Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-27...ye.exe

windows7-x64

9

2024-04-27...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_c35bdb14c71df2b3388908bd921e1edc_goldeneye.exe

  • Size

    204KB

  • MD5

    c35bdb14c71df2b3388908bd921e1edc

  • SHA1

    0fe10ff868dff1424ea4e382b563fd4a33d795c8

  • SHA256

    2b80bb7e550f7e684c8371bdbfa8eb89194427229e5dbcb79fb106249e6db328

  • SHA512

    36c9980271136fd41c8b7720bf764e61544f6a9554ff392cebb83acb1190558a10be360cb380e758dcff4f8231ad688781a9e72735a4c7be1dcf7132a579b781

  • SSDEEP

    1536:1EGh0ocl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0ocl1OPOe2MUVg3Ve+rXfMUy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_c35bdb14c71df2b3388908bd921e1edc_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_c35bdb14c71df2b3388908bd921e1edc_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Windows\{F33983C2-17A1-412d-A614-925E9ECD1233}.exe
      C:\Windows\{F33983C2-17A1-412d-A614-925E9ECD1233}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Windows\{051F2A8A-20C3-4b81-B979-A4805C64D1E7}.exe
        C:\Windows\{051F2A8A-20C3-4b81-B979-A4805C64D1E7}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5012
        • C:\Windows\{4FC9382D-7F85-489d-819B-E3EC5EFBA00E}.exe
          C:\Windows\{4FC9382D-7F85-489d-819B-E3EC5EFBA00E}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1952
          • C:\Windows\{FEDDAEF9-B0F6-47a0-8045-9C161424D186}.exe
            C:\Windows\{FEDDAEF9-B0F6-47a0-8045-9C161424D186}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1012
            • C:\Windows\{4DAC93B6-C2DA-4910-82B9-CFD563502866}.exe
              C:\Windows\{4DAC93B6-C2DA-4910-82B9-CFD563502866}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1452
              • C:\Windows\{B74CA0BA-5F10-4299-8465-DCC3959E513D}.exe
                C:\Windows\{B74CA0BA-5F10-4299-8465-DCC3959E513D}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4144
                • C:\Windows\{FBA95611-7C16-4bc9-807A-DFC439960629}.exe
                  C:\Windows\{FBA95611-7C16-4bc9-807A-DFC439960629}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2588
                  • C:\Windows\{4BB5448F-A3D7-4871-AE57-2C267B934D38}.exe
                    C:\Windows\{4BB5448F-A3D7-4871-AE57-2C267B934D38}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2636
                    • C:\Windows\{8F071465-CE49-4dca-9452-E40F491EB162}.exe
                      C:\Windows\{8F071465-CE49-4dca-9452-E40F491EB162}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1020
                      • C:\Windows\{04819858-58ED-419e-A267-F97BDFEF3AC2}.exe
                        C:\Windows\{04819858-58ED-419e-A267-F97BDFEF3AC2}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:664
                        • C:\Windows\{2F1BC0CE-C6A7-4e76-B896-D19A517A0D1A}.exe
                          C:\Windows\{2F1BC0CE-C6A7-4e76-B896-D19A517A0D1A}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3248
                          • C:\Windows\{1DD9D8BE-73DB-4cc4-AF68-CCBE06162ED7}.exe
                            C:\Windows\{1DD9D8BE-73DB-4cc4-AF68-CCBE06162ED7}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:4272
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2F1BC~1.EXE > nul
                            13⤵
                              PID:1528
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{04819~1.EXE > nul
                            12⤵
                              PID:5016
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{8F071~1.EXE > nul
                            11⤵
                              PID:2304
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4BB54~1.EXE > nul
                            10⤵
                              PID:1660
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FBA95~1.EXE > nul
                            9⤵
                              PID:5060
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B74CA~1.EXE > nul
                            8⤵
                              PID:1616
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4DAC9~1.EXE > nul
                            7⤵
                              PID:4896
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FEDDA~1.EXE > nul
                            6⤵
                              PID:4816
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4FC93~1.EXE > nul
                            5⤵
                              PID:1232
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{051F2~1.EXE > nul
                            4⤵
                              PID:4528
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F3398~1.EXE > nul
                            3⤵
                              PID:3248
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:1980

