Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-17...ye.exe

windows7-x64

9

2024-04-17...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 03:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_7e107f0862a535d54cd39f599a3b6b65_goldeneye.exe

  • Size

    408KB

  • MD5

    7e107f0862a535d54cd39f599a3b6b65

  • SHA1

    c0c578fb73ed28a69be9260a08c493569a63972a

  • SHA256

    71cece2a13efc8762f2c239258842d63ef37ea8320e8db5e31f38f71e55bd9b9

  • SHA512

    6e9b69139bab418c5f6ef427d12fac08790b2f09bf6dfeeb7c469918a6fa2c620ee85b85860b070b9bce194e2825d2f210df4e03b2cf25dff3f0afb75705410d

  • SSDEEP

    3072:CEGh0oZl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGvldOe2MUVg3vTeKcAEciTBqr3jy9

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_7e107f0862a535d54cd39f599a3b6b65_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_7e107f0862a535d54cd39f599a3b6b65_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Windows\{458B6765-5598-40fc-92F1-9A760BFAE7D0}.exe
      C:\Windows\{458B6765-5598-40fc-92F1-9A760BFAE7D0}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3248
      • C:\Windows\{6CE0E040-33FD-4b02-A57A-CBFC0D4F9592}.exe
        C:\Windows\{6CE0E040-33FD-4b02-A57A-CBFC0D4F9592}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4748
        • C:\Windows\{844A6CBA-EAA0-4071-B668-3E3E5360FC21}.exe
          C:\Windows\{844A6CBA-EAA0-4071-B668-3E3E5360FC21}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4536
          • C:\Windows\{13C92C66-0EEF-4f0a-B4CA-C86B9D2E60BF}.exe
            C:\Windows\{13C92C66-0EEF-4f0a-B4CA-C86B9D2E60BF}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4316
            • C:\Windows\{D2F9DB37-7593-4308-897D-475FC629C08F}.exe
              C:\Windows\{D2F9DB37-7593-4308-897D-475FC629C08F}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2640
              • C:\Windows\{3995F2D6-FBAC-4a7c-9FDE-D61F55D40636}.exe
                C:\Windows\{3995F2D6-FBAC-4a7c-9FDE-D61F55D40636}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4584
                • C:\Windows\{AA756A37-C8AA-4f08-BBB5-FAFF3299EC96}.exe
                  C:\Windows\{AA756A37-C8AA-4f08-BBB5-FAFF3299EC96}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2320
                  • C:\Windows\{B4967BFF-CCBF-4d22-B51E-9D2F3AAF2769}.exe
                    C:\Windows\{B4967BFF-CCBF-4d22-B51E-9D2F3AAF2769}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4912
                    • C:\Windows\{CBA524F0-D48C-4a44-ADAC-7FE147CC023D}.exe
                      C:\Windows\{CBA524F0-D48C-4a44-ADAC-7FE147CC023D}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4744
                      • C:\Windows\{C5DC1149-B2D1-45c2-9DA1-A18194C761AF}.exe
                        C:\Windows\{C5DC1149-B2D1-45c2-9DA1-A18194C761AF}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:3264
                        • C:\Windows\{DB1E690D-EE19-4cfc-AF6A-AF5A13C5514A}.exe
                          C:\Windows\{DB1E690D-EE19-4cfc-AF6A-AF5A13C5514A}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1548
                          • C:\Windows\{A8DA02C3-6643-4747-B224-314AD65F6F24}.exe
                            C:\Windows\{A8DA02C3-6643-4747-B224-314AD65F6F24}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:3772
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DB1E6~1.EXE > nul
                            13⤵
                              PID:64
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C5DC1~1.EXE > nul
                            12⤵
                              PID:1180
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{CBA52~1.EXE > nul
                            11⤵
                              PID:2864
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B4967~1.EXE > nul
                            10⤵
                              PID:2412
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{AA756~1.EXE > nul
                            9⤵
                              PID:4176
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3995F~1.EXE > nul
                            8⤵
                              PID:2768
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D2F9D~1.EXE > nul
                            7⤵
                              PID:2528
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{13C92~1.EXE > nul
                            6⤵
                              PID:332
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{844A6~1.EXE > nul
                            5⤵
                              PID:4520
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{6CE0E~1.EXE > nul
                            4⤵
                              PID:2612
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{458B6~1.EXE > nul
                            3⤵
                              PID:624
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:1988

