Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-21...ye.exe

windows7-x64

9

2024-04-21...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-21_c84dfd0d50a2556361eec842fcde25f0_goldeneye.exe

  • Size

    372KB

  • MD5

    c84dfd0d50a2556361eec842fcde25f0

  • SHA1

    3a641302abee20fe1c02447c6fe454f6ef791744

  • SHA256

    000f03aac5a2cc884610d2b63248375cf6bb109fcc80e2a26ad1748248aefa39

  • SHA512

    f1fbe0692c034f4f239f304121ea120f6ddd0e83c9ccbf8d1f6cbe4e12341818e7a6c20e4543c6fe8624aa797f3860c7002fd553d70432dbac1d100bb5aa51bd

  • SSDEEP

    3072:CEGh0o0lMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGulkOe2MUVg3vTeKcAEciTBqr3

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-21_c84dfd0d50a2556361eec842fcde25f0_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-21_c84dfd0d50a2556361eec842fcde25f0_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\{A70E2CEF-6CCD-4221-AB78-5D8CF0AE4F2D}.exe
      C:\Windows\{A70E2CEF-6CCD-4221-AB78-5D8CF0AE4F2D}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:540
      • C:\Windows\{734ABBCC-620E-4765-8E4A-F04EE376E4AF}.exe
        C:\Windows\{734ABBCC-620E-4765-8E4A-F04EE376E4AF}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:612
        • C:\Windows\{5847E2DD-08E2-45be-9DEF-5EF61F332297}.exe
          C:\Windows\{5847E2DD-08E2-45be-9DEF-5EF61F332297}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4108
          • C:\Windows\{2279D85A-9740-4638-B680-E2B049432124}.exe
            C:\Windows\{2279D85A-9740-4638-B680-E2B049432124}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4976
            • C:\Windows\{FBD52074-C82F-4775-973C-F8198BAE5E91}.exe
              C:\Windows\{FBD52074-C82F-4775-973C-F8198BAE5E91}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3580
              • C:\Windows\{FBEF2FFE-6E38-4cbc-B95A-86AA856A9DA4}.exe
                C:\Windows\{FBEF2FFE-6E38-4cbc-B95A-86AA856A9DA4}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2632
                • C:\Windows\{2AF79C92-E2C7-49d8-A855-E93A0761AD69}.exe
                  C:\Windows\{2AF79C92-E2C7-49d8-A855-E93A0761AD69}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2192
                  • C:\Windows\{5951BD7E-C437-4858-97DA-3A4E175275E3}.exe
                    C:\Windows\{5951BD7E-C437-4858-97DA-3A4E175275E3}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4856
                    • C:\Windows\{46A3B82B-5D73-44c3-BAB8-DA3D1BA512E1}.exe
                      C:\Windows\{46A3B82B-5D73-44c3-BAB8-DA3D1BA512E1}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3844
                      • C:\Windows\{4611D7D5-D7CA-495d-BC97-35DA562CC516}.exe
                        C:\Windows\{4611D7D5-D7CA-495d-BC97-35DA562CC516}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:1200
                        • C:\Windows\{F9715177-3B23-4f93-B296-A52D8BC857A0}.exe
                          C:\Windows\{F9715177-3B23-4f93-B296-A52D8BC857A0}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4528
                          • C:\Windows\{82162B9A-D8AA-46d8-B7BD-1739CF6EC9D8}.exe
                            C:\Windows\{82162B9A-D8AA-46d8-B7BD-1739CF6EC9D8}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:4788
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F9715~1.EXE > nul
                            13⤵
                              PID:3120
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4611D~1.EXE > nul
                            12⤵
                              PID:3672
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{46A3B~1.EXE > nul
                            11⤵
                              PID:948
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{5951B~1.EXE > nul
                            10⤵
                              PID:4772
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2AF79~1.EXE > nul
                            9⤵
                              PID:1092
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FBEF2~1.EXE > nul
                            8⤵
                              PID:3016
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FBD52~1.EXE > nul
                            7⤵
                              PID:4996
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2279D~1.EXE > nul
                            6⤵
                              PID:4880
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{5847E~1.EXE > nul
                            5⤵
                              PID:3696
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{734AB~1.EXE > nul
                            4⤵
                              PID:2316
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A70E2~1.EXE > nul
                            3⤵
                              PID:1888
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2284

