Overview

overview

8

Static

static

3

2024-01-10...ye.exe

windows7-x64

8

2024-01-10...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    165s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 05:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-10_9a8db8cb6a7c4f0eddecc793ed8fb884_goldeneye.exe

  • Size

    380KB

  • MD5

    9a8db8cb6a7c4f0eddecc793ed8fb884

  • SHA1

    994259aeabc55f0aba582eceadcb6341eb3b04c3

  • SHA256

    9a45b9cd93dde74aa5457d1e9ca10acb35ef64687f386b3f28d6190741b4728a

  • SHA512

    886546cef190bdcc64a62992eed73cc66edc6a19ac7e2e5f53f242fca9d3080c85a12e436bacc459d39de31396c928249ca6559b55e2d89cb04b2dc64f9464fd

  • SSDEEP

    3072:mEGh0o8lPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEG6l7Oe2MUVg3v2IneKcAEcARy

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 14 IoCs
    persistence
  • Executes dropped EXE 7 IoCs
  • Drops file in Windows directory 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-10_9a8db8cb6a7c4f0eddecc793ed8fb884_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-10_9a8db8cb6a7c4f0eddecc793ed8fb884_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4272
    • C:\Windows\{7BAA1EB5-B4A7-4425-9C27-91A72D8EBE2F}.exe
      C:\Windows\{7BAA1EB5-B4A7-4425-9C27-91A72D8EBE2F}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:852
      • C:\Windows\{2FFF9D5E-7AB8-429f-8437-AEE76344182B}.exe
        C:\Windows\{2FFF9D5E-7AB8-429f-8437-AEE76344182B}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4240
        • C:\Windows\{7676BB1B-A85F-4d0e-BBB0-696612F38EA0}.exe
          C:\Windows\{7676BB1B-A85F-4d0e-BBB0-696612F38EA0}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:764
          • C:\Windows\{3B3DAFBE-B562-441c-B72B-A01ADE7A6337}.exe
            C:\Windows\{3B3DAFBE-B562-441c-B72B-A01ADE7A6337}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1884
            • C:\Windows\{FE97CC0E-0DB6-4b4f-A3C6-FFB16D927F18}.exe
              C:\Windows\{FE97CC0E-0DB6-4b4f-A3C6-FFB16D927F18}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4768
              • C:\Windows\{16328AA9-A5DD-4a84-BFC5-0B2F011BB789}.exe
                C:\Windows\{16328AA9-A5DD-4a84-BFC5-0B2F011BB789}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4368
                • C:\Windows\{22F47061-E88F-4a71-A4F8-B2C8F9EF4243}.exe
                  C:\Windows\{22F47061-E88F-4a71-A4F8-B2C8F9EF4243}.exe
                  8⤵
                  • Executes dropped EXE
                  PID:2672
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{16328~1.EXE > nul
                  8⤵
                    PID:1736
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{FE97C~1.EXE > nul
                  7⤵
                    PID:2588
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{3B3DA~1.EXE > nul
                  6⤵
                    PID:4828
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{7676B~1.EXE > nul
                  5⤵
                    PID:2724
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{2FFF9~1.EXE > nul
                  4⤵
                    PID:1292
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{7BAA1~1.EXE > nul
                  3⤵
                    PID:4276
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                  2⤵
                    PID:2584

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{16328AA9-A5DD-4a84-BFC5-0B2F011BB789}.exe
                        Filesize

                        320KB

                        MD5

                        6cd2d58634a53b00e222764a624d6093

                        SHA1

                        3628ceee0d9968c4f05c9e6a660c52d36e250682

                        SHA256

                        bde47cfe67057e7280deec8efdbf3f1406e6322989cb2cb370b450beebf26c66

                        SHA512

                        f20efd4d8aca8ca6fd754cffc063101fb2d9fd0245dde9b4501f570b4f610981bec097c405f3688612d039b9c080d87314fcdef8212de938b5cf043fb6da964f

                        Download Submit

                      • C:\Windows\{16328AA9-A5DD-4a84-BFC5-0B2F011BB789}.exe
                        Filesize

                        380KB

                        MD5

                        1332659dd54bd3b5326b0f3d66dbc813

                        SHA1

                        edb6e82c1a4e27dfe9467aee464377cd7ad89529

                        SHA256

                        0ab37d1181f40372591951a5829cd27f76ff9de1e3e778bb643457b3b41cb235

                        SHA512

                        0153cce61d8f3fa77827b5c0e8a985ad64f995327b8780a8020b562beeea326508c3e3706e895005ce003efaca1ba32b4f730b3fe3be0d021668b9fa5607fa9d

