Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-03-10...ye.exe

windows7-x64

9

2024-03-10...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    131s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-10_a988db91e2f0672a64a8d46d0a18267f_goldeneye.exe

  • Size

    204KB

  • MD5

    a988db91e2f0672a64a8d46d0a18267f

  • SHA1

    5d44441bc12dd224f1fcf46a3b3adb00a09215e2

  • SHA256

    efb0f6dd12a891f4e2ebcd6e06e05addcba95971dd9429290ad748b1434f87c4

  • SHA512

    17f1387332a4332eb07dfc6e354393ff206401d418e530251f53cf518341048684eee099e31021578cb2f2736719463ca0a9e737a1f83c9c7ef3439ac1783893

  • SSDEEP

    1536:1EGh0onl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0onl1OPOe2MUVg3Ve+rXfMUy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 16 IoCs
  • Modifies Installed Components in the registry 2 TTPs 20 IoCs
    persistence
  • Executes dropped EXE 10 IoCs
  • Drops file in Windows directory 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 60 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-10_a988db91e2f0672a64a8d46d0a18267f_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-10_a988db91e2f0672a64a8d46d0a18267f_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\{4FB4BA5C-E8A7-4b2c-9BFB-68D87DFBCB14}.exe
      C:\Windows\{4FB4BA5C-E8A7-4b2c-9BFB-68D87DFBCB14}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:892
      • C:\Windows\{661FBCE8-9927-4a77-B5FD-944C8CA66B29}.exe
        C:\Windows\{661FBCE8-9927-4a77-B5FD-944C8CA66B29}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4984
        • C:\Windows\{00F285E0-7CA2-4a30-9197-79D4A6C15146}.exe
          C:\Windows\{00F285E0-7CA2-4a30-9197-79D4A6C15146}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:60
          • C:\Windows\{61DB6650-3267-4c59-81D8-2AED5BEE7594}.exe
            C:\Windows\{61DB6650-3267-4c59-81D8-2AED5BEE7594}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4720
            • C:\Windows\{618E89E4-61A7-49a8-BD77-A0CFBAB7B668}.exe
              C:\Windows\{618E89E4-61A7-49a8-BD77-A0CFBAB7B668}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4584
              • C:\Windows\{2878F59C-DCD0-4e05-AC8B-C7DA9E2F559D}.exe
                C:\Windows\{2878F59C-DCD0-4e05-AC8B-C7DA9E2F559D}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:556
                • C:\Windows\{DDCBCC72-A14E-4562-B8F7-CC714ADD11D8}.exe
                  C:\Windows\{DDCBCC72-A14E-4562-B8F7-CC714ADD11D8}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2592
                  • C:\Windows\{5E7F373E-EAFB-408e-81B9-39AFFCF26A65}.exe
                    C:\Windows\{5E7F373E-EAFB-408e-81B9-39AFFCF26A65}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:208
                    • C:\Windows\{314B39F6-3D19-4415-924B-73C8E8DA2B78}.exe
                      C:\Windows\{314B39F6-3D19-4415-924B-73C8E8DA2B78}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3352
                      • C:\Windows\{D787002F-0CC5-4795-961A-BC2DB58E1282}.exe
                        C:\Windows\{D787002F-0CC5-4795-961A-BC2DB58E1282}.exe
                        11⤵
                        • Executes dropped EXE
                        PID:376
                        • C:\Windows\{6F7A7CA6-1075-4e6e-A49B-4984B84AE4C8}.exe
                          C:\Windows\{6F7A7CA6-1075-4e6e-A49B-4984B84AE4C8}.exe
                          12⤵
                            PID:3364
                            • C:\Windows\{504C479E-CDD6-4498-9C08-415CD458A0A6}.exe
                              C:\Windows\{504C479E-CDD6-4498-9C08-415CD458A0A6}.exe
                              13⤵
                                PID:3228
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{6F7A7~1.EXE > nul
                                13⤵
                                  PID:4720
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{D7870~1.EXE > nul
                                12⤵
                                  PID:632
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{314B3~1.EXE > nul
                                11⤵
                                  PID:4944
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{5E7F3~1.EXE > nul
                                10⤵
                                  PID:3568
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{DDCBC~1.EXE > nul
                                9⤵
                                  PID:3412
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{2878F~1.EXE > nul
                                8⤵
                                  PID:4324
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{618E8~1.EXE > nul
                                7⤵
                                  PID:2552
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{61DB6~1.EXE > nul
                                6⤵
                                  PID:4780
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{00F28~1.EXE > nul
                                5⤵
                                  PID:4680
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{661FB~1.EXE > nul
                                4⤵
                                  PID:4044
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{4FB4B~1.EXE > nul
                                3⤵
                                  PID:4796
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                                2⤵
                                  PID:2324

