Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-05-27...ye.exe

windows7-x64

9

2024-05-27...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-27_c0d85563429873aed4792bf8e410cf0a_goldeneye.exe

  • Size

    180KB

  • MD5

    c0d85563429873aed4792bf8e410cf0a

  • SHA1

    a3ec535d02fb032aa326d99dfa5f5c44371dff56

  • SHA256

    e1f7b2bb0d646204d14ca0f1e313c4ccb7be6acc6755a095dd89153d8e77d8d1

  • SHA512

    7d8e14b575584673280de8b86b27a806ba291c069248495fb9a02cc1cce459ff4a034d817c4f25420ae2fab77e71005a6f4d3cfac085172fd980112a59ed9424

  • SSDEEP

    3072:jEGh0o4lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGml5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-27_c0d85563429873aed4792bf8e410cf0a_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-27_c0d85563429873aed4792bf8e410cf0a_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\{0FC0FC1C-D127-490e-8F0C-696B125D5FFF}.exe
      C:\Windows\{0FC0FC1C-D127-490e-8F0C-696B125D5FFF}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Windows\{BFD60732-EEB8-4166-B5FB-8FF8A0C915A5}.exe
        C:\Windows\{BFD60732-EEB8-4166-B5FB-8FF8A0C915A5}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2120
        • C:\Windows\{1B79F929-1622-461c-8C3F-C2F578971F92}.exe
          C:\Windows\{1B79F929-1622-461c-8C3F-C2F578971F92}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2560
          • C:\Windows\{FA958FB3-6B41-49a4-B707-DDC24ACD6A13}.exe
            C:\Windows\{FA958FB3-6B41-49a4-B707-DDC24ACD6A13}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2480
            • C:\Windows\{4142B9A1-7174-4a55-8998-563559FACF2B}.exe
              C:\Windows\{4142B9A1-7174-4a55-8998-563559FACF2B}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2284
              • C:\Windows\{291900EA-5EE0-47c6-A0E7-E7799C881407}.exe
                C:\Windows\{291900EA-5EE0-47c6-A0E7-E7799C881407}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2256
                • C:\Windows\{C213864B-C9BD-414f-BD7F-7C0BF67B8E0C}.exe
                  C:\Windows\{C213864B-C9BD-414f-BD7F-7C0BF67B8E0C}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2736
                  • C:\Windows\{0D36CE3C-E008-4ec7-8EA8-88E3DFE0FFB4}.exe
                    C:\Windows\{0D36CE3C-E008-4ec7-8EA8-88E3DFE0FFB4}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1580
                    • C:\Windows\{663B39D8-7116-4fb3-B375-AF1A308B06BD}.exe
                      C:\Windows\{663B39D8-7116-4fb3-B375-AF1A308B06BD}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1820
                      • C:\Windows\{21406433-6936-41e3-9456-5DF91D71C33C}.exe
                        C:\Windows\{21406433-6936-41e3-9456-5DF91D71C33C}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2912
                        • C:\Windows\{D1269C31-9341-457f-ADE0-C59B55DC3808}.exe
                          C:\Windows\{D1269C31-9341-457f-ADE0-C59B55DC3808}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1028
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{21406~1.EXE > nul
                          12⤵
                            PID:1484
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{663B3~1.EXE > nul
                          11⤵
                            PID:1744
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0D36C~1.EXE > nul
                          10⤵
                            PID:2112
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C2138~1.EXE > nul
                          9⤵
                            PID:1708
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{29190~1.EXE > nul
                          8⤵
                            PID:2828
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4142B~1.EXE > nul
                          7⤵
                            PID:2164
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FA958~1.EXE > nul
                          6⤵
                            PID:856
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1B79F~1.EXE > nul
                          5⤵
                            PID:760
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BFD60~1.EXE > nul
                          4⤵
                            PID:3060
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0FC0F~1.EXE > nul
                          3⤵
                            PID:2532
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:2620

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{0D36CE3C-E008-4ec7-8EA8-88E3DFE0FFB4}.exe
                          Filesize

                          180KB

                          MD5

                          81c39d74ebee5d4c28cef10bd12db52a

                          SHA1

                          0486a42f4ea34f6e1d97dbf50b883cc3e8573b2f

                          SHA256

                          d4093248bfbe1a523267adb1deec849a898d9d3979206612c1d5805155273a68

                          SHA512

                          5972a613094dcd47aa259cf4ed76787661af0849e3b3c5529b148d22b0fe68f9f5774928024233efc55049626f226dba7433f9d4b7bd8bec0cd08d3f0e1a594b

                          Download Submit

                        • C:\Windows\{0FC0FC1C-D127-490e-8F0C-696B125D5FFF}.exe
                          Filesize

                          180KB

                          MD5

                          8a23f3574551ecb3ff879e8388e59b6c

                          SHA1

                          e58d820b3cfc316829ed4849737c73c839c045f3

                          SHA256

                          56dab7e2d2bcf2b45d33bbfddb86bc22cc7cd42b4e256450a3265fe77a9cb34e

                          SHA512

                          ff8d47e129f2d7f218e96724454fc0e7989961bd76a924962a6210b56ac6587a95fea192b3aef32ee574e76f04b52ccbe0f8ea72758c3268d9071131626a0ab9

                          Download Submit

                        • C:\Windows\{1B79F929-1622-461c-8C3F-C2F578971F92}.exe
                          Filesize

                          180KB

                          MD5

                          6424bab9a7c6125a13dbdabfd801620c

                          SHA1

                          63a7f3a04459a2831631d16b81174d86f3330801

                          SHA256

                          a591629374fd5dfac5ee3e5f0a2783864958ed036bdc8012ad64853b90c15e23

                          SHA512

                          a373103e2898f88cf61b4a77ae342c84aafc1d6e79c389931b9edf3a4b2e27459289ec2e9e0c6979e2c4d4e9299abfb2b1013aab14ad1694692f1c0a28586ffe

