Overview

overview

8

Static

static

3

2024-01-11...ye.exe

windows7-x64

8

2024-01-11...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_dd816c40ab071fe0b14936c3bf686693_goldeneye.exe

  • Size

    408KB

  • MD5

    dd816c40ab071fe0b14936c3bf686693

  • SHA1

    a37e43f7b5a4e1b7c60c6513eba806bb0c386690

  • SHA256

    1c38a40040616f37e5e4110b97c39f499153a8df9b287ee5ed76fb253fb8c4bf

  • SHA512

    9286dac0d146a115a33a8e26d11baa83df139213cd4fc208f06292ddd8cc5be69749de4092f7b48074460e30295e135daa3460481270643298c9174ee61ce157

  • SSDEEP

    3072:CEGh0oIl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGCldOe2MUVg3vTeKcAEciTBqr3jy

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_dd816c40ab071fe0b14936c3bf686693_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_dd816c40ab071fe0b14936c3bf686693_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3520
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
      2⤵
        PID:1508
      • C:\Windows\{12A198D1-54AC-4a78-B2BC-CBE993CDD241}.exe
        C:\Windows\{12A198D1-54AC-4a78-B2BC-CBE993CDD241}.exe
        2⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1452
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{12A19~1.EXE > nul
          3⤵
            PID:3100
          • C:\Windows\{FD90139F-0482-430f-A773-EBDF2363BE50}.exe
            C:\Windows\{FD90139F-0482-430f-A773-EBDF2363BE50}.exe
            3⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2568
            • C:\Windows\{A633A3FB-00C2-48b0-A257-AB54C71CAFE5}.exe
              C:\Windows\{A633A3FB-00C2-48b0-A257-AB54C71CAFE5}.exe
              4⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4556
              • C:\Windows\{9F500A2C-E371-40f5-97B1-7E873A106022}.exe
                C:\Windows\{9F500A2C-E371-40f5-97B1-7E873A106022}.exe
                5⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3344
                • C:\Windows\{87F890C4-ED77-4bc3-8145-95EBB0E8ECF0}.exe
                  C:\Windows\{87F890C4-ED77-4bc3-8145-95EBB0E8ECF0}.exe
                  6⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:3552
                  • C:\Windows\{E7258240-DB44-41de-AFF7-7399C0D94757}.exe
                    C:\Windows\{E7258240-DB44-41de-AFF7-7399C0D94757}.exe
                    7⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:5112
                    • C:\Windows\{7D97EB09-359C-48e5-9BD3-B987E2409143}.exe
                      C:\Windows\{7D97EB09-359C-48e5-9BD3-B987E2409143}.exe
                      8⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4528
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{7D97E~1.EXE > nul
                        9⤵
                          PID:4428
                        • C:\Windows\{2C2B277F-CB37-4aa4-8B0A-D2BF0B513C72}.exe
                          C:\Windows\{2C2B277F-CB37-4aa4-8B0A-D2BF0B513C72}.exe
                          9⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:1296
                          • C:\Windows\{FB029E33-0B21-4b8b-88AF-87E76EC8FED6}.exe
                            C:\Windows\{FB029E33-0B21-4b8b-88AF-87E76EC8FED6}.exe
                            10⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:3764
                            • C:\Windows\{F62C7921-BB5B-44eb-BC05-3C75164AB90E}.exe
                              C:\Windows\{F62C7921-BB5B-44eb-BC05-3C75164AB90E}.exe
                              11⤵
                              • Modifies Installed Components in the registry
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of WriteProcessMemory
                              PID:4876
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{F62C7~1.EXE > nul
                                12⤵
                                  PID:3956
                                • C:\Windows\{FD5183C4-EA8F-4b51-892B-8BBAB3DCC46B}.exe
                                  C:\Windows\{FD5183C4-EA8F-4b51-892B-8BBAB3DCC46B}.exe
                                  12⤵
                                  • Modifies Installed Components in the registry
                                  • Executes dropped EXE
                                  • Drops file in Windows directory
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:2808
                                  • C:\Windows\{C217AF59-3A8D-43bd-833B-357126025A75}.exe
                                    C:\Windows\{C217AF59-3A8D-43bd-833B-357126025A75}.exe
                                    13⤵
                                    • Executes dropped EXE
                                    PID:3920
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{FD518~1.EXE > nul
                                    13⤵
                                      PID:4604
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{FB029~1.EXE > nul
                                  11⤵
                                    PID:2972
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{2C2B2~1.EXE > nul
                                  10⤵
                                    PID:4656
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{E7258~1.EXE > nul
                                8⤵
                                  PID:4948
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{87F89~1.EXE > nul
                                7⤵
                                  PID:1128
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{9F500~1.EXE > nul
                                6⤵
                                  PID:2272
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{A633A~1.EXE > nul
                                5⤵
                                  PID:4824
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{FD901~1.EXE > nul
                                4⤵
                                  PID:488

