Overview

overview

8

Static

static

3

2024-01-08...ye.exe

windows7-x64

8

2024-01-08...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    63s
  • max time network
    80s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 06:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_7ca8f6856853c54a4f751d760a78cabe_goldeneye.exe

  • Size

    168KB

  • MD5

    7ca8f6856853c54a4f751d760a78cabe

  • SHA1

    2f21e6f3c492c07aac5c3f7a537fdd2c8ee89690

  • SHA256

    004771383e5aa8a23891f40d671b3a7770ed74bb0fa6c15b341cebcb2213809f

  • SHA512

    146a722bc02a50c06194b6359b8ad8fe62dc4fec7284de54c5613993079d2447376c0f69500db239324a284acaf2763ea89f82430d3e60c5925e363c6613d72d

  • SSDEEP

    1536:1EGh0oOlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oOlqOPOe2MUVg3Ve+rX

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 10 IoCs
    persistence
  • Executes dropped EXE 5 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_7ca8f6856853c54a4f751d760a78cabe_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_7ca8f6856853c54a4f751d760a78cabe_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
      2⤵
        PID:4644
      • C:\Windows\{3BE7FEE3-970C-4998-9740-AFDC35DB689E}.exe
        C:\Windows\{3BE7FEE3-970C-4998-9740-AFDC35DB689E}.exe
        2⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4020
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{3BE7F~1.EXE > nul
          3⤵
            PID:4884
          • C:\Windows\{3E220AF1-AA87-4c2d-A9B4-DA6D82EB295A}.exe
            C:\Windows\{3E220AF1-AA87-4c2d-A9B4-DA6D82EB295A}.exe
            3⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2448
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{3E220~1.EXE > nul
              4⤵
                PID:4508
              • C:\Windows\{34499C00-A8B8-40b1-A33A-38CF71E7285A}.exe
                C:\Windows\{34499C00-A8B8-40b1-A33A-38CF71E7285A}.exe
                4⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:5336
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{34499~1.EXE > nul
                  5⤵
                    PID:5920
                  • C:\Windows\{9495F0DF-94B6-4c66-A2EF-7922C7DF7FA3}.exe
                    C:\Windows\{9495F0DF-94B6-4c66-A2EF-7922C7DF7FA3}.exe
                    5⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1632
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c del C:\Windows\{9495F~1.EXE > nul
                      6⤵
                        PID:5580
                      • C:\Windows\{911C261F-BBF7-44e5-88A9-253DE22E28B0}.exe
                        C:\Windows\{911C261F-BBF7-44e5-88A9-253DE22E28B0}.exe
                        6⤵
                        • Executes dropped EXE
                        PID:768
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{911C2~1.EXE > nul
                          7⤵
                            PID:4844
                          • C:\Windows\{09FBFD29-2D9E-4472-9880-3CC71C93C53D}.exe
                            C:\Windows\{09FBFD29-2D9E-4472-9880-3CC71C93C53D}.exe
                            7⤵
                              PID:5404
                              • C:\Windows\{0B89059B-E88C-45e8-B277-34CA3B2E5F05}.exe
                                C:\Windows\{0B89059B-E88C-45e8-B277-34CA3B2E5F05}.exe
                                8⤵
                                  PID:5648
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{0B890~1.EXE > nul
                                    9⤵
                                      PID:5672
                                    • C:\Windows\{CDE3A081-C35A-4050-A27C-D7E60876923C}.exe
                                      C:\Windows\{CDE3A081-C35A-4050-A27C-D7E60876923C}.exe
                                      9⤵
                                        PID:860
                                        • C:\Windows\SysWOW64\cmd.exe
                                          C:\Windows\system32\cmd.exe /c del C:\Windows\{CDE3A~1.EXE > nul
                                          10⤵
                                            PID:6060
                                          • C:\Windows\{0C1224DB-67F0-49bf-A351-2EC92020810D}.exe
                                            C:\Windows\{0C1224DB-67F0-49bf-A351-2EC92020810D}.exe
                                            10⤵
                                              PID:2960
                                              • C:\Windows\SysWOW64\cmd.exe
                                                C:\Windows\system32\cmd.exe /c del C:\Windows\{0C122~1.EXE > nul
                                                11⤵
                                                  PID:5140
                                                • C:\Windows\{DC4F37CB-1466-4c5c-B889-255322024E63}.exe
                                                  C:\Windows\{DC4F37CB-1466-4c5c-B889-255322024E63}.exe
                                                  11⤵
                                                    PID:3308
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c del C:\Windows\{DC4F3~1.EXE > nul
                                                      12⤵
                                                        PID:2028
                                                      • C:\Windows\{E8384FF0-3BC4-4f67-97FD-742E6F180FB7}.exe
                                                        C:\Windows\{E8384FF0-3BC4-4f67-97FD-742E6F180FB7}.exe
                                                        12⤵
                                                          PID:5564
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{09FBF~1.EXE > nul
                                                  8⤵
                                                    PID:2220