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{2279D85A-9740-4638-B680-E2B049432124}.exe
                            Filesize

                            372KB

                            MD5

                            5ed4b58e13e465a964bd6c0706a75c92

                            SHA1

                            837e3a696a952da11528a51c679d25f37eab91ec

                            SHA256

                            19089a630c83bd81cdbabc6069e814b7aa27fb19d57a47b8fa62d06da4a2f302

                            SHA512

                            8b642f408ca5f25ba15e4fa57a70bdfe4023ffe598deaa2904ac211753636748566192ad7e6d60a109e6d309ec501de9f87f8d7f1bf94ae676cca71a675d3fed

                            Download Submit

                          • C:\Windows\{2AF79C92-E2C7-49d8-A855-E93A0761AD69}.exe
                            Filesize

                            372KB

                            MD5

                            ab0c16e9bff79a0946153d448f59e423

                            SHA1

                            6d22a1cf9c10c639873d5f56001b4e47165808e9

                            SHA256

                            09ab8acd4bda7bfe6ce9025b2ce42bb69724b8307f54d747cdb84f94f92640d3

                            SHA512

                            cf64e6f538216a8fd5cf79affdbbb578369aa05a80d897951fde137cd91232a483015f052a3622b5f7d9b446e14d6b0304110be2d3c0221681f5b3449eb867cd

                            Download Submit

                          • C:\Windows\{4611D7D5-D7CA-495d-BC97-35DA562CC516}.exe
                            Filesize

                            372KB

                            MD5

                            2c2f092e181d09a5b260d1ca0d68f886

                            SHA1

                            f43b00a583166f137e15218b196631fd42761e1b

                            SHA256

                            c8d16d0d165d84e6c00960b68915f1d1e9f057deb6017a91754f3fd8b1262d6b

                            SHA512

                            3beef333c37cf85f0b02782bbcf17aec4f0a39534c3f8d8f7c7670928f4bd175c3249d466db3d1b19db9ab370d93c98f17cb3c7d2ce50ad72a838b4a6fc943ee

                            Download Submit

                          • C:\Windows\{46A3B82B-5D73-44c3-BAB8-DA3D1BA512E1}.exe
                            Filesize

                            372KB

                            MD5

                            4c4e78f0b20183783315871c36eb0075

                            SHA1

                            0ce5be60bdbe944af70d41988074f22ebfcd73b9

                            SHA256

                            c2bd5eb061af7a5edcf8b59d8f8aada338a7b8e2a98143cd3c664b155ac63b32

                            SHA512

                            dd70b5f5eb2a4c09dd219ab887a406a3ecc531dcb27b82369a953d66eca897f23e096882ca5aca219e58c10e8c7d3c4b9e23107c9adc98949c8161bf17683599

                            Download Submit

                          • C:\Windows\{5847E2DD-08E2-45be-9DEF-5EF61F332297}.exe
                            Filesize

                            372KB

                            MD5

                            1cd2f486259d2af18e47dbd7233e43eb

                            SHA1

                            4c6416aeacf9d23362f1c43c6533da12260dca02

                            SHA256

                            32cf53b0e491d31e18a238c52e213e2f3e7f188e34e78eab95da32cacbc082c0

                            SHA512

                            8b853e15f3570ff69c73dac9b77112b58d4ab4ebe41106392b2070aa4d9c1716bc87d87f838850113a977f83ad8f6fa65230f6ddadb399c513296bb2fc6b831b

                            Download Submit

                          • C:\Windows\{5951BD7E-C437-4858-97DA-3A4E175275E3}.exe
                            Filesize

                            372KB

                            MD5

                            bac36627c72b2dcd6484923c39a786ac

                            SHA1

                            1ab527078615ea5e29d81f8ef7a358174aa13516

                            SHA256

                            0c2a8a6075ce19cf4d78a9ace0940a337b2e09ae6eb2a7f4fd84dd05b897c3f6

                            SHA512

                            d319b643576d176ce8048dfc77923837a053654b75d260aa23ed83e644ddd9888da21de95e389b102705a06c64d3c9e84acad88dcac4f98b47d646b686967ab2

