Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-06-14...ye.exe

windows7-x64

9

2024-06-14...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-14_73809c92ced956e3951db1d789db4afe_goldeneye.exe

  • Size

    216KB

  • MD5

    73809c92ced956e3951db1d789db4afe

  • SHA1

    1bcc10c25b3f91a3584427fe6cce10dc939df888

  • SHA256

    fbff0538e269160091e723f0fcd080efc71435b443c775585d8e6aca9a3280c1

  • SHA512

    e2c2d2a306f0bdec4f3a2374dbaef9c50e55e4ceb8d8bb1150a19cb0782fa36c26d003528866658d045a7c47dc82c57b6cac0f89fcf58907269d294a9ef40e93

  • SSDEEP

    3072:jEGh0ovl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGZlEeKcAEcGy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-14_73809c92ced956e3951db1d789db4afe_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-14_73809c92ced956e3951db1d789db4afe_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\{A76C2506-0832-43fb-8374-806371E68AA5}.exe
      C:\Windows\{A76C2506-0832-43fb-8374-806371E68AA5}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Windows\{889141D2-B102-4dc0-9426-11C604BD4D62}.exe
        C:\Windows\{889141D2-B102-4dc0-9426-11C604BD4D62}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2928
        • C:\Windows\{C740AA14-66C6-46a2-8475-8E5742280F4E}.exe
          C:\Windows\{C740AA14-66C6-46a2-8475-8E5742280F4E}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2844
          • C:\Windows\{E7A96761-EF1F-409a-AB53-A9B3450D1B56}.exe
            C:\Windows\{E7A96761-EF1F-409a-AB53-A9B3450D1B56}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3032
            • C:\Windows\{E1DE61B5-84B9-4e11-9155-9B652E65554F}.exe
              C:\Windows\{E1DE61B5-84B9-4e11-9155-9B652E65554F}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2984
              • C:\Windows\{0AC459BC-F5D6-42d7-BD81-FCC0BA1A6D4C}.exe
                C:\Windows\{0AC459BC-F5D6-42d7-BD81-FCC0BA1A6D4C}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1664
                • C:\Windows\{92CB9D89-A3CF-4fa5-A772-CC1CF88F74AA}.exe
                  C:\Windows\{92CB9D89-A3CF-4fa5-A772-CC1CF88F74AA}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1944
                  • C:\Windows\{CE58F891-7A27-450f-8FAA-4A1DD3A4CA15}.exe
                    C:\Windows\{CE58F891-7A27-450f-8FAA-4A1DD3A4CA15}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1644
                    • C:\Windows\{969F724C-4A6F-4207-A44D-21DF5AEA3BC9}.exe
                      C:\Windows\{969F724C-4A6F-4207-A44D-21DF5AEA3BC9}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1336
                      • C:\Windows\{21057384-F77E-4962-9412-6D5AE6219E1C}.exe
                        C:\Windows\{21057384-F77E-4962-9412-6D5AE6219E1C}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1684
                        • C:\Windows\{9B94F040-534A-4ce4-A220-045DA78CF7FC}.exe
                          C:\Windows\{9B94F040-534A-4ce4-A220-045DA78CF7FC}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:584
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{21057~1.EXE > nul
                          12⤵
                            PID:812
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{969F7~1.EXE > nul
                          11⤵
                            PID:1956
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{CE58F~1.EXE > nul
                          10⤵
                            PID:2088
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{92CB9~1.EXE > nul
                          9⤵
                            PID:1576
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0AC45~1.EXE > nul
                          8⤵
                            PID:1736
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E1DE6~1.EXE > nul
                          7⤵
                            PID:2012
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E7A96~1.EXE > nul
                          6⤵
                            PID:2100
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C740A~1.EXE > nul
                          5⤵
                            PID:1084
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{88914~1.EXE > nul
                          4⤵
                            PID:1096
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A76C2~1.EXE > nul
                          3⤵
                            PID:2800
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2148