                                    Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Windows\{0C1224DB-67F0-49bf-A351-2EC92020810D}.exe
                                            Filesize

                                            168KB

                                            MD5

                                            75a40410191547e2b2ae9366e667905c

                                            SHA1

                                            5f181ce8847be38d02f06d3f222f907d3dfdc4b7

                                            SHA256

                                            ce8f69f58e90e7b15ba451ec7c3b1dad00bb84b0eae6025c741da7f7cff67604

                                            SHA512

                                            fe5f601d435ff0b73f99047de95ae227f9f74facf3518f12fe669b5212e482cc40b9876263dca687cbf16794038f1fbd2db98c319882ba9f8b894bbd05ce4094

                                            Download Submit

                                          • C:\Windows\{34499C00-A8B8-40b1-A33A-38CF71E7285A}.exe
                                            Filesize

                                            92KB

                                            MD5

                                            fab7b7176fad4b1368d68c2277cddcf4

                                            SHA1

                                            c7753d5a126cbdcca6b6d689823f4e5a0bf312d9

                                            SHA256

                                            fb800582bfbeeb53b1d32fadca82587d4991bfb850a17a1e1677eab2b7d19a6f

                                            SHA512

                                            cb5b4c8fd3beed76c1e3f28ed7e03749c4bb951179d66171abcd0ab55745766bfa59eb3ba9e93184219661d5e01c49615c25da54241e02da9f8647d1e67f7ca9

                                            Download Submit

                                          • C:\Windows\{34499C00-A8B8-40b1-A33A-38CF71E7285A}.exe
                                            Filesize

                                            93KB

                                            MD5

                                            aa93cd2fd1496d4e1834308202e17c0f

                                            SHA1

                                            3fe7489de4eb0e5434b880d616b317862c5b7a4b

                                            SHA256

                                            eff429b82fbe33b0e4af2023e1ebba09e567047846e54b43b3a942a3b450a157

                                            SHA512

                                            2a3f3080dfeb2ee1403e8e27d37cf88b1ed243da5fa35ccdfa0f34913f6e8b0cf31a9f1355719d4ecf2d58e0fa6db8a7ee86ccaf3571e5a6008bd96a618e3212

                                            Download Submit

                                          • C:\Windows\{34499C00-A8B8-40b1-A33A-38CF71E7285A}.exe
                                            Filesize

                                            42KB

                                            MD5

                                            39943667b54cd16f075026cfa4faeb89

                                            SHA1

                                            8d627fa3d5f38288349339e996e5852d8fb2a1d4

                                            SHA256

                                            98e048549bfddf3be6c6e00e4fccc9878fb6c02142ecdc988f179837ad3b58fb

                                            SHA512

                                            df49271d95298ffff081dc52c60a9f85449863939122b89c5e7b9d25c79354d04da87ee82ca31c5a260d2817c26e6665c652db5fff5a2a70d14ad269f0123fbf

                                            Download Submit

                                          • C:\Windows\{3E220AF1-AA87-4c2d-A9B4-DA6D82EB295A}.exe
                                            Filesize

                                            51KB

                                            MD5

                                            c3e625fc55c3b9d9a26cbcd3b41335b7

                                            SHA1

                                            cc2368879b81016802988f2c8e4e605679419f9b

                                            SHA256

                                            9d17554500b9ebcb33e94e80e15e3e00d8e1be036c803eb8f413f50bbfe3dee3

                                            SHA512

                                            379088913e09dbbc3404bb9768b2818da83a80a85b1325869ce9c70e7e4cea61df93bdad0e107bbedd9819235fc444206a46d26a1fa8fb0e70716a492002c29a

                                            Download Submit

                                          • C:\Windows\{3E220AF1-AA87-4c2d-A9B4-DA6D82EB295A}.exe
                                            Filesize

                                            168KB

                                            MD5

                                            61396edd1fef5f56061acae7999e3c9f

                                            SHA1

                                            f5fd94aaa2b9f3ffc6e1eba821f4765294587617

                                            SHA256

                                            a8f0d7c7703526030bb7b416145b055863f8bc6729b8679a6d78fe953bbde5bb

                                            SHA512

                                            bd52c2d44577ad6f4d8e356fff1be3f1ce4c1a916f7321a05efb8d9fdc4d168bc48d81ef1aacfa17d8b2e93c2d3f3d654893b176821fbad86651ff043aa08a74

                                            Download Submit