Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-07-06...ye.exe

windows7-x64

8

2024-07-06...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-06_7a7b1c5b219538dcc2561feee8b58d96_goldeneye.exe

  • Size

    192KB

  • MD5

    7a7b1c5b219538dcc2561feee8b58d96

  • SHA1

    43317d85521fe9fa1c30fe175090e101d99b3b60

  • SHA256

    6973f1fe8f83b2053e3a8ed244f19f7d0e66ed2822db4ba4f92b287264167ade

  • SHA512

    ef2869187af30bf64a7d3c51a07bf48bc2e2382947109b9581cb5744dd29a78723c6869f50b806d2b38b639d72c6b440c7648f24597717dfdbf26d8b7ecd064b

  • SSDEEP

    1536:1EGh0oEl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0oEl1OPOe2MUVg3Ve+rXfMUa

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 22 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-06_7a7b1c5b219538dcc2561feee8b58d96_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-06_7a7b1c5b219538dcc2561feee8b58d96_goldeneye.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Windows\{C2B360B1-7E81-4978-A42F-C591208642CE}.exe
      C:\Windows\{C2B360B1-7E81-4978-A42F-C591208642CE}.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Windows\{C2A7DE4A-DE12-4228-9BF6-B84AF8963F06}.exe
        C:\Windows\{C2A7DE4A-DE12-4228-9BF6-B84AF8963F06}.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1324
        • C:\Windows\{5B779519-0945-49b1-AE3D-52FCCFDB7CF8}.exe
          C:\Windows\{5B779519-0945-49b1-AE3D-52FCCFDB7CF8}.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1892
          • C:\Windows\{A27D3B4D-8C90-4433-8CED-E2E33F85FCC0}.exe
            C:\Windows\{A27D3B4D-8C90-4433-8CED-E2E33F85FCC0}.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1784
            • C:\Windows\{AAF320E3-84B3-4138-8E0C-CBF49C486E1A}.exe
              C:\Windows\{AAF320E3-84B3-4138-8E0C-CBF49C486E1A}.exe
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2368
              • C:\Windows\{05DC4189-6465-4142-B28F-EF72DB365CE7}.exe
                C:\Windows\{05DC4189-6465-4142-B28F-EF72DB365CE7}.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2820
                • C:\Windows\{8024F973-7AD3-4df6-BBAB-19CC5DD5E191}.exe
                  C:\Windows\{8024F973-7AD3-4df6-BBAB-19CC5DD5E191}.exe
                  8⤵
                  • Boot or Logon Autostart Execution: Active Setup
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2336
                  • C:\Windows\{E181AD3F-1F2C-4edc-A91D-EA8B22374143}.exe
                    C:\Windows\{E181AD3F-1F2C-4edc-A91D-EA8B22374143}.exe
                    9⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2512
                    • C:\Windows\{1FEC61FD-4486-4d81-940F-6E08A833547F}.exe
                      C:\Windows\{1FEC61FD-4486-4d81-940F-6E08A833547F}.exe
                      10⤵
                      • Boot or Logon Autostart Execution: Active Setup
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:776
                      • C:\Windows\{9AFDBC70-F5D8-41a1-B06F-C13B51AAA5FE}.exe
                        C:\Windows\{9AFDBC70-F5D8-41a1-B06F-C13B51AAA5FE}.exe
                        11⤵
                        • Boot or Logon Autostart Execution: Active Setup
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2188
                        • C:\Windows\{F25B3779-2823-4fc4-9420-845F5C39F670}.exe
                          C:\Windows\{F25B3779-2823-4fc4-9420-845F5C39F670}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:912
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9AFDB~1.EXE > nul
                          12⤵
                            PID:304
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1FEC6~1.EXE > nul
                          11⤵
                            PID:2140
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E181A~1.EXE > nul
                          10⤵
                            PID:536
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8024F~1.EXE > nul
                          9⤵
                            PID:760
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{05DC4~1.EXE > nul
                          8⤵
                            PID:1288
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{AAF32~1.EXE > nul
                          7⤵
                            PID:2808
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A27D3~1.EXE > nul
                          6⤵
                            PID:2824
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5B779~1.EXE > nul
                          5⤵
                            PID:2276
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C2A7D~1.EXE > nul
                          4⤵
                            PID:988
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C2B36~1.EXE > nul
                          3⤵
                            PID:2620
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:3068