                        Download Submit

                      • C:\Windows\{22F47061-E88F-4a71-A4F8-B2C8F9EF4243}.exe
                        Filesize

                        380KB

                        MD5

                        7802e330cf44c2fe604d67ea4ba1f50b

                        SHA1

                        ca0fee449157ba67b5cab6f9a53bcf2dd4a5c088

                        SHA256

                        966ea823d4ccb1ad676dbd8dde7a82079bb1620bf0beb630105b813af0992705

                        SHA512

                        1de3b1d718fff619e3d94183776a941791369357bb4d49d2850be96d5f6d44eb9b260b1e9bc975bf680a6479411463025775909abf65973205b32ab920df52db

                        Download Submit

                      • C:\Windows\{2FFF9D5E-7AB8-429f-8437-AEE76344182B}.exe
                        Filesize

                        380KB

                        MD5

                        91af7525937a9990291f3482f7469f2b

                        SHA1

                        81ea34bb813a7da17262b2c5aab54b2af2cfe495

                        SHA256

                        ae59401d1c1630b96e61bef32edea35266167050d1db956020b40dd01d04137e

                        SHA512

                        4d8181dbd2c33bf8013ea59ad69ffce3121c3ce0f033c81ff5a10653278d217a38798e146590e34e5f11dc5268f3d9cb1d626fdd46c14605be0d687d40b75a18

                        Download Submit

                      • C:\Windows\{3B3DAFBE-B562-441c-B72B-A01ADE7A6337}.exe
                        Filesize

                        380KB

                        MD5

                        79fd6490d012a974faaecb4ac2b57b95

                        SHA1

                        8b8424ef53a10976e2f7aae87e422cb0d1f81681

                        SHA256

                        8ad024d79823a6395d53b85035de9e137aba6ede89b5b7b72e91e5208ac96700

                        SHA512

                        e360aab0240ee61cec455643f8357b50f33039bbd9084cab657080af6363531985e0c66f995d81eaf730ae07f5452a4c2c9a6906e56049e28ad8622667c36ef1

                        Download Submit

                      • C:\Windows\{7676BB1B-A85F-4d0e-BBB0-696612F38EA0}.exe
                        Filesize

                        380KB

                        MD5

                        333634ff60214ce418476b164b518fab

                        SHA1

                        a0088a9d3a26a74bb6ad2a83e3a2a312ca8749f5

                        SHA256

                        75faf022b21e6edc132b322db3072495e3251a00b587a86faee12409c2e21c5d

                        SHA512

                        2229563ffdd8309942304de970042396146d0b724e9713b5eaca2ea55558ab2ffb7554bb2143468162cd47c7389d8f6ba4dcd7a68afca9bf17ec34af7fc842d7

                        Download Submit

                      • C:\Windows\{7BAA1EB5-B4A7-4425-9C27-91A72D8EBE2F}.exe
                        Filesize

                        380KB

                        MD5

                        7b0e59fea7f526e80a5224ae8360adc8

                        SHA1

                        e5a332a7e2963bb9c9c86cd879493b60ae618592

                        SHA256

                        2d30ce8e54688f3cdc4cff08da459d6a302b896be68614c8feffd8c346beb492

                        SHA512

                        db10f5883eaea2f60fcdb44981ddd7a34ae05f25730d9a6e3dbb149c10b65555086776ed252becce94e88f86c467eacf1286a7d163b40d1fe588919cbcd5b119

                        Download Submit

                      • C:\Windows\{FE97CC0E-0DB6-4b4f-A3C6-FFB16D927F18}.exe
                        Filesize

                        380KB

                        MD5

                        0ab1a9c12f929b5ba6d0ddc91945132d

                        SHA1

                        c78a230bbe854c5ade46efba4518085a4c0dbb0f

                        SHA256

                        d9a71fe4292fedd5c8d2704c5a95f716c336f3a558209195c6bb1b87672f05a8

                        SHA512

                        b96c7405b2956f0770f3e488d34c7c1d4bf373afb556fbdf8b97fa468460b5842087be521ef18c585dfcde56d0d36b3d128457cb2ea690a76feec99e3d22df36

                        Download Submit