Overview

overview

10

Static

static

10

2024-01-24...ye.exe

windows7-x64

9

2024-01-24...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2024 00:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-24_2c368aae5d8fa358c62036771c68d04d_goldeneye.exe

  • Size

    168KB

  • MD5

    2c368aae5d8fa358c62036771c68d04d

  • SHA1

    886d440b4a2d487a470cbe3361f41d6475241577

  • SHA256

    2e68aeef0a75a6d7ac65ac664ab2f14460960fc80dd488774b0c8399205d5606

  • SHA512

    c87a91a12fbbc6f7deb6be71eab4097d91e1cb7b05c377de9f62f9f1cfaabfa21173be7d2d399b9982c5028887e291d44bf963a20aec6bed83b210f106562ca9

  • SSDEEP

    1536:1EGh0oQlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oQlqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-24_2c368aae5d8fa358c62036771c68d04d_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-24_2c368aae5d8fa358c62036771c68d04d_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Windows\{7A2439A6-48A9-4621-A70B-54FCF54EF7D2}.exe
      C:\Windows\{7A2439A6-48A9-4621-A70B-54FCF54EF7D2}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1240
      • C:\Windows\{54222343-159F-4ae1-8977-F7A05DD686EC}.exe
        C:\Windows\{54222343-159F-4ae1-8977-F7A05DD686EC}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2804
        • C:\Windows\{9FB7C417-5594-4b5c-B8C9-B314A6C3525B}.exe
          C:\Windows\{9FB7C417-5594-4b5c-B8C9-B314A6C3525B}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1848
          • C:\Windows\{D38F61F2-581F-4b3a-B91B-3246FD34CA88}.exe
            C:\Windows\{D38F61F2-581F-4b3a-B91B-3246FD34CA88}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2608
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{D38F6~1.EXE > nul
              6⤵
                PID:1444
              • C:\Windows\{0315706A-DF2D-4e95-A31D-B544B59D161A}.exe
                C:\Windows\{0315706A-DF2D-4e95-A31D-B544B59D161A}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1268
                • C:\Windows\{A4375650-1D86-4320-ACE7-D3CE8360AFF6}.exe
                  C:\Windows\{A4375650-1D86-4320-ACE7-D3CE8360AFF6}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2828
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c del C:\Windows\{A4375~1.EXE > nul
                    8⤵
                      PID:1804
                    • C:\Windows\{34C6E81E-4613-43b8-B934-643356BA3DFD}.exe
                      C:\Windows\{34C6E81E-4613-43b8-B934-643356BA3DFD}.exe
                      8⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1988
                      • C:\Windows\{DF496553-0875-4273-A72D-6CF5350A6D9F}.exe
                        C:\Windows\{DF496553-0875-4273-A72D-6CF5350A6D9F}.exe
                        9⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:544
                        • C:\Windows\{32EE5FF4-9C32-4ed0-A505-FC8A15277446}.exe
                          C:\Windows\{32EE5FF4-9C32-4ed0-A505-FC8A15277446}.exe
                          10⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1448
                          • C:\Windows\{D5FE4030-EBA5-4251-92A1-E6D021FE1E3A}.exe
                            C:\Windows\{D5FE4030-EBA5-4251-92A1-E6D021FE1E3A}.exe
                            11⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1628
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{D5FE4~1.EXE > nul
                              12⤵
                                PID:820
                              • C:\Windows\{03AE3887-5E38-401b-9084-D7AB49C787C3}.exe
                                C:\Windows\{03AE3887-5E38-401b-9084-D7AB49C787C3}.exe
                                12⤵
                                • Executes dropped EXE
                                PID:1924
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{32EE5~1.EXE > nul
                              11⤵
                                PID:2392
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{DF496~1.EXE > nul
                              10⤵
                                PID:2024
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{34C6E~1.EXE > nul
                              9⤵
                                PID:2512
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{03157~1.EXE > nul
                            7⤵
                              PID:2876
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9FB7C~1.EXE > nul
                          5⤵
                            PID:2384
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{54222~1.EXE > nul
                          4⤵
                            PID:2596
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7A243~1.EXE > nul
                          3⤵
                            PID:2548
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2336

