Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-09...ye.exe

windows7-x64

9

2024-04-09...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-09_b4b10455c9eb49fe08f381434dd21aa4_goldeneye.exe

  • Size

    372KB

  • MD5

    b4b10455c9eb49fe08f381434dd21aa4

  • SHA1

    0a49d1c636bb34f4aa8f69adb780d015efd7e182

  • SHA256

    040508e690e69d3890762983516d053b0351b0d776c5d813664d803e78e00828

  • SHA512

    47910407316ed36729bf9cab57632f9aa982400a62973aa92222e707372582ddd4fe8862b6c5488ce3099b917a8e2417f0522b74e378b1593e8aa33d07bfa1ae

  • SSDEEP

    3072:CEGh0otlMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGHlkOe2MUVg3vTeKcAEciTBqr3

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-09_b4b10455c9eb49fe08f381434dd21aa4_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-09_b4b10455c9eb49fe08f381434dd21aa4_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Windows\{155B19DC-D872-4f47-949A-8E0A58876EBD}.exe
      C:\Windows\{155B19DC-D872-4f47-949A-8E0A58876EBD}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4172
      • C:\Windows\{3698882C-A36E-4157-9D53-BC6911B7178E}.exe
        C:\Windows\{3698882C-A36E-4157-9D53-BC6911B7178E}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4444
        • C:\Windows\{489940D8-BF7E-4f82-BAB9-2D91AEEFB17A}.exe
          C:\Windows\{489940D8-BF7E-4f82-BAB9-2D91AEEFB17A}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4816
          • C:\Windows\{1DB62BD1-AC34-4d00-8059-FCB3915A048A}.exe
            C:\Windows\{1DB62BD1-AC34-4d00-8059-FCB3915A048A}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2892
            • C:\Windows\{6D3B8D93-5F85-4168-A2CE-7809917236F9}.exe
              C:\Windows\{6D3B8D93-5F85-4168-A2CE-7809917236F9}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1636
              • C:\Windows\{260ED722-4E7E-414f-AAC6-92FF18BB2B37}.exe
                C:\Windows\{260ED722-4E7E-414f-AAC6-92FF18BB2B37}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2072
                • C:\Windows\{BE832D2B-1BF7-4cfd-AFD2-02B09DB3188D}.exe
                  C:\Windows\{BE832D2B-1BF7-4cfd-AFD2-02B09DB3188D}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:3156
                  • C:\Windows\{F89F48F0-4155-4052-B554-CB1BB2F2BF65}.exe
                    C:\Windows\{F89F48F0-4155-4052-B554-CB1BB2F2BF65}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1464
                    • C:\Windows\{A8E3D1E1-3AEB-4b8a-AE69-A921828D15E9}.exe
                      C:\Windows\{A8E3D1E1-3AEB-4b8a-AE69-A921828D15E9}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1216
                      • C:\Windows\{B56F2EF1-2DA6-42c7-8230-03BF057107EF}.exe
                        C:\Windows\{B56F2EF1-2DA6-42c7-8230-03BF057107EF}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4748
                        • C:\Windows\{1FE9A847-FE35-4226-98B6-90929DBAD2A9}.exe
                          C:\Windows\{1FE9A847-FE35-4226-98B6-90929DBAD2A9}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2068
                          • C:\Windows\{B00734A0-5D02-48a0-A980-3B33E4C9BC29}.exe
                            C:\Windows\{B00734A0-5D02-48a0-A980-3B33E4C9BC29}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:3908
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{1FE9A~1.EXE > nul
                            13⤵
                              PID:3504
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B56F2~1.EXE > nul
                            12⤵
                              PID:4584
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A8E3D~1.EXE > nul
                            11⤵
                              PID:1952
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F89F4~1.EXE > nul
                            10⤵
                              PID:4440
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{BE832~1.EXE > nul
                            9⤵
                              PID:1244
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{260ED~1.EXE > nul
                            8⤵
                              PID:2164
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{6D3B8~1.EXE > nul
                            7⤵
                              PID:4480
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{1DB62~1.EXE > nul
                            6⤵
                              PID:2968
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{48994~1.EXE > nul
                            5⤵
                              PID:3960
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{36988~1.EXE > nul
                            4⤵
                              PID:5032
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{155B1~1.EXE > nul
                            3⤵
                              PID:4696
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:800

