF-EF9F1369CAD0}.exe
                        Filesize

                        197KB

                        MD5

                        90afa271f83070ba273b38738b1705a4

                        SHA1

                        d58e1a11bf67bc9d93c5fea5dbb614c3642ffe03

                        SHA256

                        bba3903db6b4afdfeda7bd312f73fbdf7b173bdec6a49a0b782f52fc8a725113

                        SHA512

                        38eac778d6ec4d66e4f874535c0b7ccae4dd3290eb3c8a3b233747190df08e1d130b607c75dba915c2fe5368db83a070d292e02c2c2ce582e150318c2e5f759a

                        Download Submit

                      • C:\Windows\{85306343-1C1B-4e98-BB6D-B9BB78FF26BA}.exe
                        Filesize

                        197KB

                        MD5

                        4b54510dc9c50fbc7dfc3c9d94ba145f

                        SHA1

                        2d099ebabebb248557ce47310347900d8ee0d1ec

                        SHA256

                        6df89478724718f135856bea0e647b77333a529e55dcfad45506f544e38b9e34

                        SHA512

                        3308f694f73f88993e47be25de8bdebbe581807040115d380c8e649c24baa404634f9dcbdf6a4d6dd04f506007f9135f35644aef24b1b2e6b6617dbbdc95c928

                        Download Submit

                      • C:\Windows\{923D457B-D5A4-4c7c-B136-52D828C9D4CE}.exe
                        Filesize

                        197KB

                        MD5

                        1f95e0cf1864760a17b6c4fb78f5fdda

                        SHA1

                        e9eec7cd01cb996b1437cd5a751016e03330cb8a

                        SHA256

                        b45b183daa222c7b71641654e08802b80c01c1a3bfe196de98f67123a6ed0377

                        SHA512

                        d56b681e2796c779c21fdef392ba6a20a1d97bd1a80beccba470ad43f29edbc092f0eec89f7a6bec6ae423cd589eca81cf04a1397d08cf314c73270344d6facd

                        Download Submit

                      • C:\Windows\{B0B4815C-FCD7-49d6-8C97-EDD9A4B87FE2}.exe
                        Filesize

                        197KB

                        MD5

                        b59c9d5a0a0654b27ebde8ad0eb9362a

                        SHA1

                        48e219b208686ac76a757e221b898bcca3059d2d

                        SHA256

                        0fe08a88ae3eeff86e9309d4c7d87ad48a0374ad01f4dd8ad4060236836dadbc

                        SHA512

                        ef852c10e184ab5070242da2200ed2679c2551ed12b8165782cd417d6b2938fe234e95fbdc42f32c3d5094a20a9f9f5ac7ae1a89896924f3531aa0872767af43

                        Download Submit

                      • C:\Windows\{D70F30D8-DCA0-46e4-B398-7FFC3027F581}.exe
                        Filesize

                        193KB

                        MD5

                        e961ceeac7e8188936e23a5cd27b78cc

                        SHA1

                        d42655275ba09fcc3388240802cee4bd2121a12e

                        SHA256

                        132119a1b4fa3a6c7ccd13a3748e379cd19bd9b5d5cf1648901d0301f4cc5db2

                        SHA512

                        8bd493740285bdfd34c586cb4b7cbb3bbb99b0b117f1aefe26d0768b51d659b5f3e0866ff6ab4089587d8db26a9df9de99c3a5d1f27df6c024fc92134d067fe7

                        Download Submit

                      • C:\Windows\{D70F30D8-DCA0-46e4-B398-7FFC3027F581}.exe
                        Filesize

                        197KB

                        MD5

                        70a26ed115c55212a34c2b8f42982ac8

                        SHA1

                        8cd6e10a34de4096cbbb99766a8f04fbccac5214

                        SHA256

                        66ae0399ad66671b29efcfd52f4b874fd03dfbe126e7309161649eceb7de78a9

                        SHA512

                        a81a5a9bacc428af76373844baa6493dd536fdde3d2952b4849235ae0fdcfa41b2a6a749b093e03a24792ec07845720e441f3e4b417c60d76406f013da37c0bc

                        Download Submit

                      • C:\Windows\{D7D466F2-35BC-45e0-81A4-151DE5378018}.exe
                        Filesize

                        197KB

                        MD5

                        fae85718f7f57681f4c02fed565e8306

                        SHA1

                        86335c64c073288c057569ad8b65e88b1f3db9ec

                        SHA256

                        2d3035c1a8f9fce4a8a054f4ab06a01ed95b775c4f85bf576d45b7af7bc2f858

                        SHA512

                        ac69449bc0f1d90663376481a3e2a2833c0e40ade5c350d5db2d47341f51071a6229f78b5fd81191e95ce5e69a0981695a6e2299d5517ed0ffd7f6d6bd16fdba

                        Download Submit

                      • C:\Windows\{FFE68F3E-A2D6-46b9-8A96-A379DEF5368B}.exe
                        Filesize

                        197KB

                        MD5

                        032fb587db93a32e42e2a3207a639149

                        SHA1

                        b4ccbbe9540703f5417dccc9345131f3dfef76ee

                        SHA256

                        10e27f35bba988356f2f2f3da1f3fa51024b8ffa8012b36367d2688bb4273752

                        SHA512

                        a32df54853d5a8d9df0bb3142d682c1fb3c32ac6912fe15fe2e1025806a567451b6b4c73986dc7077ab0a3271dcd60fccca33f4c6f3f27ba9a61b56fa31543c5

                        Download Submit