Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-06-11...ye.exe

windows7-x64

9

2024-06-11...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-11_8bf8907717332226bc87eb017eea80b8_goldeneye.exe

  • Size

    192KB

  • MD5

    8bf8907717332226bc87eb017eea80b8

  • SHA1

    d6e923f58fb9c996ea2817a1b642ce4d370417ed

  • SHA256

    3ba9e96367e3b48f03570443040f06adf59592de7118c770c07e0339c1fc05fc

  • SHA512

    653a7397033337fd9b564aaa13af80aa40de5e00008b34e37da89ed3cb98e60e5635269027b2161a66838698817d409a249a019cefd8a4d9728e4795626cadad

  • SSDEEP

    1536:1EGh0oWl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0oWl1OPOe2MUVg3Ve+rXfMUa

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-11_8bf8907717332226bc87eb017eea80b8_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-11_8bf8907717332226bc87eb017eea80b8_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\{C56433E8-8D43-43ca-9565-2279454A15AA}.exe
      C:\Windows\{C56433E8-8D43-43ca-9565-2279454A15AA}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Windows\{DA650CCD-5DAF-4991-86D8-C1589B48F5CC}.exe
        C:\Windows\{DA650CCD-5DAF-4991-86D8-C1589B48F5CC}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2596
        • C:\Windows\{C55A8DDA-D4B9-434e-874B-F6FD6B5F34D0}.exe
          C:\Windows\{C55A8DDA-D4B9-434e-874B-F6FD6B5F34D0}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2456
          • C:\Windows\{E6ED4C59-3AFE-4226-AA7F-AA99E11C8C4B}.exe
            C:\Windows\{E6ED4C59-3AFE-4226-AA7F-AA99E11C8C4B}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2496
            • C:\Windows\{268B4251-2D62-4695-AC90-33E6E37F62D3}.exe
              C:\Windows\{268B4251-2D62-4695-AC90-33E6E37F62D3}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1916
              • C:\Windows\{E6F0BAAF-74C4-4e64-8D58-E855C7CF1B68}.exe
                C:\Windows\{E6F0BAAF-74C4-4e64-8D58-E855C7CF1B68}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1928
                • C:\Windows\{DC77ED51-A60F-45f5-BDF5-3777C8678D6C}.exe
                  C:\Windows\{DC77ED51-A60F-45f5-BDF5-3777C8678D6C}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2768
                  • C:\Windows\{C16EF444-BFE5-4352-83FB-247C11BA97FF}.exe
                    C:\Windows\{C16EF444-BFE5-4352-83FB-247C11BA97FF}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1824
                    • C:\Windows\{B848E76C-626C-4923-B485-C1565A6D92F4}.exe
                      C:\Windows\{B848E76C-626C-4923-B485-C1565A6D92F4}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2920
                      • C:\Windows\{35CF1D80-EC8B-4746-82CC-30334552EE48}.exe
                        C:\Windows\{35CF1D80-EC8B-4746-82CC-30334552EE48}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2792
                        • C:\Windows\{5444E3D9-16C2-4a2b-97E0-F48779A4AFC7}.exe
                          C:\Windows\{5444E3D9-16C2-4a2b-97E0-F48779A4AFC7}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:864
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{35CF1~1.EXE > nul
                          12⤵
                            PID:840
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B848E~1.EXE > nul
                          11⤵
                            PID:776
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C16EF~1.EXE > nul
                          10⤵
                            PID:1712
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{DC77E~1.EXE > nul
                          9⤵
                            PID:1660
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E6F0B~1.EXE > nul
                          8⤵
                            PID:2780
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{268B4~1.EXE > nul
                          7⤵
                            PID:1276
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E6ED4~1.EXE > nul
                          6⤵
                            PID:2732
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C55A8~1.EXE > nul
                          5⤵
                            PID:2452
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{DA650~1.EXE > nul
                          4⤵
                            PID:2608
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C5643~1.EXE > nul
                          3⤵
                            PID:2664
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2628

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{268B4251-2D62-4695-AC90-33E6E37F62D3}.exe
                        Filesize

                        192KB

                        MD5

                        2cd5bd240c104b695a0c3f033c507b2e

                        SHA1

                        4a470e7473dd4079807fb1ab424233a691531856

                        SHA256

                        8352708be936a58d1248e90c92b7bdece87a72e888dd9a1c9dd74864040a4e7c

                        SHA512

                        cddb1a14f30b3799cfd400c9e5d4f1bc0eb352887ee23191564474ee2ae7ee67d7aa3df1da584dabd426b0f2bd012c754d884b2a0798f703e3d3217e54731cb0

                        Download Submit

                      • C:\Windows\{35CF1D80-EC8B-4746-82CC-30334552EE48}.exe
                        Filesize

                        192KB

                        MD5

                        8540e0b07f9a68edbf5af5015875dd12

                        SHA1

                        872e3684a83e74803cc6f7c62258ac80bb1cb79a

                        SHA256

                        365d7e757007f55183a5a2579d2131cae3c3f6c45b58fa75234d513b9d10a91d

                        SHA512

                        8f8fbeed7fe55f384b0208ab2511aecf51736cfce02ae505058ffcb0b1b6c63c386fbc80bc7aaac98c5dc1f34276b13f27e1c179afde00110b0eb4d3f644f8cf

                        Download Submit

                      • C:\Windows\{5444E3D9-16C2-4a2b-97E0-F48779A4AFC7}.exe
                        Filesize

                        192KB

                        MD5

                        ccbed1005f680e63e4dddf88160cfda2

                        SHA1

                        6b776847442e90bb36a89722faeff8c6c81572bd

                        SHA256

                        80547d27336419e5e9f39077a2e66090876d29b296de27958093413dfd5c5b01

                        SHA512

                        7927ae2d52969f7571b72adac0ffdfaf12e04c8ca07ee1eef019d186d05ce4f8a66cbd53d989a949b5b0df4681e9d16ad73b858185a915bef5d317bc6694b1c6

