Overview

overview

8

Static

static

3

2024-01-09...ye.exe

windows7-x64

8

2024-01-09...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_d30e9d727e8c25cd0b4b0ce64144977a_goldeneye.exe

  • Size

    408KB

  • MD5

    d30e9d727e8c25cd0b4b0ce64144977a

  • SHA1

    a5dd3a9dd2ba36fb23b9c4ce01db184965c14662

  • SHA256

    b8ac347b2d8740f39d636c21c9b375a8d0005d22acf9c5263fde62b521017cf4

  • SHA512

    6be0cab6e7d2299ce83b17afad97d5acbe963b2e77bb96c12d01b62937ea7aa3c45f8947ca38f3f79853ae59fd4832e26ec6b85883f8b5f88c244f955df024b0

  • SSDEEP

    3072:CEGh0o9l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEG3ldOe2MUVg3vTeKcAEciTBqr3jy

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_d30e9d727e8c25cd0b4b0ce64144977a_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_d30e9d727e8c25cd0b4b0ce64144977a_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Windows\{366B5511-D5EA-47d5-8FEE-B2B6A8911153}.exe
      C:\Windows\{366B5511-D5EA-47d5-8FEE-B2B6A8911153}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2848
      • C:\Windows\{C7823D6E-46F2-436c-823E-41E6FE6A52D1}.exe
        C:\Windows\{C7823D6E-46F2-436c-823E-41E6FE6A52D1}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2592
        • C:\Windows\{1666886A-946C-459d-85B2-31CD8DF24F97}.exe
          C:\Windows\{1666886A-946C-459d-85B2-31CD8DF24F97}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1204
          • C:\Windows\{56B67979-EC28-498a-98BF-B096FF43F6D1}.exe
            C:\Windows\{56B67979-EC28-498a-98BF-B096FF43F6D1}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2912
            • C:\Windows\{50EB7241-FA31-4218-A0F4-104C1C51F76F}.exe
              C:\Windows\{50EB7241-FA31-4218-A0F4-104C1C51F76F}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2888
              • C:\Windows\{C6A33397-D085-4d47-9A9B-E38D5B91B449}.exe
                C:\Windows\{C6A33397-D085-4d47-9A9B-E38D5B91B449}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2776
                • C:\Windows\{37DB62D6-8039-4404-84A1-C12E85957408}.exe
                  C:\Windows\{37DB62D6-8039-4404-84A1-C12E85957408}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1800
                  • C:\Windows\{3736E6E8-4567-4bea-844F-22B8CCFF6FB6}.exe
                    C:\Windows\{3736E6E8-4567-4bea-844F-22B8CCFF6FB6}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2380
                    • C:\Windows\{470E5D21-E31B-4375-B3E6-C80233FB14B9}.exe
                      C:\Windows\{470E5D21-E31B-4375-B3E6-C80233FB14B9}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2564
                      • C:\Windows\{089A2A3C-DCEE-4f4f-9E7F-DE1B44090909}.exe
                        C:\Windows\{089A2A3C-DCEE-4f4f-9E7F-DE1B44090909}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3068
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{089A2~1.EXE > nul
                          12⤵
                            PID:1136
                          • C:\Windows\{CB9A211D-7C7D-4d8a-9125-54D704177132}.exe
                            C:\Windows\{CB9A211D-7C7D-4d8a-9125-54D704177132}.exe
                            12⤵
                            • Executes dropped EXE
                            PID:2396
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{470E5~1.EXE > nul
                          11⤵
                            PID:2052
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3736E~1.EXE > nul
                          10⤵
                            PID:1716
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{37DB6~1.EXE > nul
                          9⤵
                            PID:456
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C6A33~1.EXE > nul
                          8⤵
                            PID:2796
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{50EB7~1.EXE > nul
                          7⤵
                            PID:1276
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{56B67~1.EXE > nul
                          6⤵
                            PID:2148
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{16668~1.EXE > nul
                          5⤵
                            PID:2980
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C7823~1.EXE > nul
                          4⤵
                            PID:584
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{366B5~1.EXE > nul
                          3⤵
                            PID:2648
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2936

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{089A2A3C-DCEE-4f4f-9E7F-DE1B44090909}.exe
                        Filesize

                        408KB

                        MD5

                        be1951655c023b590e49dc401bb8ea74

                        SHA1

                        f758464f175da917d1c82426049c9c1782492674

                        SHA256

                        7c1dc20cf5f4e38105248201357b6617e338b0ecf6896906f74c98aeae4b5f9f

                        SHA512

                        3e1e895e6011f6c35fdcee29e32a16494bd90356ec123193ed06d15bc4fea5d7cc35b9ea151179ead0fd15c2dd69b47847fefe95f6ccabcc87cb1524226c7ec0