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{13C92C66-0EEF-4f0a-B4CA-C86B9D2E60BF}.exe
                            Filesize

                            408KB

                            MD5

                            41be3dfd551e016341d911ce0c8a0288

                            SHA1

                            f1eba11500aa1360a562e8ab310da3503c8df3e9

                            SHA256

                            c1b425f7359965d2edc7f4f59017e81e0f9834026b01c2da1b2eb03e9b9e046a

                            SHA512

                            bcadcdf1b5f449b661ce3f4fd120e0c3d014c7210f866b2ab153bf1a7ed9be3e729d076b2ef06c5b2a0a4f9cea80be2f5fe4e71ce9e40d48873f2cd54e08bc27

                            Download Submit

                          • C:\Windows\{3995F2D6-FBAC-4a7c-9FDE-D61F55D40636}.exe
                            Filesize

                            408KB

                            MD5

                            ee92b0392a323ccf8a8519fbde417bab

                            SHA1

                            bfa3e78097f4844a8bbfe15a164634d5867c6bae

                            SHA256

                            e54047207104513d8886a23d350a1db25ba7d848ae4dd304220c9b453d47d108

                            SHA512

                            ef8118f7121a16227b571b4c7449e5b8c7cbed68c912fadef25e653271bfd89688d971de96a29aad52cc36a98be541d4049f806fd2ab3994f24966966ae8c8aa

                            Download Submit

                          • C:\Windows\{458B6765-5598-40fc-92F1-9A760BFAE7D0}.exe
                            Filesize

                            408KB

                            MD5

                            7fb2bb628556ff1d9dcc564d38dbf2fb

                            SHA1

                            cce8e81fbab2828c47e29d8b345f451f4f2733e4

                            SHA256

                            f48f1b60a64e1914872f6e5029055eb3ee79ab49fbced44414dc3fc2f9bbf269

                            SHA512

                            c2e066620f24e205e2e0ac847f0627cbcfc200138af4ef5b064c8928b47b1140e5e62770a51e804bc550827d981b849aa071bc074c2280c7e7b9884496030869

                            Download Submit

                          • C:\Windows\{6CE0E040-33FD-4b02-A57A-CBFC0D4F9592}.exe
                            Filesize

                            408KB

                            MD5

                            0946a047355a5c297f57f2126a6da988

                            SHA1

                            8f4aaa77230216820f37a6f360df8e2957e7015c

                            SHA256

                            519486fbad72ab54463f54981af81bc6f653ea00fe6cc24a05f50bb03dc321c2

                            SHA512

                            23514ba6d608197fb5407362c96454bc81af26724fccb3f4926a87d720a2e30bc1d9d3b9fb2caae1df6c85d79b216f19d14eec1cab85607ec9540fbcc88f6293

                            Download Submit

                          • C:\Windows\{844A6CBA-EAA0-4071-B668-3E3E5360FC21}.exe
                            Filesize

                            408KB

                            MD5

                            204a7a5d187bafbf56ff28fdf7d7f7a5

                            SHA1

                            62a478190c355ad006a38a7daf43ad4f4d2d4ba9

                            SHA256

                            175d32eae2f211c859aeee654a2e0b69d0cacf9089c59a9c6b5cb7a110af1cb0

                            SHA512

                            92c97aa7de3c6a01817ac28aaa34801cdf4f237637f668e8fc556a8987f7ded00723086e18ad59cac7d10fdd4e14d017ab14aae7e45dadd6d13e7ed7486023b9

                            Download Submit

                          • C:\Windows\{A8DA02C3-6643-4747-B224-314AD65F6F24}.exe
                            Filesize

                            408KB

                            MD5

                            ff3c8b8ca08c3cd5455bf2f60d0b7403

                            SHA1

                            57c57722d22635a49479356292b2b26ec09d8fa9

                            SHA256

                            52af0259088541f44ccb02c1390f34124fe4d90f087d5bd51aa60148833cd935

                            SHA512

                            c58614a42db047b6a9857394bde199880fbce838491d69515e8dd560e77132fb4251d23d60b28c1ef63caa15278a99b5c7b4778928af2fca1cb6078253faf9c7

