Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-20...ye.exe

windows7-x64

9

2024-04-20...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-20_777754c13d3dc22f08d6082e8e27d82e_goldeneye.exe

  • Size

    197KB

  • MD5

    777754c13d3dc22f08d6082e8e27d82e

  • SHA1

    3e1ba56b7c4918c60a6dcb87af77dba9c2bb9a02

  • SHA256

    7e659811f2be64b1eb8a8effa6f5fec378c2f3f1930423be406fe1b331c15b57

  • SHA512

    a78f9fee8fe4b492da5dd9b70ad2a46ba7646630f1011b7878c37c324c3f3c75c8bde5e713c745a997a69565a3951f41e2aa65dbc54ae83ecaf4c0ae116b9d82

  • SSDEEP

    3072:jEGh0obl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGRlEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-20_777754c13d3dc22f08d6082e8e27d82e_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-20_777754c13d3dc22f08d6082e8e27d82e_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Windows\{AB105FD2-BAB5-42c4-BEAC-BDDA06BC78B0}.exe
      C:\Windows\{AB105FD2-BAB5-42c4-BEAC-BDDA06BC78B0}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Windows\{82AFA5D6-E7B6-4764-B72A-786878CCA04A}.exe
        C:\Windows\{82AFA5D6-E7B6-4764-B72A-786878CCA04A}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3404
        • C:\Windows\{00208C7A-27BF-49b7-AD45-7022AE2B9929}.exe
          C:\Windows\{00208C7A-27BF-49b7-AD45-7022AE2B9929}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4488
          • C:\Windows\{46E8505E-093B-4730-AD2C-61480BC04BFE}.exe
            C:\Windows\{46E8505E-093B-4730-AD2C-61480BC04BFE}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4696
            • C:\Windows\{0B1622BD-4FDB-48e0-948C-710459BCD191}.exe
              C:\Windows\{0B1622BD-4FDB-48e0-948C-710459BCD191}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2112
              • C:\Windows\{039A395C-96E7-4805-BE8D-50CEEC02E793}.exe
                C:\Windows\{039A395C-96E7-4805-BE8D-50CEEC02E793}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1616
                • C:\Windows\{C10F43B3-4C1A-49e5-9B4C-3A7404E32039}.exe
                  C:\Windows\{C10F43B3-4C1A-49e5-9B4C-3A7404E32039}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1608
                  • C:\Windows\{57636967-A717-4f40-8C19-DF9C323D7711}.exe
                    C:\Windows\{57636967-A717-4f40-8C19-DF9C323D7711}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1832
                    • C:\Windows\{A5454EA4-46F2-4288-83DE-A9EB4AEB7FAE}.exe
                      C:\Windows\{A5454EA4-46F2-4288-83DE-A9EB4AEB7FAE}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2972
                      • C:\Windows\{5C9013A8-3168-4e85-87CC-ACBB1ED46011}.exe
                        C:\Windows\{5C9013A8-3168-4e85-87CC-ACBB1ED46011}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:1084
                        • C:\Windows\{F1266E94-CC20-4908-87D4-C24A42DB016B}.exe
                          C:\Windows\{F1266E94-CC20-4908-87D4-C24A42DB016B}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3988
                          • C:\Windows\{EB4361DD-F2E8-4e2e-B067-103257887810}.exe
                            C:\Windows\{EB4361DD-F2E8-4e2e-B067-103257887810}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:3620
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F1266~1.EXE > nul
                            13⤵
                              PID:3772
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{5C901~1.EXE > nul
                            12⤵
                              PID:3804
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A5454~1.EXE > nul
                            11⤵
                              PID:3128
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{57636~1.EXE > nul
                            10⤵
                              PID:2288
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C10F4~1.EXE > nul
                            9⤵
                              PID:332
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{039A3~1.EXE > nul
                            8⤵
                              PID:1472
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0B162~1.EXE > nul
                            7⤵
                              PID:2356
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{46E85~1.EXE > nul
                            6⤵
                              PID:3616
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{00208~1.EXE > nul
                            5⤵
                              PID:5088
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{82AFA~1.EXE > nul
                            4⤵
                              PID:2292
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{AB105~1.EXE > nul
                            3⤵
                              PID:924
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:1288