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0315706A-DF2D-4e95-A31D-B544B59D161A}.exe
                        Filesize

                        168KB

                        MD5

                        3d2a0b1ed078af6934d5a12550cba58e

                        SHA1

                        70e30b63dd0d77704b5b775f150dcc16fcc2555c

                        SHA256

                        04fee66e82f71ace038f9667d5571ef7d7475b1e3e6081a8bdbb908c6cd2b1be

                        SHA512

                        b4dbbb4ae8ccd6a290d60760f53df63ef1cbfc30a94785ac6ef1cad90361d504a79cb321e590ab98615c5e845ddcce5d130ceb89aa6600ef75f09ac0d183865c

                        Download Submit

                      • C:\Windows\{03AE3887-5E38-401b-9084-D7AB49C787C3}.exe
                        Filesize

                        168KB

                        MD5

                        41cd483b00c9d3490fdd3797f2a3146a

                        SHA1

                        058866fd7b399ba414a8600fb5a5bb43f7a941f5

                        SHA256

                        5743e245af60d2e948e88db2e58d8cc3121a084797a7613351ca3a4a9cae2f2e

                        SHA512

                        d789637529d5812f8d19d1d6c629982ce750ab8195d3fc50338d3b62b5acdf4704b4473510fe373685ba611ffd2c42d5ac57ac8e2616d28f0ab6b1005be01348

                        Download Submit

                      • C:\Windows\{32EE5FF4-9C32-4ed0-A505-FC8A15277446}.exe
                        Filesize

                        168KB

                        MD5

                        ec3427c3e5da95bc7c8a7cee1482dc3e

                        SHA1

                        9c4f48dc75461b2e34f4de05664ec7148061fd3d

                        SHA256

                        d8fab8896ace5788d02d51cbf1ea899db191b52b8b9cefb7cd5e523582d1243b

                        SHA512

                        ea39577f960d122c58f5fd10016d2dd72fc9c459643d8432b32debe905a5db9506ccbf5de7df9e4445d11bce41fb6e1b47f985baf42ed6db5073af07cc41f11f

                        Download Submit

                      • C:\Windows\{34C6E81E-4613-43b8-B934-643356BA3DFD}.exe
                        Filesize

                        168KB

                        MD5

                        ce8185b357b4f5fdbdd6096fef24c68b

                        SHA1

                        627edc7db778a1dafe10244e76ebb81621494f67

                        SHA256

                        2e96eb193c1da2bb2fc78780574bc1c8ab10d0883e9a24a13e196eddf2bb1af8

                        SHA512

                        4034b8ad500dca5cbf42f01eea7f520610ab2168749006f70a891a2782d78a69b2d99aaef7c865cdb0483a22a8a73da7b26ffdc6bdeacb946da30fdb5effd33f

                        Download Submit

                      • C:\Windows\{54222343-159F-4ae1-8977-F7A05DD686EC}.exe
                        Filesize

                        168KB

                        MD5

                        345a446f9eec0d9cb355b8eb8ab508e2

                        SHA1

                        0876a447204335f6cbe8de5280b1346f0d79b887

                        SHA256

                        7c83d22cc9edf8c9025e032d9b422e01bb78cc5b8d150782db6785ab1206df60

                        SHA512

                        733d5845848b943c85ec7ba2228ddd72d9e19c8ed3028780adc33e218693c292beeabff62f8ac71d299d1b58b7df370b11bdae8ba4bc1d23800c0118f139a968

                        Download Submit

                      • C:\Windows\{7A2439A6-48A9-4621-A70B-54FCF54EF7D2}.exe
                        Filesize

