Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-23...ye.exe

windows7-x64

9

2024-02-23...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_55d458372a8bd43c16bc28dc9fa54614_goldeneye.exe

  • Size

    204KB

  • MD5

    55d458372a8bd43c16bc28dc9fa54614

  • SHA1

    5ca491b141a1ea6fea1a6d9ecc00387984a3a94a

  • SHA256

    4b8f3ee9980e3fdb6a802b54f21d3fce79620374d97ca5be272e7dd6ee89e01a

  • SHA512

    23cdb561a655a17dbb8f716f83f1e5348ac1671dbca2676999f4c7dd4833952ada2e4b4987964344af978352ef2d2ebf91d4573184bbbfa31629c3740a513efa

  • SSDEEP

    1536:1EGh0oml15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oml1OPOe2MUVg3Ve+rXfMUy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_55d458372a8bd43c16bc28dc9fa54614_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_55d458372a8bd43c16bc28dc9fa54614_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\{1C64E764-0CEB-4e87-B6EA-570ECAA6DF74}.exe
      C:\Windows\{1C64E764-0CEB-4e87-B6EA-570ECAA6DF74}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Windows\{9A38E13B-CC28-4382-80F6-190B96C385D9}.exe
        C:\Windows\{9A38E13B-CC28-4382-80F6-190B96C385D9}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2592
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{9A38E~1.EXE > nul
          4⤵
            PID:2388
          • C:\Windows\{BE555DD4-ECC6-4f7a-B306-CF2EB738EC6A}.exe
            C:\Windows\{BE555DD4-ECC6-4f7a-B306-CF2EB738EC6A}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2424
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{BE555~1.EXE > nul
              5⤵
                PID:1648
              • C:\Windows\{7EB0E538-C112-4709-A606-A12DF0DA98BC}.exe
                C:\Windows\{7EB0E538-C112-4709-A606-A12DF0DA98BC}.exe
                5⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1988
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{7EB0E~1.EXE > nul
                  6⤵
                    PID:556
                  • C:\Windows\{91BC8BA0-DA49-425f-A38E-BE374A237198}.exe
                    C:\Windows\{91BC8BA0-DA49-425f-A38E-BE374A237198}.exe
                    6⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:676
                    • C:\Windows\{B2D0128F-D7B0-4c3b-BBA6-E1032D7E703C}.exe
                      C:\Windows\{B2D0128F-D7B0-4c3b-BBA6-E1032D7E703C}.exe
                      7⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2800
                      • C:\Windows\{AF1D971A-9BC7-4e05-9FD1-D2D14D9B9A6B}.exe
                        C:\Windows\{AF1D971A-9BC7-4e05-9FD1-D2D14D9B9A6B}.exe
                        8⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:2364
                        • C:\Windows\{D19FA579-8D46-4386-A80E-61032B4E42F4}.exe
                          C:\Windows\{D19FA579-8D46-4386-A80E-61032B4E42F4}.exe
                          9⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2640
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D19FA~1.EXE > nul
                            10⤵
                              PID:1208
                            • C:\Windows\{E84D147C-867B-49d3-A3B9-5D3C4BC8ACFE}.exe
                              C:\Windows\{E84D147C-867B-49d3-A3B9-5D3C4BC8ACFE}.exe
                              10⤵
                              • Modifies Installed Components in the registry
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious use of AdjustPrivilegeToken
                              PID:1128
                              • C:\Windows\{99068738-27EC-476d-8520-FDBA36CD1C8F}.exe
                                C:\Windows\{99068738-27EC-476d-8520-FDBA36CD1C8F}.exe
                                11⤵
                                • Modifies Installed Components in the registry
                                • Executes dropped EXE
                                • Drops file in Windows directory
                                • Suspicious use of AdjustPrivilegeToken
                                PID:1968
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{99068~1.EXE > nul
                                  12⤵
                                    PID:2476
                                  • C:\Windows\{E89F56D5-5495-4026-A39D-36E2002D587B}.exe
                                    C:\Windows\{E89F56D5-5495-4026-A39D-36E2002D587B}.exe
                                    12⤵
                                    • Executes dropped EXE
                                    PID:2856
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{E84D1~1.EXE > nul
                                  11⤵
                                    PID:1664
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{AF1D9~1.EXE > nul
                                9⤵
                                  PID:2768
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{B2D01~1.EXE > nul
                                8⤵
                                  PID:2692
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{91BC8~1.EXE > nul
                                7⤵
                                  PID:2416
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1C64E~1.EXE > nul
                          3⤵
                            PID:2576
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:916

