Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-16...ye.exe

windows7-x64

9

2024-04-16...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-16_52f8f92d3fed783453ad5bff2294461c_goldeneye.exe

  • Size

    180KB

  • MD5

    52f8f92d3fed783453ad5bff2294461c

  • SHA1

    1690c5714ab879b1b00468b7fa5840ce0a97c5ef

  • SHA256

    d3b5c12c01eb215d66392c7e3f121fbf4b4d00a0f7770c3dcef9f6d7a6b1e3a3

  • SHA512

    7781c6e8a64183b32103292cb34877c40485a63ef024ccbdec20a1eae8a64340b950ea83f0f98fd60539a6faae8450c79f0de5f779e67f889bedde96424cb687

  • SSDEEP

    3072:jEGh0ozlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGFl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-16_52f8f92d3fed783453ad5bff2294461c_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-16_52f8f92d3fed783453ad5bff2294461c_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Windows\{9484D451-47A2-4a4b-AFC5-49B710CC0D49}.exe
      C:\Windows\{9484D451-47A2-4a4b-AFC5-49B710CC0D49}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:716
      • C:\Windows\{5D7896BF-6D3F-41ba-827D-848181B35F30}.exe
        C:\Windows\{5D7896BF-6D3F-41ba-827D-848181B35F30}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2544
        • C:\Windows\{52B426A5-9104-4c66-969D-5C49A4113AEA}.exe
          C:\Windows\{52B426A5-9104-4c66-969D-5C49A4113AEA}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4852
          • C:\Windows\{F0A42928-A44A-47d0-ACC9-4718FE38D5EA}.exe
            C:\Windows\{F0A42928-A44A-47d0-ACC9-4718FE38D5EA}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4780
            • C:\Windows\{8D343C26-96B1-4e16-A3CD-AAEB9852885A}.exe
              C:\Windows\{8D343C26-96B1-4e16-A3CD-AAEB9852885A}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4260
              • C:\Windows\{56EE4EA7-6405-4042-BC34-777A665A4DD4}.exe
                C:\Windows\{56EE4EA7-6405-4042-BC34-777A665A4DD4}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3612
                • C:\Windows\{B5A4300C-B4B8-440e-90FA-6B5EDA394147}.exe
                  C:\Windows\{B5A4300C-B4B8-440e-90FA-6B5EDA394147}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2248
                  • C:\Windows\{5DAE02AE-6DF7-49bb-AAD8-9CA808C9C14F}.exe
                    C:\Windows\{5DAE02AE-6DF7-49bb-AAD8-9CA808C9C14F}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4948
                    • C:\Windows\{C1AEF4C9-2A34-496e-A964-1EC198DEF940}.exe
                      C:\Windows\{C1AEF4C9-2A34-496e-A964-1EC198DEF940}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2240
                      • C:\Windows\{311D77B4-F315-4da5-8EE5-A73F5A9BF251}.exe
                        C:\Windows\{311D77B4-F315-4da5-8EE5-A73F5A9BF251}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:2584
                        • C:\Windows\{E756108C-A391-46d1-A2C4-6936F9B4004A}.exe
                          C:\Windows\{E756108C-A391-46d1-A2C4-6936F9B4004A}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:5088
                          • C:\Windows\{6DA081F5-D9B3-49d7-9BCE-57229C119E45}.exe
                            C:\Windows\{6DA081F5-D9B3-49d7-9BCE-57229C119E45}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:1688
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E7561~1.EXE > nul
                            13⤵
                              PID:2644
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{311D7~1.EXE > nul
                            12⤵
                              PID:3220
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C1AEF~1.EXE > nul
                            11⤵
                              PID:4188
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{5DAE0~1.EXE > nul
                            10⤵
                              PID:4492
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B5A43~1.EXE > nul
                            9⤵
                              PID:1564
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{56EE4~1.EXE > nul
                            8⤵
                              PID:3344
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{8D343~1.EXE > nul
                            7⤵
                              PID:3168
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F0A42~1.EXE > nul
                            6⤵
                              PID:4664
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{52B42~1.EXE > nul
                            5⤵
                              PID:4408
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{5D789~1.EXE > nul
                            4⤵
                              PID:2472
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{9484D~1.EXE > nul
                            3⤵
                              PID:636
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:1552