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{00208C7A-27BF-49b7-AD45-7022AE2B9929}.exe
                            Filesize

                            197KB

                            MD5

                            8c4ce11543702b3a1d324ea2b223cfc8

                            SHA1

                            3fbca765352b86999fdf20cbe1c9de36b4af6a16

                            SHA256

                            dc5a8eb713f30f39c87a59f2dde98eee016a7458f9fd6699d0a94fbde6c2da98

                            SHA512

                            e9a3db6654d4f864f8a37fd2660fd96bda29bbfaa20fca082a93c834199a2f2b0469946ee3c11ade05b3a73acda06983178573527ae1b6e04b66a6e916125627

                            Download Submit

                          • C:\Windows\{039A395C-96E7-4805-BE8D-50CEEC02E793}.exe
                            Filesize

                            197KB

                            MD5

                            bdc26496419be31431d8564e93a27e2a

                            SHA1

                            4c453c38183efb22a793752e5bc5b01206727dcd

                            SHA256

                            a166c0bd5cf50fa65caf4b66eedf340a1a6b9164a6c5a8fb91f5a18a596bef15

                            SHA512

                            6f8966406cee1a93107fccded4bc241297e680b19ef7268f53a723957a3b96d80aca76be9fd5d72cc8e142bcd314fe468934a63bcf6da4d8fb9e9bb7a576e5be

                            Download Submit

                          • C:\Windows\{0B1622BD-4FDB-48e0-948C-710459BCD191}.exe
                            Filesize

                            197KB

                            MD5

                            e946aaabd74cab2c98863bf9df03e0ed

                            SHA1

                            9ab638a7d163e078095b4d092c3b1d7b14fc2dff

                            SHA256

                            1a8fd302122c5b0b8b7bf6fe61565730abecf72d8f7af9a112889f8e927a2cc8

                            SHA512

                            ced60a1144c2cc47863fbbfec1471ad70df75521a3259afb1c55c14a7b8141f047de5b38e81dbf5812c5f2697cc2763eceb191e91f26505b04222d41b058dd35

                            Download Submit

                          • C:\Windows\{46E8505E-093B-4730-AD2C-61480BC04BFE}.exe
                            Filesize

                            197KB

                            MD5

                            0fe621cc119e50ed4e703b758885a3f0

                            SHA1

                            bf1cc3a2a8af3a46022a06a3c877af62c65c3d15

                            SHA256

                            e867338e126655186baedf61f2061ce925618a325767b2a0d51bd999556b4a5a

                            SHA512

                            bb9b9759d60e6e6050b10c505aac788fc96cd4ea99c7a5704fe4eb7f7d2fe4092fae10c0ef1b115a1f6234fb70a8db31fa1344e6275ba625a74ec66084adbd58

                            Download Submit

                          • C:\Windows\{57636967-A717-4f40-8C19-DF9C323D7711}.exe
                            Filesize

                            197KB

                            MD5

                            8f9069df2680fdb142a466c69e15e16b

                            SHA1

                            37812bc07d08008fe49b8abc0b56de5d56a81a38

                            SHA256

                            170f40d736146e01059689c8da2079455201b48bb5ff0b44cba594c5bd6e55ac

                            SHA512

                            3d7f6a542415c5dfcaf586a4dd3a09b6e234f5d8b925b995218a54de5da8e417c78ff4a34c9ca6946c0e4d120c591496ff96581edd9fe2c1a139b6a2218c80c4

                            Download Submit

                          • C:\Windows\{5C9013A8-3168-4e85-87CC-ACBB1ED46011}.exe
                            Filesize

                            197KB

                            MD5

                            42c26b8ff8403bf669008403d999fa9a

                            SHA1

                            c971d92f281764f7b647d78d3265b509d142c127

                            SHA256

                            cba0a992f1109992b4463da713eea3635e3ffc01501bcce63adda0f6396d1cf3

                            SHA512

                            a1a6c5fcf951b75be088c16c148c6debc52e9e95211a770a2c30258a19e88e49da5f581b29beeeac66c61f2b43af2e4ecb0a0d25280674188967ccc0453d3c61

