Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-07-04...ye.exe

windows7-x64

8

2024-07-04...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 09:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-04_bc5cb5e989627bbd1c16b3a0200be379_goldeneye.exe

  • Size

    180KB

  • MD5

    bc5cb5e989627bbd1c16b3a0200be379

  • SHA1

    1821f070f8d0b34f2ce8ab7e5cc2c20b663238c3

  • SHA256

    87dcfdcb46dc4554e7ccd23bfa37a0bf92cef1624062856f8b6edd7a0ca1e1d9

  • SHA512

    56dd0e7f020df9b586fc37e733aa62e900736a19e2972e5ff342b5a170b3e68f98751c27a07b128e6bbaa091afa8d327b4328c476aa5431ee9b531e9ecabab9f

  • SSDEEP

    3072:jEGh0oGlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGol5eKcAEc

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 22 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-04_bc5cb5e989627bbd1c16b3a0200be379_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-04_bc5cb5e989627bbd1c16b3a0200be379_goldeneye.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\{7C02D631-1338-4ed8-B8A9-1AD4E7FBAC50}.exe
      C:\Windows\{7C02D631-1338-4ed8-B8A9-1AD4E7FBAC50}.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2240
      • C:\Windows\{9FCE8A64-C288-4485-83AD-216AC2962A3A}.exe
        C:\Windows\{9FCE8A64-C288-4485-83AD-216AC2962A3A}.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2624
        • C:\Windows\{6DE4CBFD-F326-4f1c-8723-315971ACACFD}.exe
          C:\Windows\{6DE4CBFD-F326-4f1c-8723-315971ACACFD}.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2652
          • C:\Windows\{0E83F041-9DFD-4819-85D0-8E9C9D6EBD32}.exe
            C:\Windows\{0E83F041-9DFD-4819-85D0-8E9C9D6EBD32}.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2552
            • C:\Windows\{8FFFBDCF-7F7F-4b21-B5B1-7296D8B550A9}.exe
              C:\Windows\{8FFFBDCF-7F7F-4b21-B5B1-7296D8B550A9}.exe
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2008
              • C:\Windows\{B8682B70-8502-4e52-9C20-0016FA09973E}.exe
                C:\Windows\{B8682B70-8502-4e52-9C20-0016FA09973E}.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1048
                • C:\Windows\{C9E27ED5-8A9B-47d2-B3F4-07FA2131CFB7}.exe
                  C:\Windows\{C9E27ED5-8A9B-47d2-B3F4-07FA2131CFB7}.exe
                  8⤵
                  • Boot or Logon Autostart Execution: Active Setup
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:768
                  • C:\Windows\{2CF78CCE-C204-44e4-B995-E86F2E58D518}.exe
                    C:\Windows\{2CF78CCE-C204-44e4-B995-E86F2E58D518}.exe
                    9⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1692
                    • C:\Windows\{79F351A6-F7F6-4356-9E8A-229443CBA988}.exe
                      C:\Windows\{79F351A6-F7F6-4356-9E8A-229443CBA988}.exe
                      10⤵
                      • Boot or Logon Autostart Execution: Active Setup
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2304
                      • C:\Windows\{970F7AE3-CCA9-4ba7-A4DF-00668F9E813E}.exe
                        C:\Windows\{970F7AE3-CCA9-4ba7-A4DF-00668F9E813E}.exe
                        11⤵
                        • Boot or Logon Autostart Execution: Active Setup
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2292
                        • C:\Windows\{368E287B-5D3F-43dd-8BED-9C8E060F2110}.exe
                          C:\Windows\{368E287B-5D3F-43dd-8BED-9C8E060F2110}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1500
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{970F7~1.EXE > nul
                          12⤵
                            PID:2500
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{79F35~1.EXE > nul
                          11⤵
                            PID:584
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2CF78~1.EXE > nul
                          10⤵
                            PID:2112
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C9E27~1.EXE > nul
                          9⤵
                            PID:1680
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B8682~1.EXE > nul
                          8⤵
                            PID:2708
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8FFFB~1.EXE > nul
                          7⤵
                            PID:2496
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0E83F~1.EXE > nul
                          6⤵
                            PID:668
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6DE4C~1.EXE > nul
                          5⤵
                            PID:2956
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9FCE8~1.EXE > nul
                          4⤵
                            PID:2760
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7C02D~1.EXE > nul
                          3⤵
                            PID:2676
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:1348

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0E83F041-9DFD-4819-85D0-8E9C9D6EBD32}.exe
                        Filesize

                        180KB

                        MD5

                        248ebcaba2cf3b821e2dc0d86b7eccfa

                        SHA1

                        9427d6635b4cd709b57cadd79d056422fd360dd3

                        SHA256

                        0abd58ebb54d252898923c60948729494af19baaa3f5c3a2174e07244eff52a1

                        SHA512

                        428ec94ccffb0a6a5612fba2269b4a04fc8089e0712882c0bc3a9ff64f09eb99ffcf6c0d58df9981f9d1c527ea883416cc3f3e14fc623e0f062647514fe38c77

                        Download Submit

                      • C:\Windows\{2CF78CCE-C204-44e4-B995-E86F2E58D518}.exe
                        Filesize

                        180KB

                        MD5

                        b384c0929c956da37ceaccb04b01f65b

                        SHA1

                        b93ab34c29afbe58b14cd12112f0a9bfffc1471a

                        SHA256

                        5aa5db18a3d55e4c3e5e5da1c1b2f072b8bd4b8d710e266da144637ce81af7ea

                        SHA512

                        83ffbfc9d0e2675bed0dd7b8f9ae1d76d9806e963647b731cf60a72f45d573207c0d1eed0789cc35c48e44394618830a9d3c995bd3a5c681ec54851fb974f99f

                        Download Submit

                      • C:\Windows\{368E287B-5D3F-43dd-8BED-9C8E060F2110}.exe
                        Filesize

                        180KB

                        MD5

                        7906a39031ce1e1ae8eda46e814c0b2b

                        SHA1

                        ee231e43b87d5a32bb5c1ee867f71e3d507a7e28

                        SHA256

                        38a33685276710a9ded72e025f0ee97ec35d42749246e27ce7d71acff097a467

                        SHA512

                        68453c8bfdcd2ecebcd069fbc614a681427091a119bc1de6078683254033edd5492f23957a1b849bb87b5ea6efaab0b706dd1778fabeab5dd78448e4a408e1c6

                        Download Submit

                      • C:\Windows\{6DE4CBFD-F326-4f1c-8723-315971ACACFD}.exe
                        Filesize

                        180KB

                        MD5

                        390dc53a8f4eae416379e1a347d5dbba

                        SHA1

                        6c0313a18b3bfa04e1dc965f62a6540a8494698c

                        SHA256

                        1797d5dadc80c0309d9c2c12ca7d5e9e2f11234042ed428bbada810273699d3e

                        SHA512

                        366de6308106a1880cfb8c366d0f7fbc65b5a61b2ef58aa49838fd721d060443747fd2200ed80e32baa71e4bda102c360cac91add987a4ea7f237dc34d137c69

                        Download Submit

                      • C:\Windows\{79F351A6-F7F6-4356-9E8A-229443CBA988}.exe
                        Filesize

                        180KB

                        MD5

                        d0aca18331b70289df6739f27378aca3

                        SHA1

                        b6534484c39003fc84108c215b46dd36a4fab86d

                        SHA256

                        b00d69483348e0d5d6d72520a3f5e3e29ffb27e79176b58a5173fb50054ce629

                        SHA512

                        95153832fa28e19b49f4363abfeeb104f6d026b05bf02c4104a01d728cc808125c0627f075b907e5dd80ea4b92960580dfbab007ac14f357967c99c197f0884c

                        Download Submit

                      • C:\Windows\{7C02D631-1338-4ed8-B8A9-1AD4E7FBAC50}.exe
                        Filesize