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{05DC4189-6465-4142-B28F-EF72DB365CE7}.exe
                        Filesize

                        192KB

                        MD5

                        4f4aabb36e0019a7816ed1deaae88110

                        SHA1

                        758da78a41514479a8ad5d027ac8285ef2f3079b

                        SHA256

                        9b6d46f939cf853d33749932feae2e57665a1df3ec6e966183a5944e021928c2

                        SHA512

                        5e94aeed3a8af48831161301de94470040850e16f3872615274b1460e861a1efa6e696d7c5d00de4618a0833826fb9bbd079bbb612bcb33ca81d6febbc1116e4

                        Download Submit

                      • C:\Windows\{1FEC61FD-4486-4d81-940F-6E08A833547F}.exe
                        Filesize

                        192KB

                        MD5

                        73815c2baf649cbb02f59418c80fe7e3

                        SHA1

                        2b4bdc686d88f7f736e4de753c1c2ecb19e68ec7

                        SHA256

                        b643e6abe6799bb51f8f2aa6defcd96a192fcbf53e38c8f09d61080b72f16ee1

                        SHA512

                        688ee830f527c2c82f80829806b5177787539ea5ae433be2fc2c6a5f86eb1abee89d8eff7598f4b8f7c595de9e9ddae0dc95a8ca963f6dbdf7a15452d9b8abe2

                        Download Submit

                      • C:\Windows\{5B779519-0945-49b1-AE3D-52FCCFDB7CF8}.exe
                        Filesize

                        192KB

                        MD5

                        633277b79bbb1c762d90945a3b7576f4

                        SHA1

                        5a1453437d29ad3685b76917beb5c0cbda2fe0ad

                        SHA256

                        291fb7747c916b94c8babf95c68a1cbd638c8e82f1954c7ed0a276a393f7ca04

                        SHA512

                        94527f6e9880f29c6242d9bdafc247e3abf193aa196e61c4d0a6fe83bbf795b408b5e4728ccde10ca85dbdba3960d03e61dcfc5f092b1b3c30c92f9f7fb0d753

                        Download Submit

                      • C:\Windows\{8024F973-7AD3-4df6-BBAB-19CC5DD5E191}.exe
                        Filesize

                        192KB

                        MD5

                        ce10e378df53f17ee94b2c3a77b10b9b

                        SHA1

                        1171b4e6a4789655acb5cc0335a2c0b001f597b4

                        SHA256

                        6c0ce3ce54e358f73f19042973b25435d8669601e8602d1bbff0e6dc32144d7f

                        SHA512

                        4a02e140bde8b53dc2106da99cb15a83ae24c4c582be0f48e4dc3e3140ed21ba0fa26be6122cd0556d850d3ecff087fc80c7c36eefe7bd75d294aade462fff2d

                        Download Submit

                      • C:\Windows\{9AFDBC70-F5D8-41a1-B06F-C13B51AAA5FE}.exe
                        Filesize

                        192KB

                        MD5

                        cd96b9684eba94403945cb5732d5a891

                        SHA1

                        4c1dd30b984bebb5c21f59d012293a34065ccfac

                        SHA256

                        3201f37d53906f01126b724db9312bb12a7d1e63d2c0d9ec8c18eadd24add714

                        SHA512

                        602d65a2674cca2b2980b105b9b176e7ea55ebdfc2e134e4019524f13904683510010a9e5a3b68159ae73fa415ba219c4beabf701197644c3273b1672b986e6a

                        Download Submit

                      • C:\Windows\{A27D3B4D-8C90-4433-8CED-E2E33F85FCC0}.exe
                        Filesize

