Overview

overview

8

Static

static

3

2024-01-10...ye.exe

windows7-x64

8

2024-01-10...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    62s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2024 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-10_9f6a8b3b904d564ef6cd8b11d13ca4dd_goldeneye.exe

  • Size

    380KB

  • MD5

    9f6a8b3b904d564ef6cd8b11d13ca4dd

  • SHA1

    973c72e3c722815ac3d38d9b9d9e719770c1d943

  • SHA256

    bda4a755113cc186c03811e17299f2f0063eb2546ba0a162c3b4c09a6555c1f6

  • SHA512

    bb54c85ecc438e06f269ca70ee8942f35791f8cc5f2f3b937d7f6b896a56bbd5dd9c29e20f7fc519be6511fa1b3ca1c868bc143cbaef8d5e8822b224481fdf97

  • SSDEEP

    3072:mEGh0o/lPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGNl7Oe2MUVg3v2IneKcAEcARy

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 10 IoCs
    persistence
  • Executes dropped EXE 5 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-10_9f6a8b3b904d564ef6cd8b11d13ca4dd_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-10_9f6a8b3b904d564ef6cd8b11d13ca4dd_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3444
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
      2⤵
        PID:4108
      • C:\Windows\{DB1A98C6-35A8-4a62-AD5C-9EDEE21257ED}.exe
        C:\Windows\{DB1A98C6-35A8-4a62-AD5C-9EDEE21257ED}.exe
        2⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4608
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{DB1A9~1.EXE > nul
          3⤵
            PID:2616
          • C:\Windows\{1BCC4582-8097-45c0-B56F-EB01B34569DA}.exe
            C:\Windows\{1BCC4582-8097-45c0-B56F-EB01B34569DA}.exe
            3⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2476
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{1BCC4~1.EXE > nul
              4⤵
                PID:4576
              • C:\Windows\{E4E49A79-6DFA-40c9-AF44-926F36AB3ADE}.exe
                C:\Windows\{E4E49A79-6DFA-40c9-AF44-926F36AB3ADE}.exe
                4⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:232
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{E4E49~1.EXE > nul
                  5⤵
                    PID:3208
                  • C:\Windows\{ECA998F8-699F-493c-BCA8-A83B0736C84D}.exe
                    C:\Windows\{ECA998F8-699F-493c-BCA8-A83B0736C84D}.exe
                    5⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1780
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c del C:\Windows\{ECA99~1.EXE > nul
                      6⤵
                        PID:3120
                      • C:\Windows\{3A6BA486-0737-4ae7-A40E-8ACB7C965A72}.exe
                        C:\Windows\{3A6BA486-0737-4ae7-A40E-8ACB7C965A72}.exe
                        6⤵
                        • Executes dropped EXE
                        PID:3284
                        • C:\Windows\{4AAD5EA6-4520-4a02-A0FB-B6AAFF683DEB}.exe
                          C:\Windows\{4AAD5EA6-4520-4a02-A0FB-B6AAFF683DEB}.exe
                          7⤵
                            PID:4408
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{4AAD5~1.EXE > nul
                              8⤵
                                PID:3884
                              • C:\Windows\{39333866-68A7-4e01-B161-B5774AD39CEA}.exe
                                C:\Windows\{39333866-68A7-4e01-B161-B5774AD39CEA}.exe
                                8⤵
                                  PID:3904
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{39333~1.EXE > nul
                                    9⤵
                                      PID:4248
                                    • C:\Windows\{1ED93830-FAE9-4c4f-800F-C19F90D04BDB}.exe
                                      C:\Windows\{1ED93830-FAE9-4c4f-800F-C19F90D04BDB}.exe
                                      9⤵
                                        PID:1060
                                        • C:\Windows\SysWOW64\cmd.exe
                                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1ED93~1.EXE > nul
                                          10⤵
                                            PID:1040
                                          • C:\Windows\{6818C5FE-8F16-4147-ADB7-D39BC1FEB669}.exe
                                            C:\Windows\{6818C5FE-8F16-4147-ADB7-D39BC1FEB669}.exe
                                            10⤵
                                              PID:2584
                                              • C:\Windows\SysWOW64\cmd.exe
                                                C:\Windows\system32\cmd.exe /c del C:\Windows\{6818C~1.EXE > nul
                                                11⤵
                                                  PID:2696
                                                • C:\Windows\{E57481FC-EE39-4928-B5BC-3711B4716090}.exe
                                                  C:\Windows\{E57481FC-EE39-4928-B5BC-3711B4716090}.exe
                                                  11⤵
                                                    PID:2056
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c del C:\Windows\{E5748~1.EXE > nul
                                                      12⤵
                                                        PID:4432
                                                      • C:\Windows\{816FBADF-AD1D-4e58-9BD9-A26516A9DE64}.exe
                                                        C:\Windows\{816FBADF-AD1D-4e58-9BD9-A26516A9DE64}.exe
                                                        12⤵
                                                          PID:5044
                                              • C:\Windows\SysWOW64\cmd.exe
                                                C:\Windows\system32\cmd.exe /c del C:\Windows\{3A6BA~1.EXE > nul
                                                7⤵
                                                  PID:4144

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads