Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-05-21...ye.exe

windows7-x64

9

2024-05-21...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-21_2eacf9b575fda381de9e81f90ddd4791_goldeneye.exe

  • Size

    180KB

  • MD5

    2eacf9b575fda381de9e81f90ddd4791

  • SHA1

    eea825deb93806ebb2382558b397e01aeec16416

  • SHA256

    c2012d1c2bfde307384aac5bcf86215cc4d3d21d4ba94557d5e88ee4d71227ff

  • SHA512

    c7ef521384ca2e0d89a5704ba79e3f53c5ebfb58a8488dde2acde3c87d321e2ff45054cd1c3fdb7c9569da3d7fa36110fc89f205f055b590d90096e1b987db39

  • SSDEEP

    3072:jEGh0ovlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGRl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-21_2eacf9b575fda381de9e81f90ddd4791_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-21_2eacf9b575fda381de9e81f90ddd4791_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Windows\{0A059884-35BE-4503-A607-5DBB4661C57A}.exe
      C:\Windows\{0A059884-35BE-4503-A607-5DBB4661C57A}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2164
      • C:\Windows\{69F849CB-8653-4d15-993E-28E8ABC7A627}.exe
        C:\Windows\{69F849CB-8653-4d15-993E-28E8ABC7A627}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2752
        • C:\Windows\{AFA2E7C2-AFC6-4d89-9222-A5D791F51208}.exe
          C:\Windows\{AFA2E7C2-AFC6-4d89-9222-A5D791F51208}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2624
          • C:\Windows\{2132655A-50FB-40b7-BF1F-B7D763E41296}.exe
            C:\Windows\{2132655A-50FB-40b7-BF1F-B7D763E41296}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3040
            • C:\Windows\{9A96BC18-F492-42a5-B041-6DF4294A848E}.exe
              C:\Windows\{9A96BC18-F492-42a5-B041-6DF4294A848E}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2700
              • C:\Windows\{46B4312C-7736-4fee-91AE-B2245657E371}.exe
                C:\Windows\{46B4312C-7736-4fee-91AE-B2245657E371}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1956
                • C:\Windows\{358725DD-C064-4c16-A253-BD26821B10DC}.exe
                  C:\Windows\{358725DD-C064-4c16-A253-BD26821B10DC}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1596
                  • C:\Windows\{4E2EABB8-8C82-4ce5-9A43-EF2E5BBBB68C}.exe
                    C:\Windows\{4E2EABB8-8C82-4ce5-9A43-EF2E5BBBB68C}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:872
                    • C:\Windows\{F5790B43-72BF-4d51-82F9-BC3C3AEB06EB}.exe
                      C:\Windows\{F5790B43-72BF-4d51-82F9-BC3C3AEB06EB}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1660
                      • C:\Windows\{F49C63A7-54CB-4870-A58E-DE848CD62433}.exe
                        C:\Windows\{F49C63A7-54CB-4870-A58E-DE848CD62433}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2896
                        • C:\Windows\{7E2B566D-6D39-4f80-9468-3A4FF439D59D}.exe
                          C:\Windows\{7E2B566D-6D39-4f80-9468-3A4FF439D59D}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2968
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F49C6~1.EXE > nul
                          12⤵
                            PID:2328
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F5790~1.EXE > nul
                          11⤵
                            PID:2544
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4E2EA~1.EXE > nul
                          10⤵
                            PID:552
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{35872~1.EXE > nul
                          9⤵
                            PID:1476
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{46B43~1.EXE > nul
                          8⤵
                            PID:2244
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9A96B~1.EXE > nul
                          7⤵
                            PID:1708
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{21326~1.EXE > nul
                          6⤵
                            PID:2828
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{AFA2E~1.EXE > nul
                          5⤵
                            PID:2276
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{69F84~1.EXE > nul
                          4⤵
                            PID:2268
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0A059~1.EXE > nul
                          3⤵
                            PID:2736
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2124

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0A059884-35BE-4503-A607-5DBB4661C57A}.exe
                        Filesize

                        180KB

                        MD5

                        acf1e85b62c2c624f7debf363ad5ce81

                        SHA1

                        e3b280c2ac5af56e5d56eb022d9606131e6f9924

                        SHA256

                        626ddd0790c3dede89bd5abcfbca493169a0c33e1994e01fee119a1d85e6c662

                        SHA512

                        2e4c90ba6941ad8a0065c220d8440b2482158deb5a8247f9910710d32c75c045679de495f4956f905993626396715cc7a493d008b68f0ddfd97e7575b33d5e4f

                        Download Submit

                      • C:\Windows\{2132655A-50FB-40b7-BF1F-B7D763E41296}.exe
                        Filesize

                        180KB

                        MD5

                        57b0fb7d54a8f9fcd4e8814a56665572

                        SHA1

                        8c5ed451284a75873b7e518e958e7ccb8e6d82eb

                        SHA256

                        54f6e4070559d44ee7d40d05eb6b2257751e15c648d0451f9f3eb773a2ae0938

                        SHA512

                        38c12254d6e2a71dadf9665a67ab4bba1c9b062d91720c92be396e53b44b15d6e4c065c42324e6eefe9825d3c26826e7a85559894915e0deb0fb65737cf6b3bd

                        Download Submit

                      • C:\Windows\{358725DD-C064-4c16-A253-BD26821B10DC}.exe
                        Filesize

                        180KB

                        MD5

                        01377fef13426069f53430367c6f3810

                        SHA1

                        39bd51262b285afc70a8ab04284ff5b6f076dd23

                        SHA256

                        f953721cd9e4a5a34f5a8a313468f4d882baae4e2c4a3089e08d966f5b944d40

                        SHA512

                        c81e6aef1cd643efc36343c1802669d57ef9c0d9d09cbb7f7f7b7261239fbfcc91974a03af7197454444d930f3e90cb49a5fdc83f5980c2ec7a0dccc67b14ebd