                        192KB

                        MD5

                        5147ac1c0e3431600e6d9f308047e780

                        SHA1

                        c56bf31308ed7260b6065be996c20197790aaa60

                        SHA256

                        42a12b392c4eaaceb23b1180e9742ff43904febafb7ecf27d3fbc71915926d4b

                        SHA512

                        53ebaf8780206e8c0134eb2df304b1dbba012ea8c75f8ba3599cc90e1c90f1eadfb54504e6a8d2f9688137552e20336ab90b14aa9c733f62c80e37363a762e7d

                        Download Submit

                      • C:\Windows\{AAF320E3-84B3-4138-8E0C-CBF49C486E1A}.exe
                        Filesize

                        192KB

                        MD5

                        1a11f06e277aa9db0c352e669bda4091

                        SHA1

                        a1e97c292f49183180b0a53ef966470f2d3e17da

                        SHA256

                        e1870cf87fe098922429f41bdb28ac57a12653dad30ff9540b03a0b2734fbf2d

                        SHA512

                        1750d1ff2061d020fc3fe99ba301bf15328cbb1a2e12280ac46fe47824507b2dd833818eda8abb2c6b1716c392d98844fa938e48ffba5b66a6346ceca2a0890d

                        Download Submit

                      • C:\Windows\{C2A7DE4A-DE12-4228-9BF6-B84AF8963F06}.exe
                        Filesize

                        192KB

                        MD5

                        a1bfbd1dc60ba4446ad81979a50c2936

                        SHA1

                        b89cf868882d96018c1f0581a31341404ec9b04d

                        SHA256

                        0a9a5ac03fda626550a0f45d2d0e90029498442e3dfe963bceee9437e8f32da2

                        SHA512

                        cbc693e4d77e9f09134e0d522df3ea841ee27573da523b6125573458f25fd0071571449250738e8951e93b2f169563fecc2b1476159421f46de1e6edc1f507b9

                        Download Submit

                      • C:\Windows\{C2B360B1-7E81-4978-A42F-C591208642CE}.exe
                        Filesize

                        192KB

                        MD5

                        9a421f2eb01b037fe5c2a759cce87ee1

                        SHA1

                        6ef030013eef20c2bb5829a4d0f3e7cb8a8a37e7

                        SHA256

                        e8512061147d443e9a71d7bc1b2c7d70b8ee214f4733cdf90b8d9cae2bd395ca

                        SHA512

                        37a6ae59578eea735a5a74eda101b05440423541c6c810f4f38385b44931a42f5254647e19bebe46d865a667c17bcc35a708d28eee8ae12fdeb6640f60fe55ad

                        Download Submit

                      • C:\Windows\{E181AD3F-1F2C-4edc-A91D-EA8B22374143}.exe
                        Filesize

                        192KB

                        MD5

                        eab2a2c3afa6203c173f53c3a90f064a

                        SHA1

                        fb9f84739c1f8476902604807ea3db7dba2ec49f

                        SHA256

                        d08e3577467e157d7483fdc531d7a914f4adfbbbfe715afcf0d04b2fc2c77dee

                        SHA512

                        6e0590c152c7de87b8291e85c14e0297b5047a2508b3698e15a525148e53b1ea5ca1ef4360d07c09170b484b8fd2e2c3f08ee42a9b48ec4ead02de5cec0003ae

                        Download Submit

                      • C:\Windows\{F25B3779-2823-4fc4-9420-845F5C39F670}.exe
                        Filesize

                        192KB

                        MD5

                        563176542f72ebd170c678825565c820

                        SHA1

                        689f5fd36da71c8e79e69c7dc810b8ce634d0b07

                        SHA256

                        c89c71e30f957c9068906ecb2aba2a11ae556445fcd5b3402a19656b70cb8ba4

                        SHA512

                        edd01bcf8737fe642164be37e5975c1b1833dee99d20bfd61f1ed18a32182f60a63893a29e0174bc3f2ba6d3ed0fd183c39b178e75bf7f6414ba38dbec5998bd

                        Download Submit