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{1C64E764-0CEB-4e87-B6EA-570ECAA6DF74}.exe
                        Filesize

                        204KB

                        MD5

                        845848082c4ea268a4e29d8815192154

                        SHA1

                        ef2ab5bf114acb1217ead1bd0d675fc4f3427b46

                        SHA256

                        99b9431049f6790de78ffe1975fa1d384373825bcc3c313df2af35b8b345c0ba

                        SHA512

                        9add8885b0db9b4a98adfd260f3f1f6693df29700af0850a3d9b997926876bdda728c3924b7617e0e9b7659eb37a52921fc0d6bda796a0c5e060e0fda56298cc

                        Download Submit

                      • C:\Windows\{7EB0E538-C112-4709-A606-A12DF0DA98BC}.exe
                        Filesize

                        204KB

                        MD5

                        821517f8679406eb4d520fd5dff15711

                        SHA1

                        5f528f15dc30afea226b6cea4500d8e4e422d421

                        SHA256

                        5b14bdff8789ab240c9250bbce1b40f0388e426c0544684f43ad75519a146781

                        SHA512

                        da4ff4ac5a712ed691412436a20631440ff3ad0630629a351ff97954eb3590db04386437e1a8cc096663da5f946ebc28f1038811b2d548930c720b17b26186bd

                        Download Submit

                      • C:\Windows\{91BC8BA0-DA49-425f-A38E-BE374A237198}.exe
                        Filesize

                        204KB

                        MD5

                        fb1d724c822e2abcc2783bfc4a31a232

                        SHA1

                        aa177a27652847b889dc6df1205456d8ffde08d9

                        SHA256

                        8399d2ce1d15961113164903c0b20f8e6cec7a095da9e53d37d9a1bd797b3784

                        SHA512

                        3af8e5f3b1b9c87fb44f393d4793304bcc6944246480678de0b9408f3d957b7213c7625b02e15d223d4cbd126bb337566abc1c73174466dbdec8407a6de3e54c

                        Download Submit

                      • C:\Windows\{99068738-27EC-476d-8520-FDBA36CD1C8F}.exe
                        Filesize

                        204KB

                        MD5

                        a26090d664985b7064a47b3f42c71ce6

                        SHA1

                        11a640b53c051548fdf6002cea3f1863050f6d92

                        SHA256

                        4f636a1fcae538caf863fbe8516ab92c501ddd9c6e31f1c7dddff2b3276392fc

                        SHA512

                        6a95cc22240ace3c699969d57eca1b4fa68a520ff7a118442aa821bb019e11cb1bc8cd6788dc0698d43d44835d4c310f7776a42936db51e8f04d39498051aedf

                        Download Submit

                      • C:\Windows\{9A38E13B-CC28-4382-80F6-190B96C385D9}.exe
                        Filesize

                        204KB

                        MD5

                        8e0fb41cbbf2f8c553f7452ffaa827c5

                        SHA1

                        c4b5460ade4a8c46ff7266c51870e5bd3db8d881

                        SHA256

                        40f38daf0a953ae4fad4ecf2b247fb3a64f84b7b7f0b8e6a0ed9c60e54f6d7f1

                        SHA512

                        1df77cbc9b15d2fc8f67a6bdb217ef5f00ec0ad6bb6e5ec91cd974e69a8398e766a6cd1116437f591d7acefd91aa5d65763a40627caacabe4b635007ed247675

                        Download Submit

                      • C:\Windows\{AF1D971A-9BC7-4e05-9FD1-D2D14D9B9A6B}.exe
                        Filesize