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0AC459BC-F5D6-42d7-BD81-FCC0BA1A6D4C}.exe
                        Filesize

                        216KB

                        MD5

                        1233fb9cf1ece5e88c0964bbf7efdfcf

                        SHA1

                        b61fd525b6e8d76847a51f097aa26fc707fa3625

                        SHA256

                        0074fa29f5ef415251f3372e2a2571959ceae72784fac848e1ae9527a6b217c1

                        SHA512

                        b4462adef2d7c3854ece34dd6a6e0925cbc3a2682affa6be63a9a37bbac5786412350bac539793efb3679ebcfdbd19046fc7d9f15ac1b12b3532f291830741be

                        Download Submit

                      • C:\Windows\{21057384-F77E-4962-9412-6D5AE6219E1C}.exe
                        Filesize

                        216KB

                        MD5

                        4add2a0edcb52ef27dd0b87c5a46e998

                        SHA1

                        7db0e4b55b22ccf844ad35ca1ff8252c286ea119

                        SHA256

                        92dc07f4541192d8d9260c4e4c15dad5559e27f5d32e56f9040e660861956829

                        SHA512

                        18996e3205bf89fb042dc91919e62dafd795e9abaf79cf176b53f05418ff0c20426e2f0c6ce1f0f9f6efb4ab833744d46d9212f35efef341fd29cc8192a926ff

                        Download Submit

                      • C:\Windows\{889141D2-B102-4dc0-9426-11C604BD4D62}.exe
                        Filesize

                        216KB

                        MD5

                        1da087d561c210555918daecd0d1fbb1

                        SHA1

                        4989c7fae550379b45a1b707030ff8ffa18a8410

                        SHA256

                        f4067fbae4e033e6424a51358eced4b9dcbeea8edd3e460ae442e5dce0729d37

                        SHA512

                        8dde4e7e8782e12b7dfccc1576e4b994f8bee535c6d4a447a9699d15863bf3869006c6d4864f758f488fd782103e268210a5a91d6d66784bc3173b60835f4cd5

                        Download Submit

                      • C:\Windows\{92CB9D89-A3CF-4fa5-A772-CC1CF88F74AA}.exe
                        Filesize

                        216KB

                        MD5

                        883f83bc1bb5a1658c5623d836beeb0e

                        SHA1

                        200726193cfaa1335fca2b2f2ee741f9fecab65e

                        SHA256

                        a3be16fd3d3e057ca985ef0773f21ba22580479cd67ffd1c2822b9ded58b44b7

                        SHA512

                        05159d792dd246bb8dc340b4cbc6bfe6ce387ecfb29eb789c1720cd621faa8380e886e292f9663fcf6c8f3fd313e6d3d2705d0a87f5ed9f0ce404f73aa54e59c

                        Download Submit

                      • C:\Windows\{969F724C-4A6F-4207-A44D-21DF5AEA3BC9}.exe
                        Filesize

                        216KB

                        MD5

                        8db39c3b764f80bad5b406753d230fec

                        SHA1

                        cc59a88f83c8de81365bca91e3d85d1f2c6e5578

                        SHA256

                        e3425aa3a572b7b7ea8b245c634cf48eea0daaf9fa79a20faea336f5d8062643

                        SHA512

                        4a08ea45023a7fbcb4465375de4f179d75d03c02baeee9d738d88ece96c90b79b48a7f1ab35bd099b8bfc4cb911285feafbf526e3c17f9c1777ad0e02f4b0772

                        Download Submit

                      • C:\Windows\{9B94F040-534A-4ce4-A220-045DA78CF7FC}.exe
                        Filesize

