Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-07-01...ye.exe

windows7-x64

8

2024-07-01...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-01_9d1fe7d17517bd7369f642e839235c31_goldeneye.exe

  • Size

    216KB

  • MD5

    9d1fe7d17517bd7369f642e839235c31

  • SHA1

    781bdaa49ba7f4629cdf00251be01b2c35c4b27f

  • SHA256

    0867ba00b210a2b2e44f258f9b8fb43a4fb44ca59e0fa3c0c29ebd412c2895ce

  • SHA512

    85b1f3257671ed384421b9a960722dbd3217191fd1fdbb6441699e382505197ae650fe03892d47eb7992b3d7ec5673772652cf3f0e2a752b5f9ee3e33c741417

  • SSDEEP

    3072:jEGh0oEl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGGlEeKcAEcGy

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 22 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_9d1fe7d17517bd7369f642e839235c31_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-01_9d1fe7d17517bd7369f642e839235c31_goldeneye.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\{9709970F-0763-4eaa-9F0A-15811BF7E032}.exe
      C:\Windows\{9709970F-0763-4eaa-9F0A-15811BF7E032}.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Windows\{F9091E49-71EE-4767-B419-B729EF3AA3FC}.exe
        C:\Windows\{F9091E49-71EE-4767-B419-B729EF3AA3FC}.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2544
        • C:\Windows\{96B6C821-F180-4255-ADB4-7BB80630E113}.exe
          C:\Windows\{96B6C821-F180-4255-ADB4-7BB80630E113}.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2620
          • C:\Windows\{74D0B809-3B68-4f8a-B629-28C2977E4AE3}.exe
            C:\Windows\{74D0B809-3B68-4f8a-B629-28C2977E4AE3}.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2616
            • C:\Windows\{80B61655-1809-4c23-AAA3-F4FB1E38FF1D}.exe
              C:\Windows\{80B61655-1809-4c23-AAA3-F4FB1E38FF1D}.exe
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2868
              • C:\Windows\{31C528D9-9756-4d4d-BB87-5EE33DA7ACFA}.exe
                C:\Windows\{31C528D9-9756-4d4d-BB87-5EE33DA7ACFA}.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2012
                • C:\Windows\{D984C053-2719-4434-8170-45EE973A8406}.exe
                  C:\Windows\{D984C053-2719-4434-8170-45EE973A8406}.exe
                  8⤵
                  • Boot or Logon Autostart Execution: Active Setup
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1356
                  • C:\Windows\{C2928AA2-6178-4ef5-B5B7-F3AAF3DC1AEF}.exe
                    C:\Windows\{C2928AA2-6178-4ef5-B5B7-F3AAF3DC1AEF}.exe
                    9⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:784
                    • C:\Windows\{E0B1F904-A4A0-4ffb-8ABE-840591F55CF6}.exe
                      C:\Windows\{E0B1F904-A4A0-4ffb-8ABE-840591F55CF6}.exe
                      10⤵
                      • Boot or Logon Autostart Execution: Active Setup
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:880
                      • C:\Windows\{B890AFB2-3D84-4dca-96AC-276E965D932C}.exe
                        C:\Windows\{B890AFB2-3D84-4dca-96AC-276E965D932C}.exe
                        11⤵
                        • Boot or Logon Autostart Execution: Active Setup
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2840
                        • C:\Windows\{C67D4E3C-D876-43e2-A961-3A0C2F095FD1}.exe
                          C:\Windows\{C67D4E3C-D876-43e2-A961-3A0C2F095FD1}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1052
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B890A~1.EXE > nul
                          12⤵
                            PID:2936
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E0B1F~1.EXE > nul
                          11⤵
                            PID:692
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C2928~1.EXE > nul
                          10⤵
                            PID:1748
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D984C~1.EXE > nul
                          9⤵
                            PID:332
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{31C52~1.EXE > nul
                          8⤵
                            PID:1204
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{80B61~1.EXE > nul
                          7⤵
                            PID:404
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{74D0B~1.EXE > nul
                          6⤵
                            PID:2000
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{96B6C~1.EXE > nul
                          5⤵
                            PID:2684
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F9091~1.EXE > nul
                          4⤵
                            PID:2476
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{97099~1.EXE > nul
                          3⤵
                            PID:2456
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2524

