Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-22...ye.exe

windows7-x64

9

2024-04-22...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/04/2024, 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-22_44815dc40cb5e0269edf8bc867a4e564_goldeneye.exe

  • Size

    380KB

  • MD5

    44815dc40cb5e0269edf8bc867a4e564

  • SHA1

    dcee6330630664fc18f2b77a0db08fd71ccd5dae

  • SHA256

    d81aa78eeb970189a331c64539a9fd4db9629410b740ac08220d9bca90f82d49

  • SHA512

    e0ce354fcf833d024402618c4a1ac76720533ee41f3289e4cfec0cb573a96cc72dad30a2cba504ed4c00d69776c8c519c7a1d18f650d05cdc70a3dccf86967b1

  • SSDEEP

    3072:mEGh0oYlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEG2l7Oe2MUVg3v2IneKcAEcARy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-22_44815dc40cb5e0269edf8bc867a4e564_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-22_44815dc40cb5e0269edf8bc867a4e564_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Windows\{348F4D8C-F821-4e9d-BC93-2E16059661CD}.exe
      C:\Windows\{348F4D8C-F821-4e9d-BC93-2E16059661CD}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Windows\{789D6A1E-EA9E-4325-BE63-BF318C81C841}.exe
        C:\Windows\{789D6A1E-EA9E-4325-BE63-BF318C81C841}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2644
        • C:\Windows\{3AAF4058-E022-4a03-ABF9-BA04280CA227}.exe
          C:\Windows\{3AAF4058-E022-4a03-ABF9-BA04280CA227}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2828
          • C:\Windows\{82F91546-BE26-44d2-BC55-DB7E3346968B}.exe
            C:\Windows\{82F91546-BE26-44d2-BC55-DB7E3346968B}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2952
            • C:\Windows\{BAA9676E-9574-4f31-A99B-E97EBA601C03}.exe
              C:\Windows\{BAA9676E-9574-4f31-A99B-E97EBA601C03}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2696
              • C:\Windows\{A5E00DF8-1B89-4ed6-ACBA-924F29E441BF}.exe
                C:\Windows\{A5E00DF8-1B89-4ed6-ACBA-924F29E441BF}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2360
                • C:\Windows\{6960FF58-751D-4b50-AFDF-C43BD7B6002B}.exe
                  C:\Windows\{6960FF58-751D-4b50-AFDF-C43BD7B6002B}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1452
                  • C:\Windows\{E4D14AFF-87A9-499e-B5A4-11FCE80305EE}.exe
                    C:\Windows\{E4D14AFF-87A9-499e-B5A4-11FCE80305EE}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1928
                    • C:\Windows\{347A2709-EEC3-4193-9AE1-612E0FF0B993}.exe
                      C:\Windows\{347A2709-EEC3-4193-9AE1-612E0FF0B993}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2136
                      • C:\Windows\{FBD3EC16-9E02-4743-89A8-5D39EB3B7445}.exe
                        C:\Windows\{FBD3EC16-9E02-4743-89A8-5D39EB3B7445}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2860
                        • C:\Windows\{7D06F8FD-9DFC-42f1-89BB-EA9E99B1FF7F}.exe
                          C:\Windows\{7D06F8FD-9DFC-42f1-89BB-EA9E99B1FF7F}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2720
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FBD3E~1.EXE > nul
                          12⤵
                            PID:1500
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{347A2~1.EXE > nul
                          11⤵
                            PID:628
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E4D14~1.EXE > nul
                          10⤵
                            PID:320
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6960F~1.EXE > nul
                          9⤵
                            PID:2220
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A5E00~1.EXE > nul
                          8⤵
                            PID:276
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BAA96~1.EXE > nul
                          7⤵
                            PID:2036
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{82F91~1.EXE > nul
                          6⤵
                            PID:2756
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3AAF4~1.EXE > nul
                          5⤵
                            PID:2108
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{789D6~1.EXE > nul
                          4⤵
                            PID:2732
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{348F4~1.EXE > nul
                          3⤵
                            PID:2840
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:2816

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{347A2709-EEC3-4193-9AE1-612E0FF0B993}.exe
                          Filesize

                          380KB

                          MD5

                          9439974df4139b6559786764d49127a3

                          SHA1

                          ac9c85e15490138066fe3b5a08673df9e9e079ba

                          SHA256

                          83369d80475cb59216dbc2c69d6bdcb7140345975243e3e57e094cae599665cc

                          SHA512

                          e93a63d6d6e77c92da3873d705d84c6866d162724599c7f616ef0895217a85648224c931306dde9622a5206d1a0909049e2cbf7b09c3eba60678a49a51e7581c

                          Download Submit

                        • C:\Windows\{348F4D8C-F821-4e9d-BC93-2E16059661CD}.exe
                          Filesize

                          380KB

                          MD5

                          782b8ad637d201e7c2430aa19c07c517

                          SHA1

                          de547c7d133b750532d8075bddc65e9ba34e3f36

                          SHA256

                          0a6c40f5f3bc8b6914f12535a8e07bc8e73c75c09d96c23c04684dd3b74c47b7

                          SHA512

                          a5d839031adac1cb7b385b80d010069a2fa281306a3591c5db05026185aa2571ebdfbce156bd12fd4a722908c98bb1583dbeebe1c2d87776a3c6d754bab13962

                          Download Submit

                        • C:\Windows\{3AAF4058-E022-4a03-ABF9-BA04280CA227}.exe
                          Filesize

                          380KB

                          MD5

                          4305f04b1be094f54f4b830bf0f6a879

                          SHA1

                          fd2ae89cd8bce7703f924bbe539dbf38b98facda

                          SHA256

                          ece54900c52f0a6e7ba4bc4e270f5287827bcbeca93f539865e19ba9952aaa00

                          SHA512

                          4f8ec31b32c6ee77e1faedaaa82b1e8bf9a299cc1668e80da349124f1846ee3e3c34c611a189c84c57e2219955ee660bbdbfa0d06bc31fefcfa2311c0d468427

