Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-03-12...ye.exe

windows7-x64

9

2024-03-12...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-12_7e883eb35385cfd4268b0027200e3217_goldeneye.exe

  • Size

    197KB

  • MD5

    7e883eb35385cfd4268b0027200e3217

  • SHA1

    7614c302c73fb2f735bbb988a1d3815d2ef4474b

  • SHA256

    3f43cb3dabe3354bac3d368aaa25e3601d9957c5b254109a6898b6f74dd23d87

  • SHA512

    3405403a97953430035ab0829db3e835452f6d71d12dae26b63bddb4df7554c61d9e844303ada656ec88f537619d6eaf3f95f593377a9fd0d03a893197920aa7

  • SSDEEP

    3072:jEGh0oAl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGKlEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-12_7e883eb35385cfd4268b0027200e3217_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-12_7e883eb35385cfd4268b0027200e3217_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\{68442AB0-CA16-4ceb-A7BA-39C3B60FF93D}.exe
      C:\Windows\{68442AB0-CA16-4ceb-A7BA-39C3B60FF93D}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Windows\{42A33753-117D-4c7b-8648-73F4944EFA6A}.exe
        C:\Windows\{42A33753-117D-4c7b-8648-73F4944EFA6A}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2576
        • C:\Windows\{BBFF9648-FF09-4c70-AA48-54741DDF1905}.exe
          C:\Windows\{BBFF9648-FF09-4c70-AA48-54741DDF1905}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2476
          • C:\Windows\{DD7F872E-4834-4295-9D06-C687011E4406}.exe
            C:\Windows\{DD7F872E-4834-4295-9D06-C687011E4406}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1728
            • C:\Windows\{D058361C-65C9-4f58-8886-22FAC42ABA2D}.exe
              C:\Windows\{D058361C-65C9-4f58-8886-22FAC42ABA2D}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2976
              • C:\Windows\{892F217A-F625-41e5-BB6F-9BF78A98D888}.exe
                C:\Windows\{892F217A-F625-41e5-BB6F-9BF78A98D888}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2016
                • C:\Windows\{40A46928-645A-4171-97FD-144757C4C1D6}.exe
                  C:\Windows\{40A46928-645A-4171-97FD-144757C4C1D6}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2508
                  • C:\Windows\{0694A4B9-2FF0-41d2-BD23-097922CDAB27}.exe
                    C:\Windows\{0694A4B9-2FF0-41d2-BD23-097922CDAB27}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2544
                    • C:\Windows\{C0BB14A5-F5E4-45a9-B71C-30745DA7F6B4}.exe
                      C:\Windows\{C0BB14A5-F5E4-45a9-B71C-30745DA7F6B4}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1636
                      • C:\Windows\{07DA253E-FC1C-4b3e-8541-4B2926F9EF58}.exe
                        C:\Windows\{07DA253E-FC1C-4b3e-8541-4B2926F9EF58}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1932
                        • C:\Windows\{1710A661-1D38-4288-8A78-6E9CB8DEE8D1}.exe
                          C:\Windows\{1710A661-1D38-4288-8A78-6E9CB8DEE8D1}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:592
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{07DA2~1.EXE > nul
                          12⤵
                            PID:960
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C0BB1~1.EXE > nul
                          11⤵
                            PID:596
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0694A~1.EXE > nul
                          10⤵
                            PID:2296
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{40A46~1.EXE > nul
                          9⤵
                            PID:852
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{892F2~1.EXE > nul
                          8⤵
                            PID:616
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D0583~1.EXE > nul
                          7⤵
                            PID:2700
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{DD7F8~1.EXE > nul
                          6⤵
                            PID:2948
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BBFF9~1.EXE > nul
                          5⤵
                            PID:2828
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{42A33~1.EXE > nul
                          4⤵
                            PID:2740
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{68442~1.EXE > nul
                          3⤵
                            PID:2748
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:1448

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0694A4B9-2FF0-41d2-BD23-097922CDAB27}.exe
                        Filesize

                        197KB

                        MD5

                        5538bb512bf24992dabd7f1061bce96d

                        SHA1

                        0318d797a8ee7fa0cb350154eb89f53c0d24a628

                        SHA256

                        15868354894d52c73da5fe979f8b80665b596369f6b7243db08b5b53a8e68bfa

                        SHA512

                        12a0fc94f759e2b11ad9d66615216fee8c760fa933c04cf9ff6c1c0ef313c6e506100b676dec8dc17253cfb1e71ff5358bf5b3e75f598ea4584351a3ccfb1c49

                        Download Submit

                      • C:\Windows\{07DA253E-FC1C-4b3e-8541-4B2926F9EF58}.exe
                        Filesize

                        197KB

                        MD5

                        08a93607f815a5d9f44555feb31fbf6b

                        SHA1

                        fce1951bf6fae1d183df04d56b453977219b9490

                        SHA256

                        7bbfc0aebafcc0201372f2f4a8155d23c2356555821d866e771af7911d785dc6

                        SHA512

                        33ceb2016a170274485c083c631b4197342aa746bae29fc968845a4476e46dd3fe4e2dea8b969b9dec9c477e13f54120fea127170f51ee8d2934c6d72b4a8748

                        Download Submit

                      • C:\Windows\{1710A661-1D38-4288-8A78-6E9CB8DEE8D1}.exe
                        Filesize

                        197KB

                        MD5

                        a0baef1f03a4b6f21b27d178c5dd04fb

                        SHA1

                        b93c0e24a0bb271e65956d510a313b52ffcd3e3f

                        SHA256

                        0acfba52bae2b4ba51cc9b4f64d5ac94719fac02d35da75e587cb7158762bfef

                        SHA512

                        118a8bf533944f69d30710f649915157031e15d9cb5c459a79a00921688647cea14cb6f6fff4e7bf7d5ce28570819914419ef4281a9e08de9f0c19b953d9a698