                        216KB

                        MD5

                        efbdc068a74aa7e30feaecb1bd56204c

                        SHA1

                        c38296ae4aaa8b9adcf332a8b35d0d0873909756

                        SHA256

                        55d1e1d6534141f3ad98bc05f7d5a5002893e64e0d4e90ef99c84543201bc2c3

                        SHA512

                        5946827a1a6b5c1bd2557c1bd8e684de42a774d7ac235213252b182ccec7d07451a247ee5acb1b51ec431dea01c58d690e05b1dc3b8aef8bacbc3b74a79bfb6e

                        Download Submit

                      • C:\Windows\{A76C2506-0832-43fb-8374-806371E68AA5}.exe
                        Filesize

                        216KB

                        MD5

                        19c12ade6ab396b6bb6aa91d86c8f8e9

                        SHA1

                        ad0f7b170dec7db0e258f0956a1ea8f1d3f5b9fa

                        SHA256

                        0a9354b61e98d945d049f2c82ac8c826e3af1e10bcf32a667a9d4f387b6570e0

                        SHA512

                        2f25e69a5d38e4844e4e1b6c1e79e18b8cd98dc79ab77addfc10ccfc052732c9ae4e7519fb3a5302f75e98c7674770e207fe8ee81820ff8ae11f7f1606283ecf

                        Download Submit

                      • C:\Windows\{C740AA14-66C6-46a2-8475-8E5742280F4E}.exe
                        Filesize

                        216KB

                        MD5

                        092e2f68aa8996fbb45dc8c10c768dd3

                        SHA1

                        30fcccc067d3998ff68096fd73deb0c0ba01fb70

                        SHA256

                        5d123d22926f8f0b2031b47ca0f3553924dfaf12689d7ffe5e8ec98ce868084a

                        SHA512

                        20c233f344b4b17f3262ab34ee37a61258583da93ecfd6621fa52e05f85e3fc8b1ba95b73cd0dd27b0b08540d2d9bd689816ef841e42e5917a1e913efa4ecf71

                        Download Submit

                      • C:\Windows\{CE58F891-7A27-450f-8FAA-4A1DD3A4CA15}.exe
                        Filesize

                        216KB

                        MD5

                        7172a34761c7a596e9e4a5434eecb422

                        SHA1

                        30a286926c053e9e7016eaba274c117c8e02b1b2

                        SHA256

                        97961ad072dfc59078b65e625275ee91ace88bccd38e9d9b6be0cd88f29def92

                        SHA512

                        800aac51e7ab2847f37d4f0b597719d8d54bfbb39cf7c0517307cc12b7d0918a55598ec07c1f2a067a9877d3d343fdeae4172f0b5c37fa587d44a9c77a380d98

                        Download Submit

                      • C:\Windows\{E1DE61B5-84B9-4e11-9155-9B652E65554F}.exe
                        Filesize

                        216KB

                        MD5

                        00aa00b73ffa515b6d2efedea372347b

                        SHA1

                        d01968caf35eef2632982bcde8474e2a46f8c429

                        SHA256

                        fc42ec791e74c26245ea460e6a31ff6cccd8cd11e0bee61a0fb05a8b6e128157

                        SHA512

                        5a2f474f14bb376813248499accb9d0202054661d5ddfb71b0f85b19d28a5e1b65ac72a3123ede225e450cb8f1207ce028119ce4d89b9ce74672ee4429bd099f

                        Download Submit

                      • C:\Windows\{E7A96761-EF1F-409a-AB53-A9B3450D1B56}.exe
                        Filesize

                        216KB

                        MD5

                        bf14444ae958c97c1997c0a5e0efd4b9

                        SHA1

                        be874e59e24e8c5f848b0f06b3549cc4bc657f87

                        SHA256

                        6e1b3d2284d9d6cb034c300e438b63eac3aca80ceeefb2512933874be59b4035

                        SHA512

                        425969d63f9736d31f1a4d0761b30e831e4b1d27ffdc3a0e58c799ef94dadd4dae2075805f9fd82ad6bf7a75af0a0cc43885bcc9c726197ccd9c3997c14ceb36

                        Download Submit