                          Download Submit

                        • C:\Windows\{6960FF58-751D-4b50-AFDF-C43BD7B6002B}.exe
                          Filesize

                          380KB

                          MD5

                          5d81099f926331a193066854abcbb191

                          SHA1

                          8782201ac9bd5535e7eb24c3fa10e7ad02e19943

                          SHA256

                          f6a17178532acde194808a75976b42bd5ae1dd5de7c4178141a8d060d22d9839

                          SHA512

                          43b9990bb7d06e6e103f804ea49fc2c21fc436dd85a330e6d7110951c8805af0293f97d83c9ed85e002a14d69fe3acbcae2af2f8ad0a586541666c81ed1ba725

                          Download Submit

                        • C:\Windows\{789D6A1E-EA9E-4325-BE63-BF318C81C841}.exe
                          Filesize

                          380KB

                          MD5

                          e8281c3b1c0ee3d68865e92ac104b15d

                          SHA1

                          0377af25d434f6b8d2b49834ef688720ad536739

                          SHA256

                          24e915da81c5f2619739cfc99ad3faf263e4bdfaf57c8d81fa362a27a5beee15

                          SHA512

                          6c01b308a62d259a0b12ebde66c57a2652db000e30f2d189900c3bd3891966c4de641a89eb6204e8f662d228501b2e0382b54655a3e06d1cb4fbacb8b884e20c

                          Download Submit

                        • C:\Windows\{7D06F8FD-9DFC-42f1-89BB-EA9E99B1FF7F}.exe
                          Filesize

                          380KB

                          MD5

                          f6631f07ab4790e01555050be14c0503

                          SHA1

                          dea9456c265184785298c430739334ff8e4ab6a4

                          SHA256

                          81e2850e6e0956a619a53507c7c8ce5be884eea05cb65ae22891e7f0fd235123

                          SHA512

                          c4298ec545354b4a45df577659486f9fefd7edc530a29d768f149a5d4f0142435651059281ea6e32650a16409ac5c66a9db99fcfa411cd7096968cabcb25b643

                          Download Submit

                        • C:\Windows\{82F91546-BE26-44d2-BC55-DB7E3346968B}.exe
                          Filesize

                          380KB

                          MD5

                          cba96efc5f0c4fcb4d94c1fcc489e826

                          SHA1

                          3f9995e0d8107062d9ecf52222143e33a315b037

                          SHA256

                          d5e48135ea4144b7f9c16fa25b07fb57db714a38dc692645b0e95a7440315bba

                          SHA512

                          325d734f1e8fd6992b08c50c1568e6bbc455dd56c163e155ee46191fd91d2bcf565b671ca8b43ae2f34284e11847f9935b0e8927c69ceab49a0a39389fc07a73

                          Download Submit

                        • C:\Windows\{A5E00DF8-1B89-4ed6-ACBA-924F29E441BF}.exe
                          Filesize

                          380KB

                          MD5

                          70c99ea14b0ccc35c3ea51fdb3e74a93

                          SHA1

                          ef52e3145677115a7c95b852ebb9a418fbc933af

                          SHA256

                          8c69444940afc4074d4057873c2f043a5198486e31c6d310eb5b75188b414277

                          SHA512

                          0e0d75305156241a50866f5cbbb5c293b5aa3b9181b094e775a553c8db644d07fb33e05bc495b7dcb88c333ccd7080f030ba15aa29bb1eaa2c537de76c0ebf06

                          Download Submit

                        • C:\Windows\{BAA9676E-9574-4f31-A99B-E97EBA601C03}.exe
                          Filesize

                          380KB

                          MD5

                          ac8e9ff04574a5ec3e185bd21cf4a8fa

                          SHA1

                          5c7c39d95a213c41d45ad2cdd8e05ca2efbb50b5

                          SHA256

                          a125ba5b4b951dbbbed17a667dda31e0bc93acd358b64398c82167171a78e488

                          SHA512

                          0d596c51d8112da792aba5af9169c8a9924e8a97f23470d2524c5fb3de49541e295e4da22bf9953c844100f5e7cc85d71bb2e44eacfa909fbb0cd9dc2a646556

                          Download Submit

                        • C:\Windows\{E4D14AFF-87A9-499e-B5A4-11FCE80305EE}.exe
                          Filesize

                          380KB

                          MD5

                          6a2013d6077a78b2730393601cfe7eeb

                          SHA1

                          852ac16540661d547e777e4911e8f06649102868

                          SHA256

                          f08bc49c52067a590e9e28445f39d314c28e5c752769b7303ac56dd5533fc65c

                          SHA512

                          79e0967f9a323c4ebcc248e7dabbb024474c09ac4b3191d52a2771ef3152c7805ed072dad46278bcbb90cf7df1d735efe4da66c8a6430e3ba0eb37450e633a91

                          Download Submit

                        • C:\Windows\{FBD3EC16-9E02-4743-89A8-5D39EB3B7445}.exe
                          Filesize

                          380KB

                          MD5

                          3c75430f47a7c5516a9875c799dee989

                          SHA1

                          75cb71ff75245677e25190219c30ba63aae5e9c4

                          SHA256

                          3fc013b748d9bf434b2adbf78d0a54a877b69dfbd8cef549e2036d34fb6112e7

                          SHA512

                          11d5f786ba3dfa1a63996efea911ff1d2152121545057e1feda9a9837afcee5b8b29cb62ba40b2127335f5b89bc82b0778e2ce36e0855caa882db2da6b2b8400

                          Download Submit