                        168KB

                        MD5

                        7256fe695becc648e63c2ffc5932911d

                        SHA1

                        44f269350367e5d5e6076200e55c90e00dc16b00

                        SHA256

                        b4b19fa5d3db695e5f3b3e6b09eb028ea43d49430ae40f0c4dd5c344c9f1b3f5

                        SHA512

                        14664c0ad5fda589e5986ae4f8dfd10deffe2c15f1a6ff1262558542aa8726c9e4de250e8e6320849fb8d435eccf1eb15164d0dbf6bf9652964a889bafcb64a5

                        Download Submit

                      • C:\Windows\{9FB7C417-5594-4b5c-B8C9-B314A6C3525B}.exe
                        Filesize

                        168KB

                        MD5

                        7d26980ba334500bffb3d30b558cb45f

                        SHA1

                        79a1234be2b670a9f26d8ca57111d3f36165f7a0

                        SHA256

                        438eccfb14d536c603065ea5d515e4a13accfaff2e9bfa92181cb3dedf6ba18a

                        SHA512

                        4ae8ea20f5ad3776c878ed9825cc80b491cc33ff9d996cb075cedeccde892471e40e3ee86edc2462001ab44d57b3cfe328e69d663b3fa0d974a1e50948c34c89

                        Download Submit

                      • C:\Windows\{A4375650-1D86-4320-ACE7-D3CE8360AFF6}.exe
                        Filesize

                        168KB

                        MD5

                        f8063c15c51a3097371dcc9c3e92abc5

                        SHA1

                        f28d41ee5ad761adceb6d9cf685f9af253979537

                        SHA256

                        689cd05b98153aab19223ad3895ef2cbbd2d670365800f0fe003d18ac5819ca0

                        SHA512

                        59c313dd1ce20e09c3fe1cb8e3e61b2460352c2df0c3dba0af6f3100c9316f0b1682a790c5d2d1bf1943c1bba34ea6ba07461c45ccf3b2602c00dc01374f7d4f

                        Download Submit

                      • C:\Windows\{D38F61F2-581F-4b3a-B91B-3246FD34CA88}.exe
                        Filesize

                        168KB

                        MD5

                        8b2cb82092370be0ec3894cb49b8f53c

                        SHA1

                        08a3e3b1994c87647b924645c93f0ba80e4fab80

                        SHA256

                        073969dc7b711a993dfd84ae4ff82b42543cf6585d811043153e86582b1bf421

                        SHA512

                        d965af9ffe0f3591aea9b220807557cf7262ecb5762c8cfd7ac82804019855e47dfa7c8eba25b758d1c60ed93bd264ff6b03745cb94530304df0c57ff8b8ea5e

                        Download Submit

                      • C:\Windows\{D5FE4030-EBA5-4251-92A1-E6D021FE1E3A}.exe
                        Filesize

                        168KB

                        MD5

                        4f698e2c207085a2df678e4d7e7897db

                        SHA1

                        148c3c1466d78166f092241d78714ad133b25ac1

                        SHA256

                        f2f986ddb7bb540dd4a37f27192e5e8dd26f1d8b193d8262c1351bf7c788761e

                        SHA512

                        af01cb0f7360f721e83b1aad6e1b33984a74f5626d9a5e8bfb3d0d4691347eb20875bbb7f4faa4958d36b305ee952e4936e1cee1f975118bea568040db7aed25

                        Download Submit

                      • C:\Windows\{DF496553-0875-4273-A72D-6CF5350A6D9F}.exe
                        Filesize

                        168KB

                        MD5

                        41cf7c219fae6216c892d7b00bd547ec

                        SHA1

                        d0de50b164bcd15fe6a69b409e0be3724eca0a0c

                        SHA256

                        aed14e117277bb60fb3c09be033efd8f35bd1a8a94666274a487eff17b7c4d21

                        SHA512

                        f5267701b135db806b07bf372ecff636fb50bfc2822a10e34751e8495833c6bcffdee46fc2981acd2b423a5bbb5454c77544e7a4c15444913b704ac7d9a18956

                        Download Submit