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{31C528D9-9756-4d4d-BB87-5EE33DA7ACFA}.exe
                        Filesize

                        216KB

                        MD5

                        dab1f1ed9d10bc6e06c86635ceeab19e

                        SHA1

                        804186ff793fea7ae7f2bc054b4d1c8d5e7a6a7f

                        SHA256

                        769e68255b37dd9725b53577d6ca54f63d1d6df5a21839580a47463278351a2e

                        SHA512

                        af94a36d6ac9061b01f830f539157e3abcd2124edf1426d1b06d7f7b34a661c9644c3db5f935c0b7c77c255a7059ecca57a4028900d46c6572056c52eaba5991

                        Download Submit

                      • C:\Windows\{74D0B809-3B68-4f8a-B629-28C2977E4AE3}.exe
                        Filesize

                        216KB

                        MD5

                        59484f8b03e6481bc80eafaedc604542

                        SHA1

                        5c2e1d906d37f08f58f88e831e0fa4f02a160a1b

                        SHA256

                        d4953737d28b14a35f5db73e0e5994b9b151a68ba5a437cb46a59bc656655c1b

                        SHA512

                        6556f1d05979378647e759f8ee52e5fff8829055a52f8e1b80a0f13785a91aa4df9436292babcaa7fe3ffbdd5de878b5a22c67f93e18ac1f9f25430e4cc990f3

                        Download Submit

                      • C:\Windows\{80B61655-1809-4c23-AAA3-F4FB1E38FF1D}.exe
                        Filesize

                        216KB

                        MD5

                        beea6fdea837b4d916e1555ec9290dec

                        SHA1

                        c543a51a2b4f1176f4e97a12367aae00fd35514e

                        SHA256

                        417d4f6f41fe39c226cefbd413c4e14fc8333b0f973a142c2192053589da9e7a

                        SHA512

                        a44b3090f91920baaae9001dc3ba6e7ebacf1f6e166c68fe8e85523f7b5353150495f4d763c0e684bf93c0162714f902e34e09cbd6e4077c84837b9df8891fcc

                        Download Submit

                      • C:\Windows\{96B6C821-F180-4255-ADB4-7BB80630E113}.exe
                        Filesize

                        216KB

                        MD5

                        9ee899d66f10397a668dbd7727e2f1ac

                        SHA1

                        ecebbdbe82ba38c2d8343691d4c1f220fa2127c9

                        SHA256

                        bd3dbe98635eaabc1b286e43ab1ad1d5fbe3ed8bd8c1a02bd979e55e1ea7f800

                        SHA512

                        ac5e9931a85003a041f4d38b9929dd8d9fb8f6af9fe6986bca50c9e5e148efad2a46558e72378bb8d8af188b99c46dfc22080d6dd1ba17c1fa579eb2783b4a35

                        Download Submit

                      • C:\Windows\{9709970F-0763-4eaa-9F0A-15811BF7E032}.exe
                        Filesize

                        216KB

                        MD5

                        f0ea60e5f17f73211a48b52052c18966

                        SHA1

                        0d31740ab3670171e24b0717b0e2fb5c27913e5e

                        SHA256

                        4cfe950da9962e9f99545131ef9e299ca09adf4dcc8f756315e49fbb104a0f6e

                        SHA512

                        a4a003b704934a5aa5a2b67889afbbe9c7aab1f34eab3e72d1da7d16e84c4ac6d7f471dfbd49edb544bbb44abe74c1401f7309aaf858bd634ea3a2e13895c484

                        Download Submit

                      • C:\Windows\{B890AFB2-3D84-4dca-96AC-276E965D932C}.exe
                        Filesize