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{155B19DC-D872-4f47-949A-8E0A58876EBD}.exe
                            Filesize

                            372KB

                            MD5

                            c48b516fb774e72df01ce232cabececc

                            SHA1

                            a9f6fa4dc3bf12508a8067f30c0a4b0b40d5f6db

                            SHA256

                            577805f2ea430aeb2dfd408ab6c8fcdd276cbe9a3c2714424f51102523340d71

                            SHA512

                            71c3d9f72d07329e4ef5f99a342c23e8da28c60acb3898d0f2541a13fd7ec38be5a592b17d6bd7b8e512fc6223aca43a1e215adb5df4dd24b6865f07e302e988

                            Download Submit

                          • C:\Windows\{1DB62BD1-AC34-4d00-8059-FCB3915A048A}.exe
                            Filesize

                            372KB

                            MD5

                            ac7db063ca3c78373026c82e3ee5e8de

                            SHA1

                            c1fa8766d2c21f2d1a3602a9ab4faf031654d6e0

                            SHA256

                            7b78b417829a79d49141c5e223ff5672ead915cee7bee1375f80d7a58e535aaf

                            SHA512

                            266444bbf504b769a72973a6b6e622ee453efb1aa2306821a7fe33f8da62cb8da4daa69cb521dc9a1a8a4dbc7be13dd3a1f769af66245ce3b79c08145d61592c

                            Download Submit

                          • C:\Windows\{1FE9A847-FE35-4226-98B6-90929DBAD2A9}.exe
                            Filesize

                            372KB

                            MD5

                            65bb8217ba482363fc61121f8cc90733

                            SHA1

                            1cea1c0d6ca5f9e25d7a00ff3e5b1103ccbd3c87

                            SHA256

                            b92d14a62a4a043b947c854b3d7db5cb72bb99f88689d4c0c54650b6e69cf5cb

                            SHA512

                            4047d46d0840990ac58b7197d0d361113266e1486275ca3c69f6dbadb2ec124a82f2266135cd7942b1ef3707edec2fc5d852268084fda17e0fff020179b20624

                            Download Submit

                          • C:\Windows\{260ED722-4E7E-414f-AAC6-92FF18BB2B37}.exe
                            Filesize

                            372KB

                            MD5

                            28205ecf2499d82237dd2f542f42cfbd

                            SHA1

                            58340979b4372d156dc9c07e17ac46d529632078

                            SHA256

                            ab6054cbe83b03c615c1777c13f80a4d927386bae328fc51a95a4cd2974c6a01

                            SHA512

                            6723f6b675dd1324a2da72a6ce355c1301fdf3d8f1ab56d4b27e850e1c3e76813a28add0786e407180e64ff4f09abd6ded83aece68dbcc20f03c552ed6b0611e

                            Download Submit

                          • C:\Windows\{3698882C-A36E-4157-9D53-BC6911B7178E}.exe
                            Filesize

                            372KB

                            MD5

                            975f57702fa1f207cc0bedfba1f07742

                            SHA1

                            ea032e78a4103620957f5661e0be3e15cf91ae84

                            SHA256

                            634ad99118daf83392faa57cdeba3582a04f1e51dc7d7f0fcd362ae3ec419acf

                            SHA512

                            f2be9a0c6e6d590685030569da69f1698e7ec4f1f79aaa370adbbf33f106313610247cfd8b930f1d03e56a2f2c2dfa02992154f7ab70d545433ad9d80c1d7c31

                            Download Submit

                          • C:\Windows\{489940D8-BF7E-4f82-BAB9-2D91AEEFB17A}.exe
                            Filesize

                            372KB

                            MD5

                            c96f0784009ae356afafb6a8c3f425e4

                            SHA1

                            9e78c148f4b9f54fbdaef155fe5ed00b015361aa

                            SHA256

                            52be995ac68e76ee5c681f3f79fe57beef9da24d83231c5c44bd67d27299a891

                            SHA512

                            4c804fcfe041d8448f756f564d363e443d5c72a87708c40257acfad2fca1ff945435e2137edc9c29d963bc2b3a718345989581576bacb5cfeca1aa443756fa49