                            Download Submit

                          • C:\Windows\{734ABBCC-620E-4765-8E4A-F04EE376E4AF}.exe
                            Filesize

                            372KB

                            MD5

                            ee346ec0119f68cba6c6543d9b60b65c

                            SHA1

                            f09524d619f48cf038b7f432bdcd833b928fa207

                            SHA256

                            033b04f8d8a6472a9a7bb62f5f0434738b24d3f70582720dc52c1798dbce5efa

                            SHA512

                            b3f4a8b73dddc5c00c541659ce8a5fc5e158dd393a27d93abf197395eb6de0dc191339a198e77d755f41e5878887570697cd113d3595f2f15b6d390922343474

                            Download Submit

                          • C:\Windows\{82162B9A-D8AA-46d8-B7BD-1739CF6EC9D8}.exe
                            Filesize

                            372KB

                            MD5

                            49d19aca816b47199fce7b9e4e391d19

                            SHA1

                            fca8993e1be42d3aec5ce18d1faa5d0f5c49deb4

                            SHA256

                            2efcad936ee4a71bf382245ea24c75641aec6e1e82ca5c566458607fee01db6d

                            SHA512

                            5b758466086bc965b254ea386af165d431ed7ee3de19b8889e4e3f4cf9efc27c150853046c602d2b5dc14f2fbed31c48a1ae57657eb709a855a3546d5c0cc3e5

                            Download Submit

                          • C:\Windows\{A70E2CEF-6CCD-4221-AB78-5D8CF0AE4F2D}.exe
                            Filesize

                            372KB

                            MD5

                            6fef3b6c63cbcf190c9dcccbe94f324a

                            SHA1

                            ed91bf892690d06e4ca9d9dc1a50d9d82c087e6f

                            SHA256

                            e0c9b94ee73d7d862abe47f63ddadcf3e697242b8aeb44969dd2f97320c92397

                            SHA512

                            1e5f4aee9ca4835a497444bf9e5ccd0940c70111594b70bf1933dc5d6c836c12676d2b2b9703cc95b3d99559f92bc6b1c8467f8de2d7e805bc8cdff77cb5b5c5

                            Download Submit

                          • C:\Windows\{F9715177-3B23-4f93-B296-A52D8BC857A0}.exe
                            Filesize

                            372KB

                            MD5

                            6657547fb8e7787d8a61d8521efd5c82

                            SHA1

                            920d02fc662eacab90caf2c31d446ff5a16f3b38

                            SHA256

                            3c74e63163dd91412259278fd7d82948a986ceadbd905073dd17208c0f3518d7

                            SHA512

                            786f9d02f10521aa41dc3706feda6a4c6f438460301c40b51799edc5a351573e05633867b2530b4b16cacbce0e976075836cd5e68810a05a3127292a5333d025

                            Download Submit

                          • C:\Windows\{FBD52074-C82F-4775-973C-F8198BAE5E91}.exe
                            Filesize

                            372KB

                            MD5

                            dfadda31d245513d75b44c06c52cd869

                            SHA1

                            3d95b036da7054fb2a5a60ab37e4659e9c9a2926

                            SHA256

                            4462d0488ed158b9d5083cce2b93bb748628400138f660d4594e2b7fd530db7e

                            SHA512

                            2cde7d9f774bbd259413b5bd66bd16517143a67936ba1db9f7a6c91b851996b6d26e374a6eb439191b3d05d882a2a78c0b3163b995368416cedeefa347d307d3

                            Download Submit

                          • C:\Windows\{FBEF2FFE-6E38-4cbc-B95A-86AA856A9DA4}.exe
                            Filesize

                            372KB

                            MD5

                            b57f181ebdadf4c031af365c5d1ed539

                            SHA1

                            3d3d25456c93e2a6133c0e6342e19d95ea5e6b86

                            SHA256

                            6db743d19ffafabd43331c8bcc2b1d158b79cf1843ae627956f7ac563d890b7e

                            SHA512

                            843385ee03bcf5a3d9f72cfbb7295dc0e1c41688d7896c1d7be982c085d9467df9188ea9cd85c23cf1bbacc6312c878fc06ebcc9684c38b55b9798b26ffd83fa

                            Download Submit