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{311D77B4-F315-4da5-8EE5-A73F5A9BF251}.exe
                            Filesize

                            180KB

                            MD5

                            8a57648ec31b2785152a0b4db450baa6

                            SHA1

                            727c69cbb2b90d96ca36d0a76e92618d99efea24

                            SHA256

                            5821b3ddc22ac57f15ffa1a9f73c4dbdd5d87ee2162a5bc7477e4045e973e50e

                            SHA512

                            415e34b437863ef8110f6f9b8b8116dda9fe0880f6aa43927a40b087d9ef27f696fd1b486d98aec33da88e53a5d64e5b75af4c9d1e1d3dcb8f8d0c16110097cb

                            Download Submit

                          • C:\Windows\{52B426A5-9104-4c66-969D-5C49A4113AEA}.exe
                            Filesize

                            180KB

                            MD5

                            aeb42725ee40e4645e95934251f71ca7

                            SHA1

                            a6b64a1ff49e3956af8e602920a75833b8461d34

                            SHA256

                            be2bf3882c6fb132dcb6c68b2821f14e7c6781461181df0958e538f422fce46c

                            SHA512

                            874c25aee1fb553576d143d84d30bf8929249ef3d22732c15c79a50891aa98fe76c5d521f517187bf3c3a1ccab04453888f2ab599885029683edab9d2b6e97f3

                            Download Submit

                          • C:\Windows\{56EE4EA7-6405-4042-BC34-777A665A4DD4}.exe
                            Filesize

                            180KB

                            MD5

                            9b9fd2da0392b84942508511ef10c091

                            SHA1

                            4a5c16fade331553f81cc1cd4c355d70885e0189

                            SHA256

                            d7a86dccbbeef78240cf6cefdb42aa0ff0436e3f130115ec54a6f9b63589b995

                            SHA512

                            e44247b60bb792c201ba68968e66764a65df4c12d731e6332155eadf6135d275e51279b2d1e88d1bfe1cd3b9e155684b9964f119e8b3d4cf63becefe2b6a2fb8

                            Download Submit

                          • C:\Windows\{5D7896BF-6D3F-41ba-827D-848181B35F30}.exe
                            Filesize

                            180KB

                            MD5

                            e4bd5bbe1ccf975be5daed5fddffd6b8

                            SHA1

                            a10a150a4fcc83a15f439f91acdfc9b8d5220e8b

                            SHA256

                            e769d8eb78a816668983ad502c2e394ebd763a50667c279fe1c6b838780a91c4

                            SHA512

                            b14fecb9db226339fb880456cdb41cd11bfd9dc967cf686b01c0c0cfe8f9b30c62e9f97eb75503c814fa12442d074abf19d6fb2fac07cc2b315cfa29f1b9fff5

                            Download Submit

                          • C:\Windows\{5DAE02AE-6DF7-49bb-AAD8-9CA808C9C14F}.exe
                            Filesize

                            180KB

                            MD5

                            7e4e0561e196e206ce438e2c2aa9b5da

                            SHA1

                            c910e46a60c26933cf98ea7ff10a679411303339

                            SHA256

                            3c4ed5e6d3649715fd2543a15e03589b47f1d8aea3735490df3b48a740734fe7

                            SHA512

                            240a830ec8d3ddb0c23db0955f68ca97bbaadd9894fbbc0b619e9a078cefb2a91f483d9eacc5f543a6fafbcfdc22c9fdd47c1cd46d676adcb5278f398a2492bc

                            Download Submit

                          • C:\Windows\{6DA081F5-D9B3-49d7-9BCE-57229C119E45}.exe
                            Filesize

                            180KB

                            MD5

                            4763d321e3c67e321865839187626577

                            SHA1

                            c464d4c8dcf0ee9aa97babe43132be44315f55c7

                            SHA256

                            55b8fd8a08e71c6b39690d3009629b5d25e719950cde35b9175c0ed26aebdbf2

                            SHA512

                            586f9b3385ee5f6a6230d43424a903d91bbde6209993a57deb5fd46fafac500c521d2f00d7d7c43d222b54d98504116a18d845fdf689ec9933d098e42959eeb7