                            Download Submit

                          • C:\Windows\{6D3B8D93-5F85-4168-A2CE-7809917236F9}.exe
                            Filesize

                            372KB

                            MD5

                            5582b09e8acf99e53e563a6ec1e08422

                            SHA1

                            28a9bf188dec17b649d5356bbfe0ca5388a704ef

                            SHA256

                            3245c415c3202508fad3d1f2315b5dcc68cb8fa2cf34b602c6d2fdd4614c8707

                            SHA512

                            328eb30f944656c765ae0f9213340517264afd008d20be15c96ce5595bac699da385806da444999cc9c993f4eeae44e2d30d15a0d4e6b385d049c8a12b6181f6

                            Download Submit

                          • C:\Windows\{A8E3D1E1-3AEB-4b8a-AE69-A921828D15E9}.exe
                            Filesize

                            372KB

                            MD5

                            27654f0ba3ad14ffc08f69f7b169c83a

                            SHA1

                            8b41d37c08cf346c36764c56387a9266859f3bce

                            SHA256

                            46cdff660edd85ff6b403cfd8c90fb5faa88b0d96f047bd610255301d4a46d5a

                            SHA512

                            d13e9a63431cd1878895f20d53b92a2283fe560606da39693ea11a16b7809dcddd30dfedd3925c88ac4e6f87524b612728aeed7029b7586b84422f19007a6857

                            Download Submit

                          • C:\Windows\{B00734A0-5D02-48a0-A980-3B33E4C9BC29}.exe
                            Filesize

                            372KB

                            MD5

                            f45e00665130f5e55b92a68189e1efd4

                            SHA1

                            4085fae59b945f2a2f5dbc913565c96cc1a8f025

                            SHA256

                            d6a33a5ac546f60aa02a36b65b49749841281f1159325cf9f9905129d736c203

                            SHA512

                            591244f15bdf9fe2587e94030592a1a09b074718b13dd5d98b750a7e5183fd0231cdc40cc15fd26fd7ca2b7b979272aa944e8173ba22ed7d20e1c90b013d3ed4

                            Download Submit

                          • C:\Windows\{B56F2EF1-2DA6-42c7-8230-03BF057107EF}.exe
                            Filesize

                            372KB

                            MD5

                            73897d99a999798bea0180032465c9f0

                            SHA1

                            73b2b6fc44c9a20c8463820e9ce5d9204b39960c

                            SHA256

                            ce70ee41d45f9dfc337d48614144dc2eb6b4b858234b0c5556b984f1c0779604

                            SHA512

                            ef4c5e2979ab5e9402de6011d352da7587149a28d6c0f9906ecd591a916a8ce43a2b66297ebc927490985fed74856307a88e6d42223d50924040d4859d626a36

                            Download Submit

                          • C:\Windows\{BE832D2B-1BF7-4cfd-AFD2-02B09DB3188D}.exe
                            Filesize

                            372KB

                            MD5

                            ee67e060e3c171e7a7a1bb4ecd2e03f7

                            SHA1

                            894d5a2eaa25845dcb4cfc0dd69ae8d86d7fb983

                            SHA256

                            374bf95dd8228f23ed464a447a6e485f590d2fc6ac68f5e0ac68040baf4e8f44

                            SHA512

                            b005433c180b89d1976cfe7b277143f4bece453be43585f4a5da301a8fa428218bec32cee1217eee9e885dcccc762c4d9a89c6a509b7d2721ac7dd9a75437610

                            Download Submit

                          • C:\Windows\{F89F48F0-4155-4052-B554-CB1BB2F2BF65}.exe
                            Filesize

                            372KB

                            MD5

                            209c7b4df7a91433dd2861d3fffbdefe

                            SHA1

                            752fb64d549065f50d98802d96838bc40132fdbd

                            SHA256

                            bdf4dcc8fdbdf96f4dc82e0858ef8c647dff7e0b1916b8d3223af40df6b7e701

                            SHA512

                            e96ff8d934c522d5feb4d01e4a74ba3a1e0ab8495f1d9a13819b31039fcf419fa4f1a7b6853aa0d99c7e953ba9d9345de5dcfb53ce86e12bb724832a9e93d860

                            Download Submit