                        Download Submit

                      • C:\Windows\{B848E76C-626C-4923-B485-C1565A6D92F4}.exe
                        Filesize

                        192KB

                        MD5

                        a180e99814af4822d3d74f949eebf60f

                        SHA1

                        d0d05d36c17452ea3108a48ac400b6f25fee7d8e

                        SHA256

                        b1e88105e0c7dfece0462308a01ff51bcbb0a923a17664882775575f36703420

                        SHA512

                        a2bbbac5805410261e9c4b32d0830fa249dcf4e017b49cca87db607d0464190dce95389e07b8591dfe0e5ce859274a2bd8f4d3f397152002f61849fce7c23412

                        Download Submit

                      • C:\Windows\{C16EF444-BFE5-4352-83FB-247C11BA97FF}.exe
                        Filesize

                        192KB

                        MD5

                        5bba55ea2f3a24d27c6154fd771e9db7

                        SHA1

                        f3acda872145a17e93ea5947004666f130d6e299

                        SHA256

                        040588124bdca7f7e8fd0418dfa23fdbd8ce1ed8543f8b2b5dfe1222c452547b

                        SHA512

                        63343e595b77a9fd3123dbe9938a455dbd15e9e3679a58e54b69f3e009137b9f96a76f99f859d041d3542f27761e48031f4e0120941005301ab2a774d8466b14

                        Download Submit

                      • C:\Windows\{C55A8DDA-D4B9-434e-874B-F6FD6B5F34D0}.exe
                        Filesize

                        192KB

                        MD5

                        10f1543649d1fa6f7f5204b396c9681e

                        SHA1

                        67f6d71a7dab82f5822d25add33b4d5fe1e91ae5

                        SHA256

                        f0d9d308a50c2689bb3b93311f197e586e83575c79daba291cb25580e5e2b400

                        SHA512

                        1ead272decc5d954ffca5ca654105c6e30f385c9e3fc3e3d02b0c393f44b996422201f2cbf84800e76169abc810be4454fe96ad791a1ca3e15e53efba7b368c0

                        Download Submit

                      • C:\Windows\{C56433E8-8D43-43ca-9565-2279454A15AA}.exe
                        Filesize

                        192KB

                        MD5

                        be287f0c3c0ba99066fa10588b530c17

                        SHA1

                        699380015abd79e17512852b3017b5a20ccd146f

                        SHA256

                        bf6c212c5eb13668ffcb52951d359717174157aac02a4a3ccc26d4eabca84e8e

                        SHA512

                        6e8bc568385bdfeb7ae46715be694ba317ad84f1b24fd8487119bd33c00dfe58b1defa5cb84e96f52c8e51c667d55c35920c99fbe06c3f3f05d35c4007ef85e8

                        Download Submit

                      • C:\Windows\{DA650CCD-5DAF-4991-86D8-C1589B48F5CC}.exe
                        Filesize

                        192KB

                        MD5

                        a817163b55b8a11cd4f29545fc8a18f7

                        SHA1

                        dda6b9f2868610d066c9d84fdefa89f13766348e

                        SHA256

                        f45b757f2dde4e7c83086ea44f1777c83f2d86d9b121db629f72f227c3b33e95

                        SHA512

                        feee5fa1e0bb03edf1fc762851902c70316e45da0061263e6daf0b2cc8bf58b4beff6897fc32857e986c4d40276fc11e30a9626ad2bf3b1237100ff78d715390

                        Download Submit

                      • C:\Windows\{DC77ED51-A60F-45f5-BDF5-3777C8678D6C}.exe
                        Filesize

                        192KB

                        MD5

                        5cae3f0f19a48a76f87edb31e2408927

                        SHA1

                        e304bb929581461aae6649a2d8126560ad7bed7b

                        SHA256

                        c6c8381550d6d5f5ff77a6d92f5e16ab11abaedf6c91cb5e8d7bc316b333b00c

                        SHA512

                        05e61d4d1ce3b9b75ef9e079b24388e8710f76d0aef87a6bc18490ede0dafa6618cb8ae7f50da69d1351c2c5c35981ed796372b5570bb5de2516166bf93dfe59

                        Download Submit

                      • C:\Windows\{E6ED4C59-3AFE-4226-AA7F-AA99E11C8C4B}.exe
                        Filesize

                        192KB

                        MD5

                        a5ddeda96998897b8471fd351f0392ec

                        SHA1

                        a4e4f83fb9d92b01888d08115ba6de17b9fd0c82

                        SHA256

                        3f06e295310feb986526028b703331c9470a34eb30306c4b54729a3f4d5d4626

                        SHA512

                        4736039180639d3ca544c1c23fe1675e5652863971b8b8abce44dff574f3d2d32f221a992843391670df8a2ccc915da1f5e5dd49dabe62998b57a1d6b121162d

                        Download Submit

                      • C:\Windows\{E6F0BAAF-74C4-4e64-8D58-E855C7CF1B68}.exe
                        Filesize

                        192KB

                        MD5

                        b08beac42be6b294b87619c89b9390b6

                        SHA1

                        01dddc77073317ab47c330a6754c97be219a4801

                        SHA256

                        817fea8955ed1c5f28e9259f46340586f1f48d4ef538281ceb2e9d798ad2ad88

                        SHA512

                        84e44609aeeb2964aa727150d8c6b5ded24b0a87dbd5925ae61bcc8c86b8ad7d7c9cedfed798f81182f8fd7d28cbc48b25901bb56ba5f92acb177615bcb3ab0e

                        Download Submit