                        Download Submit

                      • C:\Windows\{46B4312C-7736-4fee-91AE-B2245657E371}.exe
                        Filesize

                        180KB

                        MD5

                        2d1813e227193fe0d157f5bf553c1a32

                        SHA1

                        a752f0e421e862177a7c099d0b0b2c0088465800

                        SHA256

                        22920b46ccf2e0aff08ceb22d9319420b3578d7b3c44d79aeac089646e21822b

                        SHA512

                        ba75f74dc0725eccd04bff295cee8e145fea5021a46061c05925410e50d2d2f59e14468cb6346ea18e798dab2fe4a7d7fdb002961209887c92ba0d7226f93318

                        Download Submit

                      • C:\Windows\{4E2EABB8-8C82-4ce5-9A43-EF2E5BBBB68C}.exe
                        Filesize

                        180KB

                        MD5

                        a1532d0bde4a989568b8d80f0636247c

                        SHA1

                        6cf96df3c43c162155a5bab2a011623f931a2ac9

                        SHA256

                        7a749f6445e8850345b06921cc75f80ec8b3fbea326515e7267ed30ad748d231

                        SHA512

                        76bf713675ecbc62aa065302cee9f7e77fb22d0b32db4b672a62c15a549fa7ae33fa6075ec99a6e3d06299908b8930a6d68a4a0d1195bacded7085776b2fc26c

                        Download Submit

                      • C:\Windows\{69F849CB-8653-4d15-993E-28E8ABC7A627}.exe
                        Filesize

                        180KB

                        MD5

                        59e95011e86aa30f4d35efaeb266e6f7

                        SHA1

                        a37ccb5e046fc9cac5a6a0d94271e234c35f2e26

                        SHA256

                        0157ad5c059cff0e38079cefdc524112923f85705c21b7958ea23cacda44e0e4

                        SHA512

                        c27fbc679b41f36f78722143a02ef0cfe5ecab6b5fc0dc28a75cffa1a8414bb0ee38fe87ab0e71eafd279b78ed72307aee4ca058792804afefb94fccbf31fc2d

                        Download Submit

                      • C:\Windows\{7E2B566D-6D39-4f80-9468-3A4FF439D59D}.exe
                        Filesize

                        180KB

                        MD5

                        bd157b9f0f30ebd84e49a003a63f78b4

                        SHA1

                        ccd7109424dd4d12b225a3db4d357a7e290f6a48

                        SHA256

                        4914ad0e1100996909540f34bc3cf168e589013a88060a926b747773fa3c174d

                        SHA512

                        e761091fdb21fbebdda64e8c0f2aff0ff1e9c30a21a76ebb5fa1830aec46659bc82a2796dd764cc4202be206765fdaa6b60c48e3a00beaaff5ab778bb9f1d4eb

                        Download Submit

                      • C:\Windows\{9A96BC18-F492-42a5-B041-6DF4294A848E}.exe
                        Filesize

                        180KB

                        MD5

                        7b1069e47032bee4b1d36ab26f80448e

                        SHA1

                        e30125a7aebc5132bed2ceb175a4b4b827d67e15

                        SHA256

                        31934394201a8f4b54c5fa9d5fbecd89a87fec977b7d23d3038060a71e5bdc71

                        SHA512

                        08fab306a2c0b553bda735f4c5200cb3d48d22998174668dedb2d95f67f454b69ed5df63753ccad5d80a215cbb246b68ae3344195c4cc73e8b7080662a441911

                        Download Submit

                      • C:\Windows\{AFA2E7C2-AFC6-4d89-9222-A5D791F51208}.exe
                        Filesize

                        180KB

                        MD5

                        c14f41d514c57c8fd3730209d4137d03

                        SHA1

                        4780203c45e262497e0d61fe97893ff07457c5f0

                        SHA256

                        c7bdf41a920119533e529ce5ee9726e920ca9114f66fffa32dc479b0c54d5e3b

                        SHA512

                        4d417251879a03e68e9cb517264b569efaf92f3018fe9235109493b6a1fdec7661a3ab50854bf9c259a1343041f640e4347994eee71fef8ecbf4525461de588d

                        Download Submit

                      • C:\Windows\{F49C63A7-54CB-4870-A58E-DE848CD62433}.exe
                        Filesize

                        180KB

                        MD5

                        0c18a047f5d99124b581ddfb844247e0

                        SHA1

                        22e31c084201c38fd3f8ad8b66ffd6b1a8dfcdcd

                        SHA256

                        07593b58e76e175a9a95a5883c7da499c19152b8b46490878a90161c176527ab

                        SHA512

                        bb13b3eb8115944d6be1d4fad181045025a0239c9263a6c09a1b3a81970095ebf3898b7fd95c47c10ba7725a75c20f28551471dcd5a0a3d42f9eeb5c7a82a019

                        Download Submit

                      • C:\Windows\{F5790B43-72BF-4d51-82F9-BC3C3AEB06EB}.exe
                        Filesize

                        180KB

                        MD5

                        61fdc7bb012ed48763e4e130aaa01c58

                        SHA1

                        3675f08954760938f85f82b27a2f4b3afc79f2b9

                        SHA256

                        6e12b32e52e39c40f82cc301bfe3da25d939a2266f8a170372783e1e552d75cb

                        SHA512

                        1d8cd7709549625b43a4960b346b1992b30a4cfbe4cb085a864333e40789bd6959bea698766d9f2057d7e0a6c82732fd85682f14b60fa34e4e9d9341eddcc10a

                        Download Submit