                            Download Submit

                          • C:\Windows\{82AFA5D6-E7B6-4764-B72A-786878CCA04A}.exe
                            Filesize

                            197KB

                            MD5

                            01d2f04b77d497e02f0b73b4912f8e89

                            SHA1

                            8cb1797ee599ac9d672dfcb13a9a6c29596c0501

                            SHA256

                            572fd3f34caf8518ba790677acb33e4c3952f5e9b4f3044341ae63e700350fb4

                            SHA512

                            6180c56bd2395f95a40bbe43f5de30e2a2d7560684a5ea01372b702cce9c0cea82130f50e895a1b9e0cea2f34f8ca0a363e854129446b481190ef03f3ee4926e

                            Download Submit

                          • C:\Windows\{A5454EA4-46F2-4288-83DE-A9EB4AEB7FAE}.exe
                            Filesize

                            197KB

                            MD5

                            29d1ebc51c9d04aba9e36e51bb967096

                            SHA1

                            4b4ca94aae91bacdb0b8f6b2be25815629962a11

                            SHA256

                            cf05dd622e605c43cb7b4026771911aa329e76bacef10ff13ba75df3dbd41622

                            SHA512

                            9b67fc0c2ac52c8adb3689cbfba2ade1d44e81657fbd491a0c25f52a4035305cbef722cb5167882ea2e6a6e115b5f95cb0b2c5b38231de328f74da0519b88181

                            Download Submit

                          • C:\Windows\{AB105FD2-BAB5-42c4-BEAC-BDDA06BC78B0}.exe
                            Filesize

                            197KB

                            MD5

                            a91624857b82891fc61211fdcf895420

                            SHA1

                            71ce7dcd3d3b403b61c4ccb0bf33c48d0f134aa9

                            SHA256

                            53b38d5f088a5269107d93a24519ca278b862941aab1925123f69f6fa0497d7e

                            SHA512

                            734c6e4f5210d6898385715cbe8c141550c3a8584df8d91da6863562d096a9075bc11234a64b6ecf80eed33d215eedb3cf0e9fe2856efbe1e77faa279e865734

                            Download Submit

                          • C:\Windows\{C10F43B3-4C1A-49e5-9B4C-3A7404E32039}.exe
                            Filesize

                            197KB

                            MD5

                            0d528d55220cd1989fcb7800b154d0bb

                            SHA1

                            07b0895aa7610e147b7df1b1ca49c10d3bd4ad8c

                            SHA256

                            7cc9fdaa251c079c51ed687dfff6ece46906e5195e2f424cbe4645b5db07cec0

                            SHA512

                            fadae299cc05f2312e64552bb6a31751284201a6ec184514ca13d90eb2181f8b156f0d82bf25e9fdbe7ace50822e615d2c1fa919b167c5f151ff5f084471558b

                            Download Submit

                          • C:\Windows\{EB4361DD-F2E8-4e2e-B067-103257887810}.exe
                            Filesize

                            197KB

                            MD5

                            c35c362e5f396f93f87f193ab8c8eeae

                            SHA1

                            7dec20af92797e13168c3ab1ab5d2fef21d1c24a

                            SHA256

                            62c788373d35b91732bc5972c352e5d624bdbdda1c1d086bd1eb874a18d72e99

                            SHA512

                            d71b37cce2ebb728311ee7256b813b1a0cb44148ebfd032ddfee5a2cd648ff3f1814bcfe27b64cdc20c8168a85bbce522060ec358b0b32efdf82ad22aa5f360b

                            Download Submit

                          • C:\Windows\{F1266E94-CC20-4908-87D4-C24A42DB016B}.exe
                            Filesize

                            197KB

                            MD5

                            dcc97f44fb4608e696fce102cc0daa07

                            SHA1

                            60dadbcb9d5966d5003618361bb83a5d3d0744af

                            SHA256

                            4b3e4bb644b6255a42208c2e64186f116a6940b666c1f2bd6ff1edb777dba4f6

                            SHA512

                            d36b216ca5a98918cd09976b19f2bdd919015a3cb11a40d5fdcb9a4d74b93f12ceb80e239b3ebca9d1df2639ec483d4ecbd6bc5fb9330f80ca28a5db7a68df90

                            Download Submit