                            Download Submit

                          • C:\Windows\{AA756A37-C8AA-4f08-BBB5-FAFF3299EC96}.exe
                            Filesize

                            408KB

                            MD5

                            3aa7951b47014fe7be3c240deb71ff17

                            SHA1

                            803a7e11c497a5d27cf7ff23c146094e0f8abdb1

                            SHA256

                            014583d1e7daf8e2daa8845305f4ab65027b271ac736737e23961b5c8af28d9c

                            SHA512

                            dbe00169317c2e38e4add7fdd062dc88fbad004fe63a95551ab48b0fe7ecb3eae75db8fb092533799b723a767724c55eb76053519303398caeee5a8cb19c101b

                            Download Submit

                          • C:\Windows\{B4967BFF-CCBF-4d22-B51E-9D2F3AAF2769}.exe
                            Filesize

                            408KB

                            MD5

                            0853097067159c07150ba93d2bb7c5a5

                            SHA1

                            1f5889f984bfa59f2d5a6276f7aa89164042a6a5

                            SHA256

                            63dc3886c43149d98c5ef3cb51d4d7ace5611a265b844172228ca017a51d825d

                            SHA512

                            9c7a16f390a6fb21351f986d0bbae67c5654d718e0cce62c167745e09ba3acae738846f8507f6a7048166928619e76685ed0df9a73b63e1b8d884386b57f91ca

                            Download Submit

                          • C:\Windows\{C5DC1149-B2D1-45c2-9DA1-A18194C761AF}.exe
                            Filesize

                            408KB

                            MD5

                            e48019b7f1bac265a86a04e148aa3fef

                            SHA1

                            ff89eba4fa0c9bddf57d57759d217606af683c76

                            SHA256

                            ed53306232b1d836667197c8881ee903f5d1b64250d1e5b16a3c64b0c39bbb21

                            SHA512

                            b1439dc8b821ff575d81f97f3caad4deb8d480af02c72f5ad6cb433350e247be21a9ea8c6e974eb00497bca47b072ef4613ec5de72ff35586a0ab8ef5c01dc78

                            Download Submit

                          • C:\Windows\{CBA524F0-D48C-4a44-ADAC-7FE147CC023D}.exe
                            Filesize

                            408KB

                            MD5

                            5b1ad44501cd1f51161de80db1d2a534

                            SHA1

                            7154bbe0ac961f429742cd8715e1b4fb070753d4

                            SHA256

                            fbb2c1c519d35ade340f415d00bcbeb9b515e840ec96df60606353d736f6ece1

                            SHA512

                            23eb4cf1295220f7613ab20cf0560658f9fd08f319266da1cf5d67b6e1fa6c1dfbe896024a8213cbcf219cd01287d72c0c1c12ac7054a2df1a98d47db190a7b8

                            Download Submit

                          • C:\Windows\{D2F9DB37-7593-4308-897D-475FC629C08F}.exe
                            Filesize

                            408KB

                            MD5

                            d219c5bd699c95c3b96e7d910b855fab

                            SHA1

                            69b2bac1335b595b1cb63d3bcf19693ab3997b8b

                            SHA256

                            961701e8bc62d1c532b72bc8903a00de24bc7e8bd85c29238ea48a7a25f64562

                            SHA512

                            7bc1bede9d2e74715e4f3c57ab11dc57a754908bbf1caddac9c3d90a981ae3e3312d3f4c72985bb29dacdd4a1aabf2200f3e5b2d96121178317c1d9dd9402bd8

                            Download Submit

                          • C:\Windows\{DB1E690D-EE19-4cfc-AF6A-AF5A13C5514A}.exe
                            Filesize

                            408KB

                            MD5

                            b39c4c6e7265c551625339bb708b39ad

                            SHA1

                            be1337b72c9b582223e9c3f2d383a0a53088840a

                            SHA256

                            30e4f44df91e4d6c64964cd4c49c68b24e261e394514649be021ffb05ef67add

                            SHA512

                            c9bd6a7aa0753e0d89d8b43c6a59c7f4eac04b942923782947dd49d110e71d029b188b240f22ea84bc766187fbad411f4e818db90247a1f2024683e37c510f4e

                            Download Submit