Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-05-15...ye.exe

windows7-x64

9

2024-05-15...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 04:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-15_8d8e5fbb390ed26cc694d682c7a09d50_goldeneye.exe

  • Size

    380KB

  • MD5

    8d8e5fbb390ed26cc694d682c7a09d50

  • SHA1

    313d09cabfafc69a678f34d1eef3ea373e110f5f

  • SHA256

    964349fda40fa6ab312a9e1b07f2190e2f3fd4f6e2108a191a86f6ee48ea334d

  • SHA512

    0443759bcbce03e420a37a4a5f80dc733ea708157b469242020518b8cb0a36247d4eabd1b045ae6a4dc3d5539682c72cdc0b23a548df00bcb836f845b42d5c04

  • SSDEEP

    3072:mEGh0oWlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGUl7Oe2MUVg3v2IneKcAEcARy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-15_8d8e5fbb390ed26cc694d682c7a09d50_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-15_8d8e5fbb390ed26cc694d682c7a09d50_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Windows\{219365C9-CAC4-479f-871B-162810B78FEC}.exe
      C:\Windows\{219365C9-CAC4-479f-871B-162810B78FEC}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2064
      • C:\Windows\{E4D37BB9-146E-4570-A2F8-EFACB11DC43A}.exe
        C:\Windows\{E4D37BB9-146E-4570-A2F8-EFACB11DC43A}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\Windows\{8C50BBAE-4B5E-4d8b-8844-AE8B11DA5648}.exe
          C:\Windows\{8C50BBAE-4B5E-4d8b-8844-AE8B11DA5648}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2748
          • C:\Windows\{86F80281-7034-4334-A8AD-F4BC9D7301CB}.exe
            C:\Windows\{86F80281-7034-4334-A8AD-F4BC9D7301CB}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2952
            • C:\Windows\{A7ACDEEB-87D8-4291-90E4-13D6805205D4}.exe
              C:\Windows\{A7ACDEEB-87D8-4291-90E4-13D6805205D4}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2972
              • C:\Windows\{F38532F5-C162-4d36-96B7-04DA1A636CC4}.exe
                C:\Windows\{F38532F5-C162-4d36-96B7-04DA1A636CC4}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2080
                • C:\Windows\{1DFDA04F-9389-43a5-9EEC-93837B13120F}.exe
                  C:\Windows\{1DFDA04F-9389-43a5-9EEC-93837B13120F}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1332
                  • C:\Windows\{7EAFE0C7-FF72-4b8e-8DF0-188A63177CD3}.exe
                    C:\Windows\{7EAFE0C7-FF72-4b8e-8DF0-188A63177CD3}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2812
                    • C:\Windows\{3DE5B6ED-717D-4c04-BDE3-0FCF0F20837E}.exe
                      C:\Windows\{3DE5B6ED-717D-4c04-BDE3-0FCF0F20837E}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1764
                      • C:\Windows\{8836FDDB-A80E-402e-AF13-5637963C777A}.exe
                        C:\Windows\{8836FDDB-A80E-402e-AF13-5637963C777A}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2876
                        • C:\Windows\{54198E71-3320-4f54-9FD5-20C54CA31AAC}.exe
                          C:\Windows\{54198E71-3320-4f54-9FD5-20C54CA31AAC}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:984
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8836F~1.EXE > nul
                          12⤵
                            PID:704
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3DE5B~1.EXE > nul
                          11⤵
                            PID:1968
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7EAFE~1.EXE > nul
                          10⤵
                            PID:2112
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1DFDA~1.EXE > nul
                          9⤵
                            PID:1952
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F3853~1.EXE > nul
                          8⤵
                            PID:2684
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A7ACD~1.EXE > nul
                          7⤵
                            PID:1632
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{86F80~1.EXE > nul
                          6⤵
                            PID:2968
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8C50B~1.EXE > nul
                          5⤵
                            PID:2960
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E4D37~1.EXE > nul
                          4⤵
                            PID:2792
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{21936~1.EXE > nul
                          3⤵
                            PID:2592
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:3068

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{1DFDA04F-9389-43a5-9EEC-93837B13120F}.exe
                        Filesize

                        380KB

                        MD5

                        bc82d7925d7fa69d62f450ab58d7b9b8

                        SHA1

                        fac64e433fff549d5d0353d55143baf17f2d2d7a

                        SHA256

                        2d65d0fafdbe986fd4f664428351569f223857f8b93f2cf1dec90f8825cb20ad

                        SHA512

                        b09f8ef140ae14a11ad97ba7d9eac3ed6828be02fba65525c87c5c6ba5ec7b280487e48bcbc2f0db998e0e6bfee2e6d32eba0b81eb1482ee26ccf0a832bda204

                        Download Submit

                      • C:\Windows\{219365C9-CAC4-479f-871B-162810B78FEC}.exe
                        Filesize

                        380KB

                        MD5

                        f5d13f0d10d0575c626ed027593f1767

                        SHA1

                        70d7a99c1857b0ca2159cf698edb633996428ba4

                        SHA256

                        70de17924e35788c603bb73b697e84eec62815737d25526db776f22aba581245

                        SHA512

                        278b8cc8a396b4db6205fd558ccc6171ffdc1c21722b416a42e4faa0abf01d99b226052ca9d967d62adc1ec4d1fe8678fe02bd100c828e26781512e722dbd5d7

                        Download Submit

                      • C:\Windows\{3DE5B6ED-717D-4c04-BDE3-0FCF0F20837E}.exe
                        Filesize