                        Download Submit

                      • C:\Windows\{40A46928-645A-4171-97FD-144757C4C1D6}.exe
                        Filesize

                        197KB

                        MD5

                        2de2e243e63c891f42176ad059c7c537

                        SHA1

                        c7e92ac3962d7f4ded41e5335c21ef2b7aa83888

                        SHA256

                        db8482e8c02a8dc6dae30766463f32c74875023b5a03bb1688988fa76e490615

                        SHA512

                        7108b9158e7452930feb7faea13c1529f3eb9f235e2255e42ed5a9af575b64be875a9b1bd8d4057614bd208abd61794e0e80d1941039eba629e3bdc929cf6dd5

                        Download Submit

                      • C:\Windows\{42A33753-117D-4c7b-8648-73F4944EFA6A}.exe
                        Filesize

                        197KB

                        MD5

                        46f0c6ccc2e4ad131db25ea7d588c78d

                        SHA1

                        8d0cefe35c89c22b09a142fab8e38f8ac6384f24

                        SHA256

                        b5eba4131938bb9797a27c67571ef2ff40e66b04baf2e70b1f99f2c1c9a98f74

                        SHA512

                        5317fb43ad1bfab1f967fd078796ac85f3990f20380bd4bc85346f08517b0b4e2cf0d510c134b0e0c6d71220ccabbc4ddf8d388cae6c7296b6f29a51412e2398

                        Download Submit

                      • C:\Windows\{68442AB0-CA16-4ceb-A7BA-39C3B60FF93D}.exe
                        Filesize

                        197KB

                        MD5

                        a3e256d78c49df21c4abaaf35d051062

                        SHA1

                        cd6a9011d47a0c16f7a0ad2e405fdb37669db750

                        SHA256

                        adf197fcb2f2004ad5b53703f9f560fce4300e4d0e4db63cee0f95594ff785be

                        SHA512

                        7eba5d2908c5449d2b5c0bff858cf73aca7b622a44c9fa87ed8ed78c149a448fadd12ea84b2c552e2c78bef046a40c791c110de40206b1a29207e8573a8b01bd

                        Download Submit

                      • C:\Windows\{892F217A-F625-41e5-BB6F-9BF78A98D888}.exe
                        Filesize

                        197KB

                        MD5

                        e2328da13956dfddf5501c8c48dbc3cd

                        SHA1

                        7a814ed038c924c479e434b097c9c57d7e305559

                        SHA256

                        4756be919a8edee324693c539a7b024ccace21f61e6b9058deeb90c60b3b7c61

                        SHA512

                        7645bc96c2d55282f42da9b26c9580834307b9ab3c462e6e8655baa1c0a43ac6661df8bf6d5b15bd571819364144aae0083b6375a745b22a1fe981ac8ba212f6

                        Download Submit

                      • C:\Windows\{BBFF9648-FF09-4c70-AA48-54741DDF1905}.exe
                        Filesize

                        197KB

                        MD5

                        2c1c103345a8bf1a5829b131492422e4

                        SHA1

                        786fbefb213c1325a9a9bf82d06f895ba21627de

                        SHA256

                        fd60a3e172709d53eb3056bd732bfd27ef4f0ce706072715ec7dc674abe36351

                        SHA512

                        8df856287abfd3a49e961854c24f3ae186902bffcd37295d931d2875cb452ded12adb4052f41eb270ced5e2c39dd802dedbe458ea4860c96f336764c167b1d17

                        Download Submit

                      • C:\Windows\{C0BB14A5-F5E4-45a9-B71C-30745DA7F6B4}.exe
                        Filesize

                        197KB

                        MD5

                        100d780e2987394bbc56cce7a9908232

                        SHA1

                        05fd7037d260681e0555863fad46a9ac25821db4

                        SHA256

                        0a8795ba6be15a6988b32a0ea280c13de133ef9a602f541d20c6f3439e777385

                        SHA512

                        c70ddccf1d7c63f22dbe6fced04cf71f59def5cf99cc5dbf219eec71199dea1152118e8998ec5b93771f8393e1708920577477c6ffcc79f894f7571397872dfd

                        Download Submit

                      • C:\Windows\{D058361C-65C9-4f58-8886-22FAC42ABA2D}.exe
                        Filesize

                        197KB

                        MD5

                        31293e08cc6b4ef8dc14b7176f2f5097

                        SHA1

                        fc894644555e5e4713c5941a0f4aee97e7e325be

                        SHA256

                        f559c2b536628ce5611a2c4fa77b906eb85334f793572781c650dc2d786c67bf

                        SHA512

                        380f347b97be123e60eac1814bae4acf328f3821f128f62b7da01108173fcee6d3719e1ca7d334f8473fc9ea715f6719210911c4f8d4cc741edb483d9f715caa

                        Download Submit

                      • C:\Windows\{DD7F872E-4834-4295-9D06-C687011E4406}.exe
                        Filesize

                        197KB

                        MD5

                        2a148c86372fb83f32db1fa94b096cf3

                        SHA1

                        86003ebfacf397a058f77cadcf574784becbc63f

                        SHA256

                        b36583993ceb8b884d7f90a4d88b54ba21741be859f7a697aaddc032d2a012b3

                        SHA512

                        5dcbd057cda0b3711b8d9da50e0259a9ad9d476aaef80317df15b39b04d16cde69133e8ec5cec2010d4122f775828bd85e62f727bd4300788844322fe1b67170

                        Download Submit