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{04819858-58ED-419e-A267-F97BDFEF3AC2}.exe
                            Filesize

                            204KB

                            MD5

                            d6fe51e407069d98581f4194b34278c4

                            SHA1

                            b6f7c626546a4deb850fbee951aee206582bf52c

                            SHA256

                            d3c2d4b78d8595acb7bece9fb399889287f8ecd001be6220ee98b5ac50e20a76

                            SHA512

                            e9f076f53a77d39fb41657613d2d29d40adbd5d66bc77eadcd33014f587dc1fb2414c133bbcb84ed63b0f59d3d6a023f6d71bfd588cb012f401465154245808b

                            Download Submit

                          • C:\Windows\{051F2A8A-20C3-4b81-B979-A4805C64D1E7}.exe
                            Filesize

                            204KB

                            MD5

                            8d9b269ea0899c346ba9398edba26583

                            SHA1

                            1cd36cd5a8184eb94198f7263491a4e3de73bec6

                            SHA256

                            8fd58886a97eaff75321607b4b98210a23db959881111558579cacc5f5645893

                            SHA512

                            a45d544bc756eba7130c6192fa48898c1ea0fe8c5dde83f61514760df581aae10440121cd9070bdbb93f7f9266ec29113694c1b3b876ea86b1f76d4c3b248db1

                            Download Submit

                          • C:\Windows\{1DD9D8BE-73DB-4cc4-AF68-CCBE06162ED7}.exe
                            Filesize

                            204KB

                            MD5

                            bc6bcef086da0066de9e8e36053c917f

                            SHA1

                            44f6073c6fd19199ab4838a40b345eba10ba48a5

                            SHA256

                            1d9c8d8ba4814d5ec5b8fc65f4f067066c9bf0147e571a2da6549e45d0aacaac

                            SHA512

                            7b0a338f25edc091e796f2e81aa01681797ed4ac0c368263b088c877c6f79ebffb05d6ee90317fde86194f123eea07cc4a8766bd7e43f1ca256b348d51c6a9c9

                            Download Submit

                          • C:\Windows\{2F1BC0CE-C6A7-4e76-B896-D19A517A0D1A}.exe
                            Filesize

                            204KB

                            MD5

                            9dac8ed8ea53b6fb2303d44749db29d6

                            SHA1

                            f21fc85a5772b42386c2cc45df7084ee81c523f9

                            SHA256

                            cbd4cf2e34fe9252312e4d6d6f19e219b5a7780d8a8656a15d6dc622b3e5594d

                            SHA512

                            4d32be7a082008a7a76a35a9c48017eeeeaef83197051287d5ecc3a034dd042d98e228f2c4fd67dad01e61ae60c7895c29a674818ce6ef8d868eff78f67514b4

                            Download Submit

                          • C:\Windows\{4BB5448F-A3D7-4871-AE57-2C267B934D38}.exe
                            Filesize

                            204KB

                            MD5

                            ad64797d9b659ff802fdc8709547c0ad

                            SHA1

                            291e4d1f7dfcd1f01add7af664d2e74c7a5cfe9c

                            SHA256

                            e45b8441ef70fdcd204705346b2dfec9a3ab4fa2ed4c5b0adce4538885c1da81

                            SHA512

                            b850ac3da1769e53bcf42c5e6809a7b92edd9f11392b22ad07c4eb5cbd3eb9d02440cdc2565ce47a09bde2d18f3c7953d9bc0b1581852fea1eeffc1747be84f3

                            Download Submit

                          • C:\Windows\{4DAC93B6-C2DA-4910-82B9-CFD563502866}.exe
                            Filesize

                            204KB

                            MD5

                            e16376071bdcff45e94d4e00f6327167

                            SHA1

                            bd9d184a15b8e7d15f454569c84a26232f15e543

                            SHA256

                            a25a82c09952d6a8122a50917ca9707e95104ceb2426d1aa383bce00f9b1d2b6

                            SHA512

                            7cebec3f819f2faffc3496f9500763b59bfdd7ad7c52df138bc581575f6d860d286b814f15ef93e071adc33004ceb3866b1c02ba38309f2a0d8235cf95b42155