                          Download Submit

                        • C:\Windows\{21406433-6936-41e3-9456-5DF91D71C33C}.exe
                          Filesize

                          180KB

                          MD5

                          8654fa5b630c6768f4de7214d5197457

                          SHA1

                          c767e9e108dd4a4eed2b5c5ab687217dce4ebd62

                          SHA256

                          b5d8bb3b61b69cd0ddd64b0b69d50a06173c75173b93fbf154aa55683f49a20f

                          SHA512

                          b7ed9c383b538893729a91dde8614e027329053ac4efad029fac616b254d9ea8dda600d0a26c68786b788dd2e25df6976ae978669bd706697a4fdc628279c4f9

                          Download Submit

                        • C:\Windows\{291900EA-5EE0-47c6-A0E7-E7799C881407}.exe
                          Filesize

                          180KB

                          MD5

                          38cddee7893e629ae04fd85a9d666eb4

                          SHA1

                          923770da3e975c39452388374a4ae013fd0e5587

                          SHA256

                          a6de3f912e8af525a02b93cb5152c9985bbb22bc739ae7ea1fb176c45bc75823

                          SHA512

                          64d96fb3933c887c06fa45b204e169f85b4496dab6ec5f60aa1323ccc9316639e46e30f5e9b41549c7d444524892e49fdfc3875e64d2bdc96432cb99f5aaaad2

                          Download Submit

                        • C:\Windows\{4142B9A1-7174-4a55-8998-563559FACF2B}.exe
                          Filesize

                          180KB

                          MD5

                          5ecaee91e7934b253e8511e49baf7ae9

                          SHA1

                          bbc9877a3e33b40793abbd15965cead21cc40f07

                          SHA256

                          b8d25ed7c10f6403e3ac29f924cefc512472098b738d3de4a0863b253b22f6cd

                          SHA512

                          a11487ce89652714cae876f90cdd010fd5fbcb0ddcc756c763d5627c643a2ce14f3747726dbd79ee42ed0a62dd4c17ccfb15184fec011b7f9eedc57095e05613

                          Download Submit

                        • C:\Windows\{663B39D8-7116-4fb3-B375-AF1A308B06BD}.exe
                          Filesize

                          180KB

                          MD5

                          f24d5aa9f0e40a67ee6e783837f67155

                          SHA1

                          1f937fe08dfa8bf314a09e862242db50c5a2133c

                          SHA256

                          1d092a64dd2d135bdf9618160555ef3d8e3e07dd0020b3b003f496a73d10bd9f

                          SHA512

                          880a7c70a4b025a49b8b518dcb8341037cdc23498a32da95ec6c8c4d452de2f1de665936ff872390983203cef1d1609474956a85268a118c8ececa37b80d889d

                          Download Submit

                        • C:\Windows\{BFD60732-EEB8-4166-B5FB-8FF8A0C915A5}.exe
                          Filesize

                          180KB

                          MD5

                          23fd37f84913cfea8b9389fb2dfed8af

                          SHA1

                          8ea19884e986d5da6377843548b7a0159eff4cc8

                          SHA256

                          14b33139670e660ab944392fbf4cbbe46f12aee6d23f29fd7ab95704cb9d7569

                          SHA512

                          5bca7f20808f676ef3c39178bc995f9b6a73bb9c4a136c3d0e6c07a23266617f844fda4c998a059cfc85bcda15f195e8498b6b87761960320730367b09a2221d

                          Download Submit

                        • C:\Windows\{C213864B-C9BD-414f-BD7F-7C0BF67B8E0C}.exe
                          Filesize

                          180KB

                          MD5

                          91e0b65866bdb7f42b7d5db7a8d2e1fc

                          SHA1

                          4bb10cc877c0f486ba16c54477e763506872216a

                          SHA256

                          a717070c281cdc828ab17415d3f19fa9f7d3e435cdb92bcdc2691cd134cba4af

                          SHA512

                          442af90e3cf276b3c35291a811e1249b9feabeb95f8f411c50b031819f93d0297ec2cc0ea46e969f306acf12ba6a0ff70d28130f121374700ad24a2bfac23053

                          Download Submit

                        • C:\Windows\{D1269C31-9341-457f-ADE0-C59B55DC3808}.exe
                          Filesize

                          180KB

                          MD5

                          d1323ddc86ea79ee97e1ee2620ae26e2

                          SHA1

                          444c847552e6b5fc72dcf9971e6f49f46a4330c3

                          SHA256

                          bd9dc5aa500ceacd43936854d42e5df1b5be73884f5bd409350599ce18a72c5b

                          SHA512

                          99bb9885e77a724b0b0ff610caa12119f0a9e3000a35de0d528f2c6ea8c51f8f1c1f2ecfe6dc03203bb7cfabfb7f08bd5eac7032f1af4b5e9bf48313bc23cee3

                          Download Submit

                        • C:\Windows\{FA958FB3-6B41-49a4-B707-DDC24ACD6A13}.exe
                          Filesize

                          180KB

                          MD5

                          5c05841d12d4a49a3a93dbd8cee1814d

                          SHA1

                          5e652a522005b59a93b6b32de67fc67e3516ae66

                          SHA256

                          ea8bc8f2052c707cdba25691835c5344eba842dcd5160bb99c7367d36e33884e

                          SHA512

                          998959498cafaa8e54145071e4e1ce9ef4c537c21ee307709a962f2d7e08be02b2df4368b690d6057f31648cc476c21a6f4d0408bf45a3d97ffdc405bf31ff4f

                          Download Submit