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\{00F285E0-7CA2-4a30-9197-79D4A6C15146}.exe
                                Filesize

                                204KB

                                MD5

                                be856f8203f981ff38382d51346f9c6c

                                SHA1

                                b11378fe25fd28859983c3641438172476ad9fb5

                                SHA256

                                df0b4be343d64485ab0c49484310fb71c1766359717af17045f2fa88ccc1419f

                                SHA512

                                b265cb93e36dd6169873984f360c946968b818119b77b41c5b0bb0b8fde56bf38711e8b7b64cfa73c03603cf4cbfd1846e633732580508d20b05050c27aa67dd

                                Download Submit

                              • C:\Windows\{2878F59C-DCD0-4e05-AC8B-C7DA9E2F559D}.exe
                                Filesize

                                204KB

                                MD5

                                805ee1cffbde3126235c98cb674a7813

                                SHA1

                                0478ee7bcaa388dc42af164b15f81b32cce261de

                                SHA256

                                16d757c65b262be34b4b1f90b106535082e508e1222bc0bd797f10abe6f7d17a

                                SHA512

                                7409fae4356171b47d5d2ddae3e796e32af730f45a868cec1efe1c01dc224808ed5ea7e88c26a70cb019ed77ca3998c03b27b678fba440eaa5a3907309036e49

                                Download Submit

                              • C:\Windows\{314B39F6-3D19-4415-924B-73C8E8DA2B78}.exe
                                Filesize

                                204KB

                                MD5

                                8e148aba2be8cece12a3904a1726e1eb

                                SHA1

                                5da11fbb26e317a885a55d1b122cf515cc9b279a

                                SHA256

                                02ac55eb42703fab3cc5f19cfd320667471ef5fbbfe4961e66752bcc65d0d2bd

                                SHA512

                                0c7c6fbb9d4f72490618d316e466530b8cb226cfc6ba4de4a075994b2b8be46080a5d1c72bfdce9c6e4e6ac8898da13798482fb9d0b620adcd191c0ad9c57892

                                Download Submit

                              • C:\Windows\{4FB4BA5C-E8A7-4b2c-9BFB-68D87DFBCB14}.exe
                                Filesize

                                204KB

                                MD5

                                3f84d55b83ba0a2923146ba32206b4de

                                SHA1

                                578758962f3acf3e6846b8fa0fc4fa9bc4572ba1

                                SHA256

                                07f0a69c0c266b257f2b4f362183d2a8d388cb1d038ec05592f59e80487b98b7

                                SHA512

                                8a2177898280dca8660d79f773b58a6c6d7bc2380f17e9d2b8ddc796d6c8f82b48279718acc196c53f12b2c222ce3da4df30b246e7c73e935a6fa24f51a3ad9e

                                Download Submit

                              • C:\Windows\{4FB4BA5C-E8A7-4b2c-9BFB-68D87DFBCB14}.exe
                                Filesize