                            Download Submit

                          • C:\Windows\{4FC9382D-7F85-489d-819B-E3EC5EFBA00E}.exe
                            Filesize

                            204KB

                            MD5

                            01578570b344ef6534a11bea6b6b2637

                            SHA1

                            953c47f0ba6c1d74835f50be3af796f307ad2ef6

                            SHA256

                            5603ff5a1c6ace8e8d60f90898df5db17a909ed5c60a92dee22dfcc5eb896542

                            SHA512

                            3b426098588a0115515834c091e20d893a65c8f8d66f0e9f3b97b9f1ca54b923afa447165fedbbe2c783752b37c1ffba9203f0b5e42fd7e3293e907cf882db75

                            Download Submit

                          • C:\Windows\{8F071465-CE49-4dca-9452-E40F491EB162}.exe
                            Filesize

                            204KB

                            MD5

                            b762a242d8e7cd060f1795180a40c3d9

                            SHA1

                            065a4cc697c71bae95155009c6ae3a9d3555d1f1

                            SHA256

                            8c2e6dee4cbf3d8333d427e6e3575b0dff5d833dd649d37849f99a325c18c126

                            SHA512

                            689d0dfe25f3678773504df271a02c2e0cde3fe5ff5f12c3143ba74eb0d01bc3f94d6cb7cf34dab587256b150e63bf8fc810ef0dc496fb58337c8b084080a4a8

                            Download Submit

                          • C:\Windows\{B74CA0BA-5F10-4299-8465-DCC3959E513D}.exe
                            Filesize

                            204KB

                            MD5

                            355b04954f34908ea24cf8cf021cacc2

                            SHA1

                            7f8091337ee64098391b1b92c6c4a32c93d568ef

                            SHA256

                            53712d1b721182334f7f9fd0fe4293089ee52d5a5546d636c0701038d1812e16

                            SHA512

                            64f9abb37a8958156a5d514f53d36692739e164b08a7e7c07c86ef5fd3df4dedcc2f68cc9fad8ea57db55bf840fd0fdc78d3fa13c40bdb8863bc21057d8ee17d

                            Download Submit

                          • C:\Windows\{F33983C2-17A1-412d-A614-925E9ECD1233}.exe
                            Filesize

                            204KB

                            MD5

                            98ab7c38a74da7c45a4051b5a3e283b5

                            SHA1

                            600ec505e2de80bec47600914fb8b2500dbd5ea1

                            SHA256

                            510752dc1483f0d8b89459151aaf8abea3ea93619f1d1727da3c255410e3e037

                            SHA512

                            ba42c815084e26aa04631dfe0e5a483576aad66d35d0fd083a3a247201b05d19023b951b67379d329d23bf93d42a0781b3197adc0f07a8cbd40df4aa908caf6b

                            Download Submit

                          • C:\Windows\{FBA95611-7C16-4bc9-807A-DFC439960629}.exe
                            Filesize

                            204KB

                            MD5

                            1389cd6672e0c3167b608c19ff3f1083

                            SHA1

                            78f0405c7548fdce09bad4840105ca92a5ebe2f6

                            SHA256

                            e94d5769cf90acae42b3c5aa042de5c2ac380711eb4e0aa1db81f979f62d755f

                            SHA512

                            66d014cdb252aa0a0501147792b15f77e2dcfd0743630c6fd64c32084e1f1bb749b5289c4244814a8b47a3d42bbaf55296ce545171697400c4621dad1be24bd6

                            Download Submit

                          • C:\Windows\{FEDDAEF9-B0F6-47a0-8045-9C161424D186}.exe
                            Filesize

                            204KB

                            MD5

                            831294f59640a3d622ce2530c27925fb

                            SHA1

                            21a181790a162b46b621f5629a91625e5ae292d2

                            SHA256

                            ab778b0c8def75d6b54b5601bd3a472f8cc325ceaf8f261ee06b664deb09ab09

                            SHA512

                            efa7f2a572dbb20bc1c0138bc8af461f4cc175f64a0ba328f399bd6275d8a5d7253ea7d44a3561c24f243dd6a66710ae8b91b7b97a9a3fe4afc7d7a740d17661

                            Download Submit