                            Download Submit

                          • C:\Windows\{8D343C26-96B1-4e16-A3CD-AAEB9852885A}.exe
                            Filesize

                            180KB

                            MD5

                            3177ae2c003aad0fd968d018e1f80717

                            SHA1

                            bd49030e52b581ef1117c67e931dcc287cdcbe62

                            SHA256

                            e2c2136f8d0e6a06730434d292ecb2b9f4e6ad4c704d1910880fcbf465945c3a

                            SHA512

                            656c381752c418612396146d92faec19dc264c25210f8715d925906ce621a06cb41a376230cfa1d541cb0fb38d3a5dadfda6058c3df90e887a2342f3c243ad29

                            Download Submit

                          • C:\Windows\{9484D451-47A2-4a4b-AFC5-49B710CC0D49}.exe
                            Filesize

                            180KB

                            MD5

                            2d3328b662af196333a7f3bf9dc97b91

                            SHA1

                            d38d3dbd1b846ec689aff0ae21c3400fdb425c91

                            SHA256

                            e068728e64e026a5cdf0cf901b75904478b3646a1f3b99efbfa204953905d7f7

                            SHA512

                            847484f71f70c372e86e9e8808ff88765ed7cbcc3ff0cc5d10d6a1a0127a7405be9827da90c5b04c124f6474c2405e90510af3124a10344663de7aba83f0187e

                            Download Submit

                          • C:\Windows\{B5A4300C-B4B8-440e-90FA-6B5EDA394147}.exe
                            Filesize

                            180KB

                            MD5

                            ae033471934a7c90c2042f59c38517ef

                            SHA1

                            e1435b35b34dff33b27a6211538723d6e456c03f

                            SHA256

                            0886a998e84cc13aa79955b3ddf2fdc74975c05902d0fec2a094379dd91c5805

                            SHA512

                            8abaa745aac5d4d82eb0f696bff13ead8f4ec7c1f073308dc0e3d0edc3c5f0002ce7fedcd0819c6154e298f3a10558b918490bb8fcb9e0e4235c40706e58a0d3

                            Download Submit

                          • C:\Windows\{C1AEF4C9-2A34-496e-A964-1EC198DEF940}.exe
                            Filesize

                            180KB

                            MD5

                            399186bdc735334fa99ea298e6a8e434

                            SHA1

                            e773b4de203b1dd9abd943fc75561011c9b16d06

                            SHA256

                            d41683655f48bd7049c76d749d5cf8d4f26d65ddd4c153496cbc004e34fa71b2

                            SHA512

                            55b7e5475e9e0427c60db143d0a441cd3dd1f9b3c468a501cd68502c7a06aef885f7d6a68023662374bd666bbf0e0542af5f86d185c6adbfa2cae1dcfa6590f0

                            Download Submit

                          • C:\Windows\{E756108C-A391-46d1-A2C4-6936F9B4004A}.exe
                            Filesize

                            180KB

                            MD5

                            2015aa6dcceba53c894643ec613513a7

                            SHA1

                            b5d13dbc8492d6c59c0ac432cd14f3e7aa82cd03

                            SHA256

                            c22b49def0a27634fa3cd6c78eec5ff38ab158e99c808a1a258eede0efcbbfe1

                            SHA512

                            e3ff054a14207d4025622ec5396b133cff6d3869a9d6c7e3f3089b2081802d3eb70d234e9cbc4d77da780607fd36585209d511433b249c04ecc588337e057d02

                            Download Submit

                          • C:\Windows\{F0A42928-A44A-47d0-ACC9-4718FE38D5EA}.exe
                            Filesize

                            180KB

                            MD5

                            61c8d24a25a2024b82b25694ab67e90a

                            SHA1

                            5f7e5268890d969f8bf3b4586af92d97b2814b9c

                            SHA256

                            eb258f9af199fca26bc7f83b36e6e27abfdcfae6684d5d89d0895567d728c565

                            SHA512

                            ef32a3cc0ee2d030176d96d7b90ac4de503f13bd7670ba7e0af35fbccb6f398449a53324781ee7908d67a52fc04dc61d221988264fd3a8a4ffb4501618a7425d

                            Download Submit