                                182KB

                                MD5

                                9354755b96f5be5641eb231b23e3a3f0

                                SHA1

                                161c4c6a4df93f76b236c61c6b921395c6bf3964

                                SHA256

                                9d08157abe38273da67c0a16a30153419787b15aad449703f33f08efb2ee4594

                                SHA512

                                c65a363d78d626fdc406d940ceb32f47e3dfd3672111338e4483e10e99bd70819fc3a81bb3d1b24ee5ad022372586b900bc59e5a8eca14388f733dbfde210972

                                Download Submit

                              • C:\Windows\{504C479E-CDD6-4498-9C08-415CD458A0A6}.exe
                                Filesize

                                204KB

                                MD5

                                3c67462783664e1594c4358bac64f6e0

                                SHA1

                                3f85518a1f17d19025276264b1aae39a2b6a3a1e

                                SHA256

                                fa241fdf38b0caf35251752c79a1cfbce9543b1bf096875c47e7a5fd0d5b12be

                                SHA512

                                1f6a4d53ea7a29bcda1bbb293840ed791c9896e1cc4bb1437a5875a7f28233536d255d9425332028f6b166bcadcc939ec73a62bd916393fa55ac5844defe3b66

                                Download Submit

                              • C:\Windows\{5E7F373E-EAFB-408e-81B9-39AFFCF26A65}.exe
                                Filesize

                                30KB

                                MD5

                                1dd5d44ca002f7d72bfb2e252fa1702d

                                SHA1

                                f2719f1b921f4c74c0fd16eae80337bf408bb6a2

                                SHA256

                                f01a3abce66a55d7f3078133c2d1033c5ac8a5548b98b68f68dc9b7402ec3349

                                SHA512

                                d4034edf309608b004dded784da71e07a218919923b46c0c4d50ee17f2c322d76ecde6656bf0402204c57c25c2550bd75cbbc2f17670faeb48355dd7e3b723ea

                                Download Submit

                              • C:\Windows\{5E7F373E-EAFB-408e-81B9-39AFFCF26A65}.exe
                                Filesize

                                147KB

                                MD5

                                60382a1032344f6fff5c98013c6596c8

                                SHA1

                                407d8afcc5c1d773251b9367727b2396dfd2d7b4

                                SHA256

                                216495c22968f1f652605ab72de106cecb8b2763d80a40744af5750c78fac83a

                                SHA512

                                8704c3f3130cf89df0daaa1934f9e6e086783ea91833df40abe56c46a7ad8021daa4b9b071dcb44526ab67134f1cd2dcf1c8787697c47ebcfafde22f450816ac

                                Download Submit

                              • C:\Windows\{618E89E4-61A7-49a8-BD77-A0CFBAB7B668}.exe
                                Filesize

                                204KB

                                MD5

                                d74e0300ffac1811e191ca56591d4951

                                SHA1

                                ebdc4335a136d7cdf6aec8aa2313ee8a94a5d683

                                SHA256

                                5bd334a1b81662970caf8115973e358c5573d9ebf1edb3cf368687253a0e6555

                                SHA512

                                9797a242ab607492cd9317af1e765258e1e383792df53d16870787429839ef8c5b8c3dbca0688fb33f3d58de727147c7fa9323a49782ca6463dda227680c2d8c

                                Download Submit

                              • C:\Windows\{61DB6650-3267-4c59-81D8-2AED5BEE7594}.exe
                                Filesize

                                204KB

                                MD5

                                23f4513339fb406e91e92fabd7117eec

                                SHA1

                                11760ef3eca3c40412a7fae2b06905aec2f85f36

                                SHA256

                                6247d69cef58a638bbf4715e700c0c9cebdd979ee0d9235d835d529f76089e66

                                SHA512

                                9978b4085c2993b959602ae44a7abcb2e751499ccdb7d74686ccb5f64d467216dd2801cfbe68964731b4b07cfb7856e48154b1e079eba319f8d9bf5f0a2d39bf

                                Download Submit

                              • C:\Windows\{661FBCE8-9927-4a77-B5FD-944C8CA66B29}.exe
                                Filesize