                        180KB

                        MD5

                        bd8cf846f4a35a35978abb5a3fe1cc7f

                        SHA1

                        aeb12841d3429af50212ce73c4ae662ee59fbccf

                        SHA256

                        71e2304dd8a91a1d05898171e8548d05969e176a00b5d2e66ff5fed1783ba56e

                        SHA512

                        95eb3c3afafd060b46c04df4e433f99769a6d97619aaf43a011793bf940ad9e3b1d722812c7ba4f12c723d6bf283c836189de3f0ec96a6044b8ee5cf293270dd

                        Download Submit

                      • C:\Windows\{8FFFBDCF-7F7F-4b21-B5B1-7296D8B550A9}.exe
                        Filesize

                        180KB

                        MD5

                        9ae6a757e6dff3eae1fcc788021910e0

                        SHA1

                        b5cf27161f390cd3688c3820227dad19bec13612

                        SHA256

                        33e10121da1c1c62373dd31dec5e7003ea58988f0346715fd6857174d40414c6

                        SHA512

                        094ee42e4bbe2d9b83c7f4b91efe6cde2e10cb0b2c6daef9aed871da6e1d1ce71dd0335db743e008fd1395d4d828556ab3ada3fe64eb26c0a56df907c6f293a3

                        Download Submit

                      • C:\Windows\{970F7AE3-CCA9-4ba7-A4DF-00668F9E813E}.exe
                        Filesize

                        180KB

                        MD5

                        1bb9895e32d01cd5a838d0f15447372c

                        SHA1

                        9d5ddcb8ac606f0b3127cf26e3bee199bf389d35

                        SHA256

                        589cf0cc48e35986eeed5ab094019a8c8ecdd9f2bd9b40cda2c7af529d4cf5ce

                        SHA512

                        2e2e3c052d41e8a4ab3d39b0c1b306037719d1db209f1ba848d8bfcd0f60b6ced9ad04d607588fecfd9e00040beb3e21e572078e7fac399f1130bfec2ec60cdb

                        Download Submit

                      • C:\Windows\{9FCE8A64-C288-4485-83AD-216AC2962A3A}.exe
                        Filesize

                        180KB

                        MD5

                        53e5d0412bd9e843192a2f1575f243cf

                        SHA1

                        bcfcca7c9e9d408e68f131217d42fdd890af2c5b

                        SHA256

                        930c63cb829e3a5a4e6261e0c1ee3728a0d048ab8c70f84776dd2a10c52e0b45

                        SHA512

                        1fca02ef81070db57f8ff09e4d3a7f6203effda064250b0116162f5d7d436008061658dce187f2fac891a1f6a3a30ceaed9cb894201d4add982b073eb523ffb7

                        Download Submit

                      • C:\Windows\{B8682B70-8502-4e52-9C20-0016FA09973E}.exe
                        Filesize

                        180KB

                        MD5

                        23f29076dba1e704857773f0e04635f5

                        SHA1

                        a506f63bccfd3907e1dc1f9756e5cab295457fd3

                        SHA256

                        f93104e2b8b70ba99ea68ff9eed46deabed09eb7fbd49de23eb4c487172af87f

                        SHA512

                        04327f8f3877bad5afcc2d12794f91d62e5e8720cf0f31266ccd8d0f8d7499aa67b3916cf80de08af5362e7c9b70790e151a0f93d29de8a1d9ba1a2bdcb49d1b

                        Download Submit

                      • C:\Windows\{C9E27ED5-8A9B-47d2-B3F4-07FA2131CFB7}.exe
                        Filesize

                        180KB

                        MD5

                        480841ce9b161faa42edf2f61bdd85b3

                        SHA1

                        2e218a7629fc047b7e57bcef543223e60d902bcd

                        SHA256

                        1879cdea3c49ea74652b5374a8ce5dff7d1027bd118580b844b0e41fddd6905c

                        SHA512

                        d844d334fc8b24c59f6df8d501c665cfa8f10dc29303fd8429e20c69137cf5e71162f5bac9ba6c52702702cb4d9e08954e8b0fa9c82144f4bd2400e46882eaa3

                        Download Submit

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.