                        380KB

                        MD5

                        16c310f2f20c57fc03399604307a8770

                        SHA1

                        7947b57ec439fb44ef926f05ef378ba575aa7cbe

                        SHA256

                        ab6fd817ac3813669d0bfa354f8a67bf2ac42a1ff32de69d1f4db8944f6b12fb

                        SHA512

                        6282d55955107225aa7e4a57fea9f550ebc832512013d570b700f914d842c04c2d55b6d9297e52cf33cbcfc42cc448d1ca397d79a64753a71a56d265c35b8e8d

                        Download Submit

                      • C:\Windows\{54198E71-3320-4f54-9FD5-20C54CA31AAC}.exe
                        Filesize

                        380KB

                        MD5

                        8f2c11bb5965830659c9219ea637b148

                        SHA1

                        5016994c04a7041ea482eda57adb63cb763913b2

                        SHA256

                        49d65dc8625dee1f0baf805c40acd480d86ba407036942318fbe50ce66033ca5

                        SHA512

                        fd05d9b58715d2c4ddd1a4c4c4d84567d93407faa16527e82e9cecff2bf58ed655188526aa14095a0c03d7d054d24844cee38042aac99a46e68decd6af59ba78

                        Download Submit

                      • C:\Windows\{7EAFE0C7-FF72-4b8e-8DF0-188A63177CD3}.exe
                        Filesize

                        380KB

                        MD5

                        0c8d40f164eb86d842977d4ea74872d6

                        SHA1

                        ced27aa79c9fb86cdece34c57ea99be51e34b397

                        SHA256

                        6fd038f88d6b3b181d2bccc3cb78f0950895de76e6c587666a1a15bbfb98755b

                        SHA512

                        ca9d079b8bd43014f613ca3c981c29cd39b541b894e57de3f42f8eb5da8ae2bb5688563091166261120062a760b0d7c8d79ca06cb93269f1615cf28ba0c93fc1

                        Download Submit

                      • C:\Windows\{86F80281-7034-4334-A8AD-F4BC9D7301CB}.exe
                        Filesize

                        380KB

                        MD5

                        71da122c260b7326852a41660e4e87e4

                        SHA1

                        2b4570a4828bc88d9fb065d89670e8981101297d

                        SHA256

                        d66a40e982cb25f7a982a1dd73625235fefa801ffd59ae75b5aad84cf0a20c4a

                        SHA512

                        8e368a22329f6849fd689c1698e379167eb52835bdd1227720fe1e6ced60892c38e94dd942a9e5ecec4b022e0453f5fda17eee00696c5fb171057c2934004141

                        Download Submit

                      • C:\Windows\{8836FDDB-A80E-402e-AF13-5637963C777A}.exe
                        Filesize

                        380KB

                        MD5

                        956de02d477c21305b50d5babc1b053b

                        SHA1

                        33036d7c504d400f9c9eb178a61e176ec5678a9a

                        SHA256

                        1c6b42bd70d113b2007f74a1b94bff7830c5b2fcef1e2694c6ce63a463020d7c

                        SHA512

                        ba2ef3ab3dd4f9db4e8f5b1893664aef79185e0b69fa2b9c63dee1493b6a7a719c6112f6c2890cca6dd9bad5708ea66108d0d77385d5c774221273bc28566c3c

                        Download Submit

                      • C:\Windows\{8C50BBAE-4B5E-4d8b-8844-AE8B11DA5648}.exe
                        Filesize

                        380KB

                        MD5

                        31536f77a012124f17e2326380c3b38f

                        SHA1

                        823f78da0a0c0edf25c2af053487398281de7542

                        SHA256

                        5e0cc7b025c899ae32c6e284e2b99ad8300464e2140861a0d730e27c0b76535c

                        SHA512

                        192c1e3a1d75a8232b709ac15af56754aa530d4f82867f7a79a509b29051303cc966df5444e23b995023f1b428fb11d640b22aac999b1de194dbfe6ad2f7a746

                        Download Submit

                      • C:\Windows\{A7ACDEEB-87D8-4291-90E4-13D6805205D4}.exe
                        Filesize

                        380KB

                        MD5

                        4837595385209381d42515d8e1589886

                        SHA1

                        8230bce700fe5397cfb9e88ddc2f2ff9afb2657b

                        SHA256

                        d70478b227380acab006186573917cd171f7c954eb2c54fc6b94ed5a659ea6b0

                        SHA512

                        70d80de3a042fbab61b91bf09cc106fe025c0dd8cb3c95c12ab340cfcce230b63f27c42a9e24c8e1d43604924a4ad696e87444bc39bd19fc77f9625e27182567

                        Download Submit

                      • C:\Windows\{E4D37BB9-146E-4570-A2F8-EFACB11DC43A}.exe
                        Filesize

                        380KB

                        MD5

                        d3d6d321b9bc2197066f0d51354738dd

                        SHA1

                        d17b6c774a99d93f40dfc7147e1b50d64cb5b689

                        SHA256

                        bdc0430facb6a6fec280aa0f8cc4aa86aef491661fe048ab9cedb9f77806cf8e

                        SHA512

                        028b73d397155be1d1d8c27471321cdd6281116e5da608e21c4f733bc9483afa94bd4da850e8ff3c0fd832c242354e5f520c45b987152d02871594f5006b4e35

                        Download Submit

                      • C:\Windows\{F38532F5-C162-4d36-96B7-04DA1A636CC4}.exe
                        Filesize

                        380KB

                        MD5

                        5d646abb8cb7d734900043a67e01ee93

                        SHA1

                        02fddec7c21c9858f9b777951a314f9b5d2be2a1

                        SHA256

                        014a226a35c423f322dcf66369df574db3ba11d3920e907435a36101c706f272

                        SHA512

                        0fe75180cd7c7221c083ad5302bb5b369500c66bb0cb80d8a44763f830bd2ca442f20e5105e2d97d6624e825f8858dee897ef6000fbd8c4f6156095efe729400

                        Download Submit