Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-03-14...ye.exe

windows7-x64

9

2024-03-14...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-14_39fc6a37b1b3a7574cbf8d757353b255_goldeneye.exe

  • Size

    372KB

  • MD5

    39fc6a37b1b3a7574cbf8d757353b255

  • SHA1

    52c8610784a3c7a649a3da285bd506843d1747e1

  • SHA256

    59fe019f0c6741b09bd88bb33b1fae93c7a49bb20652ab79a431d06d6c22c70a

  • SHA512

    58c03076fbdcb0e64939c97be7edcb48984ac82c56924680cdd947a06094b5107d494d85a2373dec9f68e29d7659393dfa992b3f896acd6babeb2ef4206c0ea7

  • SSDEEP

    3072:CEGh0oLmlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGcl/Oe2MUVg3vTeKcAEciTBqr3

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-14_39fc6a37b1b3a7574cbf8d757353b255_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-14_39fc6a37b1b3a7574cbf8d757353b255_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\{2D6B8D1B-C450-4e14-B3EA-BEE1422CCA9B}.exe
      C:\Windows\{2D6B8D1B-C450-4e14-B3EA-BEE1422CCA9B}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Windows\{F52CF6FE-B9A3-4f27-90B8-6D96D7B28850}.exe
        C:\Windows\{F52CF6FE-B9A3-4f27-90B8-6D96D7B28850}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2028
        • C:\Windows\{2845C377-E238-4dbc-B1C1-E0043F72E436}.exe
          C:\Windows\{2845C377-E238-4dbc-B1C1-E0043F72E436}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2556
          • C:\Windows\{491FA3FC-379F-451c-A6A4-94E9291C0310}.exe
            C:\Windows\{491FA3FC-379F-451c-A6A4-94E9291C0310}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2408
            • C:\Windows\{A51969B0-EC48-4885-A455-A1A8E61BEDFF}.exe
              C:\Windows\{A51969B0-EC48-4885-A455-A1A8E61BEDFF}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2768
              • C:\Windows\{B8736918-22D7-45b0-B1E8-47F9B7826C67}.exe
                C:\Windows\{B8736918-22D7-45b0-B1E8-47F9B7826C67}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2300
                • C:\Windows\{21873168-2952-4009-8CF2-353C54F91646}.exe
                  C:\Windows\{21873168-2952-4009-8CF2-353C54F91646}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1264
                  • C:\Windows\{6E0656E8-C38E-4357-92F7-69735FC553AD}.exe
                    C:\Windows\{6E0656E8-C38E-4357-92F7-69735FC553AD}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1188
                    • C:\Windows\{FE1008E1-50BE-43ab-AF2A-F83F865185CD}.exe
                      C:\Windows\{FE1008E1-50BE-43ab-AF2A-F83F865185CD}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2516
                      • C:\Windows\{BCDC60AD-7F07-48a4-8A86-92A6F10CE3E5}.exe
                        C:\Windows\{BCDC60AD-7F07-48a4-8A86-92A6F10CE3E5}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2216
                        • C:\Windows\{CBC3A56B-5862-40a5-9344-D4B349F546E1}.exe
                          C:\Windows\{CBC3A56B-5862-40a5-9344-D4B349F546E1}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:596
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BCDC6~1.EXE > nul
                          12⤵
                            PID:1572
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FE100~1.EXE > nul
                          11⤵
                            PID:608
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6E065~1.EXE > nul
                          10⤵
                            PID:2192
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{21873~1.EXE > nul
                          9⤵
                            PID:2036
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B8736~1.EXE > nul
                          8⤵
                            PID:1256
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A5196~1.EXE > nul
                          7⤵
                            PID:1268
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{491FA~1.EXE > nul
                          6⤵
                            PID:1244
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2845C~1.EXE > nul
                          5⤵
                            PID:2720
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F52CF~1.EXE > nul
                          4⤵
                            PID:2656
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2D6B8~1.EXE > nul
                          3⤵
                            PID:2676
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2608

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{21873168-2952-4009-8CF2-353C54F91646}.exe
                        Filesize

                        372KB

                        MD5

                        1bb57a4316c2a45c4e76e8ac27f381df

                        SHA1

                        8179c04ce873a2a756343f967bc83e3bedfad30e

                        SHA256

                        ae4c82fe42712dc2a0f4688c0ce98a07a5ed7dbf06c4aa62eda98954dfbb3493

                        SHA512

                        44c80516727dd085c9e2d793856d0d81a486edb8cc58d98a03269f06bcab6762c650d7b9296e5f724a43e6ff487f99e5111efdeb6395aa7a0d564c7c2b95e990

                        Download Submit

                      • C:\Windows\{2845C377-E238-4dbc-B1C1-E0043F72E436}.exe
                        Filesize

                        372KB

                        MD5

                        0227cc9ac093d90fb718c1bca8cbbe69

                        SHA1

                        60da259c9cca29357758196868292f66c0e6cb1e

                        SHA256

                        da3069c2fdbaf6ad539dcc91c2c6acf72eaed05195ccb3261514a493009dc199

                        SHA512

                        8a5933d7e8148e933d839faa5273b833ec25bf1ebaf4eb65a74f1dd4d98a80ac58351b35fa0a982b4c476ec24613ad174093b2cd18c86515afeae3687a069a89

                        Download Submit

                      • C:\Windows\{2D6B8D1B-C450-4e14-B3EA-BEE1422CCA9B}.exe
                        Filesize

                        372KB

                        MD5

                        c5d1d8a67540c1c521432eef0ef558d5

                        SHA1

                        dcf5ec643d85a8f0d11413e5e0d15d30df7bd99b

                        SHA256

                        b4d6e8d24bfcd55b471a6975d6650f77f5e9f7b64843111b13936a7fcb55c378

                        SHA512

                        a43a5436b53a386d0f376b86af49d80fad26edaf01f2c02e8b2a4bf124df49bd17c230f8379277d216e178d7bb3004d5aa5e5385454357445c8adf490e89ee59