                        Download Submit

                      • C:\Windows\{089A2A3C-DCEE-4f4f-9E7F-DE1B44090909}.exe
                        Filesize

                        240KB

                        MD5

                        1f5fa1e2735aa8781fb8ecd86cb51b33

                        SHA1

                        c3fb84ae0ccff759e9c726d6b3a0ab82d70ae4c9

                        SHA256

                        f66b42ed3f7c2fa330b7e7ecabb9c590e02a8b62d153de00e9e5235c633557f2

                        SHA512

                        d75fa6fe9346cafb4a08f0b936b6eb144ad5027fee659b21a4c855dc3e1fd766d7de96cf5e13b0398da899f69d8694b3cdd23340900b3b1d256f28724a460f64

                        Download Submit

                      • C:\Windows\{1666886A-946C-459d-85B2-31CD8DF24F97}.exe
                        Filesize

                        408KB

                        MD5

                        2c73b4eccbc318adcccfcc100423c933

                        SHA1

                        3303b870c2c4ff2818073c1ab7c8fe65f2f0e08a

                        SHA256

                        7f56a34cb735d6b6a29b6c8f44ee7c897b66ac4025381620f8cc9eddfd1f55fa

                        SHA512

                        2a1cefca509ddb1d17c91432b3fca9e16c93830bb68ac32fa43ac3522ca5fbca606e8e65969b2207add27824d85f594f13004aee71355599cf0c597afccee3bc

                        Download Submit

                      • C:\Windows\{366B5511-D5EA-47d5-8FEE-B2B6A8911153}.exe
                        Filesize

                        384KB

                        MD5

                        cf1df66162bbca329daca0d8393bce3c

                        SHA1

                        d47f878285f7724bf9e64da168c8d6b00a73b6a5

                        SHA256

                        3a976bd52b46c74977e0b8be1d7002eedca6c591a5b9acac34f2ed2105b47564

                        SHA512

                        356bd965cc8508c52626b15771d39b216406b7c3b0dc193a88214ecbab2b7940bb852d006cdb8c0932e422c4e059ee0aed0bad7c090a60a3307e04a8143fcf85

                        Download Submit

                      • C:\Windows\{366B5511-D5EA-47d5-8FEE-B2B6A8911153}.exe
                        Filesize

                        294KB

                        MD5

                        d0cfe295c58e71a9f7cf37c83899eb5e

                        SHA1

                        84b33de41ad1bc255da3b8b02052af347feefa9f

                        SHA256

                        21b6e78d44760a0282c219692d87a7c06513319d2a29fb4043d8be7769949006

                        SHA512

                        a6fe1a4603a920bd088e1799fae343b55b6e7e7e729a47c14137a586199742e455239f70a63d3b42eaf24b989e1180d0740aa1e92b78fb2f623ba29da14e4269

                        Download Submit

                      • C:\Windows\{366B5511-D5EA-47d5-8FEE-B2B6A8911153}.exe
                        Filesize

                        408KB

                        MD5

                        295089cbbbef159a5b24691d139264b9

                        SHA1

                        7fba4344b295217e559ff9a198308ca9b3063962

                        SHA256

                        9aad03c8333b793796a142b9fafd24a23680122f97810f8ae5768f0da3031186

                        SHA512

                        016d64a9ec14d79ac72f485a6796d980a0521bd20cc729e95ab5b921ac55ba3cd7f7af264e35d6dea09ecdbf8d7ac18cfc2ddcae8450922971e6bba41a308de1

                        Download Submit

                      • C:\Windows\{3736E6E8-4567-4bea-844F-22B8CCFF6FB6}.exe
                        Filesize

                        408KB

                        MD5

                        6a0f94bd35129bfdc89564890640a2bf

                        SHA1

                        b08f9eda053c827a8babf09b2e3f033b20b1b57f

                        SHA256

                        247827ba668d9b391f2f8d1c3981060c027b9a5c01d79af0637ba554f360e3fd

                        SHA512

                        69c8bb71339f98000e4df038944077c4f77544d7e601f84cd28848e4bb80cd653e5bf9cfa533ac35c42c9a55cd5f59a813cc25b391f765d3e3910fc8e1bda059

                        Download Submit

                      • C:\Windows\{37DB62D6-8039-4404-84A1-C12E85957408}.exe
                        Filesize