                        204KB

                        MD5

                        b75ae6d1363da949087c07b8e7344f57

                        SHA1

                        fbfc85a8834848992b9df8d4d4c0b852df82efbf

                        SHA256

                        c25992bbf03631f5ce2a34476923a9204ed5227dae897503f86ef6013060f627

                        SHA512

                        3e3a1c158702ba94acffc44b76b04862ca170c9d5aa9749b5fbf42ee6419ba802dacb5bda0f5c65939695e587734ba770b74acb6770a4d29a3c25273988c166b

                        Download Submit

                      • C:\Windows\{B2D0128F-D7B0-4c3b-BBA6-E1032D7E703C}.exe
                        Filesize

                        204KB

                        MD5

                        7eca3b131c209a6781f6eadcb0ba4d04

                        SHA1

                        38fd09b4006e495980468e0110b1912e85638005

                        SHA256

                        22b9c3c0765b812d1c5a871b2ef54c5bb1161696bfba109a916a0f825c00ee92

                        SHA512

                        b2a7b6c302773e844d9e602094f0ac6c2bfd2db92c2276cfdf142b5e03e57bc8de620cb113d1dade1934c1a4d0763ed856c433fa965637c2a665f1e2cd8fc8ea

                        Download Submit

                      • C:\Windows\{BE555DD4-ECC6-4f7a-B306-CF2EB738EC6A}.exe
                        Filesize

                        204KB

                        MD5

                        4bb17681ef92762cf9ec1e6f6db63e0d

                        SHA1

                        6e303005a30d002c64bcfe1fb1c6917749e93609

                        SHA256

                        3391737ed8a01084994767464c3e8bafdd80aa88f9589030f3ffccff1fcb8282

                        SHA512

                        5eb0e466cd2e3f06c9dc0e3584b2f497623cb6387e51bc98d576168aa770351da204480e3196af9044f00109831db65a6623a52288e9685a5ef2edd1d16db8fc

                        Download Submit

                      • C:\Windows\{D19FA579-8D46-4386-A80E-61032B4E42F4}.exe
                        Filesize

                        204KB

                        MD5

                        cfea3746b0b62449d29c3ea3675c8142

                        SHA1

                        d3518df4933c4de9af20865525dc7973b730077d

                        SHA256

                        fa8b06b311deb09c2880c1ede1a67cdaf06cc32a49b5904f46aa8c18a3977835

                        SHA512

                        71db4408459eac84b280c70d810077c05e8e500281940070d067dfde4d3ed59fdc0c741e4b23fe8e6ac371fa4c237b8e0d4b10ca58dc131409c9f74151253f76

                        Download Submit

                      • C:\Windows\{E84D147C-867B-49d3-A3B9-5D3C4BC8ACFE}.exe
                        Filesize

                        204KB

                        MD5

                        633688eeb7d165e847b3fa16170c82ea

                        SHA1

                        589c56fbd717420f3cc5fb32f2477b283f09ad8b

                        SHA256

                        fcc493815a0e89678f43d96b97c7a07545caa4cab2b77fc5c7140e9a8d512668

                        SHA512

                        a463b8c60a68ff567f53f5a834d2fe5448afc3044201bf2b3ab86ec4b41f0c51fb24e4f73a282b3b218264e23728aa03fb7a89a6307fc7ad413cc9c8fa89f9a6

                        Download Submit

                      • C:\Windows\{E89F56D5-5495-4026-A39D-36E2002D587B}.exe
                        Filesize

                        204KB

                        MD5

                        a432ae216b90c31620b866510fea4dc6

                        SHA1

                        d6f4dfd830bcc5182288253b2405a3dea6451bfb

                        SHA256

                        7a1b5a9d33e6714daf493248a1fcc9a534c7b0901ba7c5c8497a9ff6f190920d

                        SHA512

                        56fb085311ca5154cea701a124f9ff2fd937a323fa1a2c3c08df269b789de75feacf70511dec120d5b82aa37528fa9e35dec42ee63a69308adb285558f643f9a

                        Download Submit