                        216KB

                        MD5

                        989eeada5c6a07dff04b240cf6685ab7

                        SHA1

                        75a653fbbb3dcacaeb00d06dc6029b19289e02bb

                        SHA256

                        c5aeab6c576b1ae63c37d132daa27f6824d5e4a94837fcdb11a2503fbf083e99

                        SHA512

                        9bd931098dd8ac0fc1f12379e5b9a716f99e823a4d35c4de926f6c9dcf759df9b871f5bae0681456bf40baca5e9069162c529ba80d7db7e172a53dca635619c2

                        Download Submit

                      • C:\Windows\{C2928AA2-6178-4ef5-B5B7-F3AAF3DC1AEF}.exe
                        Filesize

                        216KB

                        MD5

                        e64e25d442aa9df4b557e131ccf13008

                        SHA1

                        3ddd20e47e39f42a1671a10d2bbf7e57a42d7ed5

                        SHA256

                        6abf1c1d5c8bde0a4edf1c360cbea4a38e21803efffafc3d5e004b4672f42609

                        SHA512

                        036ef1192bc56fc0a7b4935cb1e41fa13cd0e0dfdd98a80264ca245f7f65b03db9162033a0a4405d1cc44f8feff6e4f349612676201e0d2c163fe06bf630e9b2

                        Download Submit

                      • C:\Windows\{C67D4E3C-D876-43e2-A961-3A0C2F095FD1}.exe
                        Filesize

                        216KB

                        MD5

                        3b66114fa10218b74c8fdb40e1009a10

                        SHA1

                        145de4d59f439490f654c61965832137ebb228ec

                        SHA256

                        5d049abe538516f5c92a15869d94bee887d861c500268e919c50e20bd314bd62

                        SHA512

                        3674cbe59a1f82b25b33995545304992c5646b888d806e9ae06f0a86980f5be70d5cf7c732cdc15f6bb627748a106ac78c4effbd4e5d2e454b167f648a72533b

                        Download Submit

                      • C:\Windows\{D984C053-2719-4434-8170-45EE973A8406}.exe
                        Filesize

                        216KB

                        MD5

                        5f086fe6e95db3a4a9db036a2ff05b3a

                        SHA1

                        15bc3de58763e5a76876923a43ec7d3f619363d7

                        SHA256

                        8cf03e9781dd402fa2907d40d7aaa40dfd478e08baed2193bc8353b20e481a42

                        SHA512

                        8749e12bff55c117af1a76c75de75965d1f450a64b1947477f180c3574d832ccfe8b388fab9e812b5050f38d166f3e4fe82d9b0ec6a04aeb479daac788d84789

                        Download Submit

                      • C:\Windows\{E0B1F904-A4A0-4ffb-8ABE-840591F55CF6}.exe
                        Filesize

                        216KB

                        MD5

                        ff2171991492bcf05db4ccad0a4e7230

                        SHA1

                        490c7a135d6c85d07a92c0f6df5edaa71879fc48

                        SHA256

                        cbaaeddb2299bef69155710770cb54ec86a1b3aefb76c4e79819110c74b3d4ad

                        SHA512

                        f0b2b3f7b42422d037c2fc5e56fd57e3f0a1684875898c3404288b43f4d7626823dad32c42a273aa385cd750938c4b0a910eb1dc325eb2c6fc9d8698af6135e6

                        Download Submit

                      • C:\Windows\{F9091E49-71EE-4767-B419-B729EF3AA3FC}.exe
                        Filesize

                        216KB

                        MD5

                        04847ce40e9689f68e6800b1dc36930a

                        SHA1

                        0b74bac44ea4ea721458f450e72e68d3daf8947f

                        SHA256

                        3aff84ab3bc63b716984e80dbc7ca8982ec2fba0e1f4a60fe8bd9851eee622d2

                        SHA512

                        92a63d09c73e51a71725280bc307aa45faa09e63c1b3aee51b35fa3b0b28aaccb1eba852f0b14a154d92e35fd503b17747762024719fc918df08d95a025161c0

                        Download Submit