                        Download Submit

                      • C:\Windows\{491FA3FC-379F-451c-A6A4-94E9291C0310}.exe
                        Filesize

                        372KB

                        MD5

                        f3cf935fb8ca24bb36b23844e0e7f65b

                        SHA1

                        444bf2924f2ce1627c9c003909eb61a69f37f681

                        SHA256

                        ea313067ee9fb01442d699c08c6c69c31232ccd6cbfece073871da90902a05d8

                        SHA512

                        2a97559ce4205df2d4baae9d12034a900843ee301e844ef74c5df8cd45d38b79978e6e503a6d48d2ab3e973c7be5759a5f9e846df717e54835b20dce7d8b1155

                        Download Submit

                      • C:\Windows\{6E0656E8-C38E-4357-92F7-69735FC553AD}.exe
                        Filesize

                        372KB

                        MD5

                        99d8b18508d7b88cc3e4843fcd4eae0d

                        SHA1

                        802f46c1676c02e81e1d62263c8d173c42be30dd

                        SHA256

                        6795a1feedf03b0506549de8a3c08b2163495b400a4d09e9e919ec6eeb514bb9

                        SHA512

                        3e8bf6aaa5e4061a2f6d782ca713eb002c7c9ae4ca739746b890d69a11346dad7968116ae98c9152613bfe00a8d81cb8b7884bb95fc272b2122fb22f68505c16

                        Download Submit

                      • C:\Windows\{A51969B0-EC48-4885-A455-A1A8E61BEDFF}.exe
                        Filesize

                        372KB

                        MD5

                        8a9626981b6a32fe1754992215b1d3b9

                        SHA1

                        a57a23336b59c0b05c9ddaa0e6ae2bc9e57fc353

                        SHA256

                        780bce42837b432fe2ecaa45afc111c330e4f1f57a84c586ab59bf33b859cc76

                        SHA512

                        f53251749b39f274405a2dbd11f79ee341e68c2b4865d9107f988344a6d629437ccc80d0c1583eddd8478cd3a12d6291696889f9b076f8dae5f4b624fb1585ec

                        Download Submit

                      • C:\Windows\{B8736918-22D7-45b0-B1E8-47F9B7826C67}.exe
                        Filesize

                        372KB

                        MD5

                        4d3047b9f42d8408c0471f1f26d8b7af

                        SHA1

                        c3a2b8813e81a59d333a6814377c5466ee131bc2

                        SHA256

                        4a20246569013524866f152c90253210b8d8dc1539854e88f6fcc516474e87d4

                        SHA512

                        da7b446d0f23348313ebcb40a1580bd5c2536d84e18254421c8811d2b0506435fd67c7ff431a6ac37963a8b9fe3a7f6b0852df9cdf719e10787f07da9ddbada7

                        Download Submit

                      • C:\Windows\{BCDC60AD-7F07-48a4-8A86-92A6F10CE3E5}.exe
                        Filesize

                        372KB

                        MD5

                        bdea93b2fbe036976e0e2ba4a7bfe93a

                        SHA1

                        6038d619ea7b9f29fec122855aa08c339c0185ce

                        SHA256

                        6e4416432f8942cb3d8685f53c92c612f848e5279cac0afead7217596a60e563

                        SHA512

                        5a8e336cfca9e9bc7b256d75c2486eef551d2bcc2615d54fd9411b01abdfabe2fad94275cb00fa36a00117c2e60e71c7ebef5881cb6cdc768e501508b5953428

                        Download Submit

                      • C:\Windows\{CBC3A56B-5862-40a5-9344-D4B349F546E1}.exe
                        Filesize

                        372KB

                        MD5

                        c8a88a57c3f0bab3fba5d7aad1f29c8e

                        SHA1

                        1c46325ccd25bd8f2f4c5446baece968fcebf0c4

                        SHA256

                        df3e24646764b5f83546d81346ce2aec9474f4b60c31f697be5ecb0ab66f74e7

                        SHA512

                        8ad52f9731479467f46aaed3be3c21ad1010e00201c6703ca93faa2377c51fbf35c7ac87c6aba2a4adea4f57e3b870dfe956625522b99a8873a823872b897bab

                        Download Submit

                      • C:\Windows\{F52CF6FE-B9A3-4f27-90B8-6D96D7B28850}.exe
                        Filesize

                        372KB

                        MD5

                        51cb69aeb02d633e13ba39e1d760755d

                        SHA1

                        c487718d014fc662a638bbb9e09c8da98ab51739

                        SHA256

                        c46900acd1ab59cbb92e0af6969a2a99c33211ae45c207a58aa3c81a02c5113c

                        SHA512

                        2239584fd4e6228f0980af04a8a556a1ee8e03bdda9acb2d470509850f168bc0fda7ca93c0a59c11f299deb86e8b6ab45fbf626d58e5122bd7791ed7ca19f849

                        Download Submit

                      • C:\Windows\{FE1008E1-50BE-43ab-AF2A-F83F865185CD}.exe
                        Filesize

                        372KB

                        MD5

                        656294f6d2b21611b16708378832f8d3

                        SHA1

                        2564ad77eff359054c4858809ad07863849abac6

                        SHA256

                        90706389b634195ed85f977e41864178ea0ebfa6ad637cca131b23a34bf6cd96

                        SHA512

                        c0475d162606e5db92db0a4749493aa806ddfeb930aa195a5ac6d90fb2af4cd198266454d48c3cfa7f2dfbcd5aabd6d20ed825185aa7f7384a67e58b11909e50

                        Download Submit