                        408KB

                        MD5

                        4b62126ad78cc51048a347d2b5b039b1

                        SHA1

                        2b4ad5d33316a0973a0c29c6bf64b010d9f164c3

                        SHA256

                        8a44f358f2fe96036dbceee4c0e867df62fcb8838ae2c4f5decc7234287b64e8

                        SHA512

                        507bcb77b7df53e3c9e87c4f6f064d067e7fcd1a25aa233129fc9850c383fcf16d087554c84932f6096be8edf2bc22e9c40d039bca3b7bb5308a9f8da77e5608

                        Download Submit

                      • C:\Windows\{470E5D21-E31B-4375-B3E6-C80233FB14B9}.exe
                        Filesize

                        408KB

                        MD5

                        3a92381a8b405af70e0c1428c3e071a2

                        SHA1

                        d24856740472873f79ac225e511a7eaaccdd2650

                        SHA256

                        8f686b3fdbe4ebf6751ad5cf4a8df2785ff68b15dd3cf65dc3fad209f03ed4ae

                        SHA512

                        4f88795a35bd831c4e8bb6c1af36df8b5190fbfc06d54423f109431e00249d82e0fe340b48a80ba48ac8e5477ad48ec622d9ad36b891d98a039c2b8c4f3a0dcb

                        Download Submit

                      • C:\Windows\{50EB7241-FA31-4218-A0F4-104C1C51F76F}.exe
                        Filesize

                        408KB

                        MD5

                        bf2852cd2be13cdc4ec96b5a8a10aeaf

                        SHA1

                        d67fb2ab3f13e6ade7c85950e67d7ceb1d7c171d

                        SHA256

                        12177229180ad897fa72231c086f3185c979fe345b3848e4fa7162be97a8566c

                        SHA512

                        b836887fe6c34e57121d4025d8812148c7a1cdc10feb80644f4d2879719197b51a2741700ed9c78015392e6ec20f7c74204547ba3d33825a06a684432ffdcec7

                        Download Submit

                      • C:\Windows\{56B67979-EC28-498a-98BF-B096FF43F6D1}.exe
                        Filesize

                        408KB

                        MD5

                        be17e1842f94dcd3d14b3671201a346e

                        SHA1

                        17a0f91b3ec7f609f977fe043deabd78c898589e

                        SHA256

                        c75d9b345fbcbd30246728fab69ef4d1324e3e10014037c148ea82517952f727

                        SHA512

                        206c5f4048fbeca2ed767bfc64a15a0ab27ed61ae34cc52398ad64f69d3099b39cf35dc5f8da27e7dbbfd7cd0abe27165c8b4fa2b8ac6ccab48ef69ef2a975e2

                        Download Submit

                      • C:\Windows\{C6A33397-D085-4d47-9A9B-E38D5B91B449}.exe
                        Filesize

                        408KB

                        MD5

                        26da470ed0cdc04cbff58848944398a4

                        SHA1

                        45af87837483cc285ef8c547eaa4439cfc203d1b

                        SHA256

                        238a10c9ebd65b96870ec01f1d0fb67b434e79d98e74a037e9a616e2c9b0625d

                        SHA512

                        4a9d8e874082e5aadda99040e13174e0dcb9536ace62e8192123f60798008f77d17d1809404cf06bcd101a749c36c745c6821a4e242ab9b8e2d868515acb78d1

                        Download Submit

                      • C:\Windows\{C7823D6E-46F2-436c-823E-41E6FE6A52D1}.exe
                        Filesize

                        408KB

                        MD5

                        739531c4e642332b91a883a9d3e2d6e1

                        SHA1

                        a23f05561daa4979e96a1ecff845ccce1b4caeac

                        SHA256

                        1cbfd2cddc2b5db33b0eb057ee07b681666925c86b6da57ed02706074ced9433

                        SHA512

                        84b9d541d36034422ed7d63f071aaa0be689ac6604868b3b94664380c6dbd0720cdc6e683af18d4f9204ece5173912fc7c91bfe87f1e7b3feb5903b5d7dd7f37

                        Download Submit

                      • C:\Windows\{CB9A211D-7C7D-4d8a-9125-54D704177132}.exe
                        Filesize

                        172KB

                        MD5

                        b81cee1aeebb88cc70644d5ba0a199d3

                        SHA1

                        5a31f508e4651192f5daba6e7f98cef7cef4a24b

                        SHA256

                        c067c0595f5207ac84a35ff758469999f39c836ee999126c49c584e6fd4b2bc4

                        SHA512

                        f79cc05d753d6ee68016dca1463dacd9aafd09d6523e730538b32d2af7447fd15ccd5fd94198cd1b0cbe01bbeacaa86302840d1309685bc352f86e245d73a334

                        Download Submit