                                204KB

                                MD5

                                91119811aafd31880899fdf9962ac621

                                SHA1

                                2eeee811ca80fb252fc868e7234aade4d7543799

                                SHA256

                                567911a6439d5674f4e445e4e7a83b50df7ad6b90a9dc3a598316c5d9886cef3

                                SHA512

                                1495340c967c20b11f21772d6c02df7eef4704161f5a4f6e9fa1f3efd193c278587664f54701ee1a6ae5b86554d2b9c83179989ad7f1a125d9db463662264bd2

                                Download Submit

                              • C:\Windows\{6F7A7CA6-1075-4e6e-A49B-4984B84AE4C8}.exe
                                Filesize

                                204KB

                                MD5

                                5693343f9042deefd40786084b2a8e32

                                SHA1

                                18ed21ad687d78506c41da496141c2c49f37d555

                                SHA256

                                b998a44e4800f6a5b1488818bf69680e4397ac4fa4e468b5e852ddebf156c819

                                SHA512

                                a5b441ddda0cc3bc2e73ac9d878a8ef26c2a386998f691140990604be112248b03c89aa269d86d978472779fbb4ee757103a6f262c23e0651ce6401ad31c6461

                                Download Submit

                              • C:\Windows\{6F7A7CA6-1075-4e6e-A49B-4984B84AE4C8}.exe
                                Filesize

                                181KB

                                MD5

                                1901481ac3eb0761edcc7e51207756c1

                                SHA1

                                a6cca24c97f62b5ea360bd40d1978fce2add5e8a

                                SHA256

                                8a3666bc79080cfa31a71f11575b4766e2edb9fd825f2cb81aaa8ef1addb17ea

                                SHA512

                                62c4d18b763e268ab383cdc4e7e79defa0ae760f30f9d4c6fcd878da4d49ff8cb54729b735069723e6a881d3de629ba53ca7fddd3066a5b5cb677e6e7be1c95c

                                Download Submit

                              • C:\Windows\{D787002F-0CC5-4795-961A-BC2DB58E1282}.exe
                                Filesize

                                204KB

                                MD5

                                2898f430b61d1363476eeed48c39b709

                                SHA1

                                9197ef076a76792aa129f36f792a8f5264f92c17

                                SHA256

                                c202f428e2df56f8ea6d4439ad2e117fc73bd03cb803b9638afaa0b5f9132568

                                SHA512

                                523b3fe5aa8cb12e722a260713f5d3a2297cb85c96bfbec197d1bd12dc6eb361c97946f77e16a6a3c5fb2051c35f46cd01f7bbfe159a436305c3ae9917cc481b

                                Download Submit

                              • C:\Windows\{DDCBCC72-A14E-4562-B8F7-CC714ADD11D8}.exe
                                Filesize

                                96KB

                                MD5

                                fea950f65a31193598225642813d75db

                                SHA1

                                085be20fdb6abada5c04253c3266b44974cba7d3

                                SHA256

                                33a372bb706c6a76ca4179ad41a9430946c93eb52e69f1e4922992b881c6de4d

                                SHA512

                                c5daed550fc0fab3817708f881b6ef2dbd9cedca3e54be757bea4c87f8c3f3bb24f98345a73cf6bd72da8c1a9c9cbfb2cbf5a1c2d78e6b4ea67b9148d762a5a0

                                Download Submit

                              • C:\Windows\{DDCBCC72-A14E-4562-B8F7-CC714ADD11D8}.exe
                                Filesize

                                64KB

                                MD5

                                f09c6aee0ea515e71776a70ef4139d2e

                                SHA1

                                290d01652ef757f11f0d7a5bf256c978c3f80c00

                                SHA256

                                37d032dcb2914347151d38a564aa5fdfe046ca53ac64218528077ff725955b48

                                SHA512

                                3a76e43b86b7583a66bddb6d255cf41d83cd64be518142fc67a4b52beee70aeecc68039a41b50f3e3a3c93e973edeb74d09a871e38794d6f51f4e394c137f460

                                Download Submit