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{12A198D1-54AC-4a78-B2BC-CBE993CDD241}.exe
                            Filesize

                            408KB

                            MD5

                            e64ae9eefd1b952044fa8f9b58fae1f2

                            SHA1

                            fc6dd6e7b954cd57c9470fbf20f7a1556656ac1a

                            SHA256

                            99b09aac1872d1b1d9d78ff52b99be5f3d4536aadd4e5d0877689a37e80c42b7

                            SHA512

                            54e883bf21b12cf6d6029364b35cf8cfa87533882dc3c8a23933bc908e269513b517b54aff05807573a5bcfe4883cf2634f801e17e8ae90ebb9a36e182e0cde1

                            Download Submit

                          • C:\Windows\{2C2B277F-CB37-4aa4-8B0A-D2BF0B513C72}.exe
                            Filesize

                            408KB

                            MD5

                            88df1f6fc8c06edd6735019487f82f90

                            SHA1

                            d55ca07ae5c6ad3bdb7cca50b4b325177be5c7f4

                            SHA256

                            0b7ab87723c56dacbda653a58030e5803d7ec1617b5e3ad57b0bb6aed0544eb4

                            SHA512

                            c8a6f08af601a11da21e34a014ed2d600b5fedc899f301475af9120fdb4b83e0f969e92e5d8d54d1e47237bcdd74b09120b244996a95a0cbfe71cf4a327ca849

                            Download Submit

                          • C:\Windows\{7D97EB09-359C-48e5-9BD3-B987E2409143}.exe
                            Filesize

                            408KB

                            MD5

                            d902bc31dc13f17d98a876cc72463193

                            SHA1

                            a2aa098f7592596fc83b36e43e6578e97d34fa8a

                            SHA256

                            b918845ad72a6933ef798dd42e1c51e9d22efa95ee7c561080f5ec1ff38a2766

                            SHA512

                            5f2b02b16aa606c4510c52de9f3f2f4550005534675bba285e7158173fcc0c980160786b70c9549bd8dc520ed2012cf868692d51979bcbb016c61c383c16ac56

                            Download Submit

                          • C:\Windows\{87F890C4-ED77-4bc3-8145-95EBB0E8ECF0}.exe
                            Filesize

                            408KB

                            MD5

                            28d72209c7218a019f1bfd31696269d7

                            SHA1

                            6db35c6254fd379dbb5a9638010c91a16fa98501

                            SHA256

                            3a7f06f6388544aa3a185877989feb2a198f09d6ee491b28244e364fad45c9df

                            SHA512

                            b70d98e8c49cc59c7111811a672a4c00dc3ffb2104b5a22ef9a1919e3720231eb867d33390890642f1ede5825d705e054315a13a79cf298353ea43dab72c9d49

                            Download Submit

                          • C:\Windows\{9F500A2C-E371-40f5-97B1-7E873A106022}.exe
                            Filesize

                            408KB

                            MD5

                            64099f9420359ae3899c67ce98478319

                            SHA1

                            535a60818325b624a2d47c128c1a9ea2c33bc258

                            SHA256

                            92ca4dc7bac5111d455d73f80a61d259a401a9e38f8b32b1e9129593032210d9

                            SHA512

                            a6a861bbd4a56053ec0b7762c39a11f0a3f0497a800d4677181590c357340aa74580117b24c02c89d7d5a5f133cca5944308fa7bbaeac3a224153836a95f4cb5

                            Download Submit

                          • C:\Windows\{A633A3FB-00C2-48b0-A257-AB54C71CAFE5}.exe
                            Filesize

                            408KB

                            MD5

                            863cccd552352063de5dd7902a11b396

                            SHA1

                            4fa886dcee50858651cc978f2455b13d4f731215

                            SHA256

                            3e2fa15c2df8ad15079e198e3bb062f40844f145f8cbe2d026928387f4d24278

                            SHA512

                            aa575468554b2dbbedb4e6c87b19021f8c962d85f999868cb01693c20d3220e233acc984932f0f8ff7f28ff08846e98a69f7201e567c204a05a9a6400b1b3a88

                            Download Submit

                          • C:\Windows\{C217AF59-3A8D-43bd-833B-357126025A75}.exe
                            Filesize

                            192KB

                            MD5

                            b2ec24c0a51bd3457cac0972c90b7928

                            SHA1

                            8ff6f823a9b7773144ed7047bda049322c8597d1

                            SHA256

                            3e12d7f51e32b4a48b5e4aa501648d9aee3b5da74cb83c6e8dd1da7e4b2f4931

                            SHA512

                            b3de0a30d74a33231ca4a1e3b37922fcad93d552b6c9a980c6b7c8dddbc64038c3a59299f796baaa08248dd73a1d2f26a44b1ab1ae2c5bdc97bda16a1a59ac4f

                            Download Submit

                          • C:\Windows\{C217AF59-3A8D-43bd-833B-357126025A75}.exe
                            Filesize

                            288KB

                            MD5

                            d6775195d4b9d02bc5456fa3d4f6e97e

                            SHA1

                            c196b4edd906de36eed6fd9152f4911c17886f3b

                            SHA256

                            c10b19e0b3b4da305128f2e52d705e0fa796a5dfc4e2a0e162a881e3faa72bf7

                            SHA512

                            3e22b9515a5a73c8995a8097dbf38146b096bc8ccd6200322d21321c05151d9e70d7b2608b0db68d0eaf9c9d2be4f8d89a4f5dc46129c8567928bf6553b55fba

                            Download Submit

                          • C:\Windows\{E7258240-DB44-41de-AFF7-7399C0D94757}.exe
                            Filesize

                            365KB

                            MD5

                            de8d9c579810e2b10fb8ec7e4c3fdff0

                            SHA1

                            527bff95de1748866eec9b651b42b307b9d2a0bf

                            SHA256

                            2a91e657209d5474f0edd2a36cc1a914c4de610e985e48b84f3258c32f2bee09

                            SHA512

                            9b64c94c00689bcdf98579ce32572247812bd9b86952824a1d7428482538cb61e0ef9f16dcc1a1866e856ff8717211ccfb318215b98cac815536843fca41364e

                            Download Submit

                          • C:\Windows\{E7258240-DB44-41de-AFF7-7399C0D94757}.exe
                            Filesize

                            339KB

                            MD5

                            010970f3e394c1653059d1b15010a344

                            SHA1

                            b3c640acef19c8a5542ffde790db5fade6fea38c

                            SHA256

                            80b8a2684fb40d47fda10914bbea90f6d8304b4da2b0c7b1e76c7a8d596a928c

                            SHA512

                            ec5bd0a2feb52528be952be3288fd354eb8216abb882c6bbfe013e9b5f3f5a4d1fccbf4179ff9b109fea34be78f38bea00c58cd1a596dba41daf7b750cc1ad5d

                            Download Submit

                          • C:\Windows\{F62C7921-BB5B-44eb-BC05-3C75164AB90E}.exe
                            Filesize

                            408KB

                            MD5

                            2dc4d5baa7652f793d04ca89879bef3f

                            SHA1

                            ea84db4ed1abeaaea8efbee923b6426527ba1135

                            SHA256

                            4b2aa3592c19c1bcbd736dd00929ec073382dbc35cb3a1afb461ef0dbd609121

                            SHA512

                            cf63e82c21e87e9bb0492ab7f72046201e72cd61b9b8e3e851b5a76f6ca7ecb150ac6c682fffa57c70849d4d15a4671075f725ae58bc2a3326a5301f219299f3

                            Download Submit

                          • C:\Windows\{FB029E33-0B21-4b8b-88AF-87E76EC8FED6}.exe
                            Filesize

                            408KB

                            MD5

                            0d7f47a7f49faca1fa69e96db082cabf

                            SHA1

                            42fb26bf1e2947ab4745018cfe9e5172e870fcf5

                            SHA256

                            2684d4c1ecfa49d610513199d608611bf4c884a58c319887cb59aff79ff57221

                            SHA512

                            64aef7e43bedecb66fefbddaf9aa04dc91dd7753a5e3ffb5a79d84b85cf9666f4a991c3eb35e50b2de45477286fe0aad5a2ab9d528f33171f1b328422b36de0d

                            Download Submit

                          • C:\Windows\{FD5183C4-EA8F-4b51-892B-8BBAB3DCC46B}.exe
                            Filesize

                            408KB

                            MD5

                            47223399414529dada1a9716a3a10552

                            SHA1

                            6dbe54781e088d7875298e64a0fcfee96db27b33

                            SHA256

                            bbc37d1969626aaa9afed761f4baa3071b2614607e49c69413557249766d0d84

                            SHA512

                            2e2ada03eb793aa0a23b7c1729c71f1b2445a353b9132d53b2e5de7815dd6f7570c3a7072b1cb2d9faeb72649eb504fcdbe53acbc41554f11a9ed140f1e8721e

                            Download Submit

                          • C:\Windows\{FD90139F-0482-430f-A773-EBDF2363BE50}.exe
                            Filesize

                            408KB

                            MD5

                            5d57bc5e70ce16818722fd4466bd46ab

                            SHA1

                            c54c01c921c167d73eb2acf811a0ea2b8003ca6c

                            SHA256

                            aee6163aca1a087ed2c8fc030a12b154a74d42b4728282457bbc704ad3e3ebe4

                            SHA512

                            ff5aaada3e8fd31df505f22410c0e17f469da79ad4e2f1fcb23c7cf442e8bde92940903597a22f9b9da3b21b7f57e7e2ce9cb11311d68ca3eb94c3d1ca8ebaa9

                            Download Submit