Overview

overview

10

Static

static

10

2024-01-25...ye.exe

windows7-x64

9

2024-01-25...ye.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_a6a6c6a7a55cefd0235aad1ddff45bff_goldeneye.exe

  • Size

    197KB

  • MD5

    a6a6c6a7a55cefd0235aad1ddff45bff

  • SHA1

    a5e8cc5603244f21808646fb0fd44aafc648d160

  • SHA256

    c7688f50d6cffe2a151e13461a876e9eb58e3e2dfee23d80e60f4925db3adfdd

  • SHA512

    e982e78a244a4600fc33003439d352e4773925925bbe5a113cf2f6bcc45bf6d45a3533a497f74b0be4848e29fcf2c2f9527f26fb5ee0604d43eda3db27cd9f35

  • SSDEEP

    3072:jEGh0oJ5l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGplEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_a6a6c6a7a55cefd0235aad1ddff45bff_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a6a6c6a7a55cefd0235aad1ddff45bff_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Windows\{EA1A0A67-A0E4-4fc6-A055-792FC2E01BA7}.exe
      C:\Windows\{EA1A0A67-A0E4-4fc6-A055-792FC2E01BA7}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Windows\{7A50D849-1D0C-4b2a-A551-F48EE6A06008}.exe
        C:\Windows\{7A50D849-1D0C-4b2a-A551-F48EE6A06008}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3008
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{7A50D~1.EXE > nul
          4⤵
            PID:2692
          • C:\Windows\{9C31DEDA-0B6D-4522-A9E3-A5DD00E94FA4}.exe
            C:\Windows\{9C31DEDA-0B6D-4522-A9E3-A5DD00E94FA4}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:496
            • C:\Windows\{FDF51D7D-3F1A-4bc6-9BEB-42E9AF9B14C2}.exe
              C:\Windows\{FDF51D7D-3F1A-4bc6-9BEB-42E9AF9B14C2}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1260
              • C:\Windows\{92EEED61-5F96-4cfb-AA36-1134D9E05C31}.exe
                C:\Windows\{92EEED61-5F96-4cfb-AA36-1134D9E05C31}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2612
                • C:\Windows\{E271936E-6122-46b5-8380-8CA315573BC5}.exe
                  C:\Windows\{E271936E-6122-46b5-8380-8CA315573BC5}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1208
                  • C:\Windows\{B44A2A77-704C-4ea4-9DEC-9670EA68FD03}.exe
                    C:\Windows\{B44A2A77-704C-4ea4-9DEC-9670EA68FD03}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2796
                    • C:\Windows\{393C52DD-6459-4196-90E7-D5922E08ADF9}.exe
                      C:\Windows\{393C52DD-6459-4196-90E7-D5922E08ADF9}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2036
                      • C:\Windows\{89409AE9-4B8E-4c64-B9C8-1B74CC172FF9}.exe
                        C:\Windows\{89409AE9-4B8E-4c64-B9C8-1B74CC172FF9}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3064
                        • C:\Windows\{80159D13-10F5-4252-B8B9-BDF96F954453}.exe
                          C:\Windows\{80159D13-10F5-4252-B8B9-BDF96F954453}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:536
                          • C:\Windows\{D48B77F2-FC48-4138-9117-B7236D50E59A}.exe
                            C:\Windows\{D48B77F2-FC48-4138-9117-B7236D50E59A}.exe
                            12⤵
                            • Executes dropped EXE
                            PID:1768
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{80159~1.EXE > nul
                            12⤵
                              PID:1464
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{89409~1.EXE > nul
                            11⤵
                              PID:880
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{393C5~1.EXE > nul
                            10⤵
                              PID:1620
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B44A2~1.EXE > nul
                            9⤵
                              PID:2008
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E2719~1.EXE > nul
                            8⤵
                              PID:2784
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{92EEE~1.EXE > nul
                            7⤵
                              PID:2408
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FDF51~1.EXE > nul
                            6⤵
                              PID:848
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{9C31D~1.EXE > nul
                            5⤵
                              PID:2896
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{EA1A0~1.EXE > nul
                          3⤵
                            PID:2528
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:1200

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{393C52DD-6459-4196-90E7-D5922E08ADF9}.exe
                          Filesize

                          197KB

                          MD5

                          dec9b02fcd432a3e6ab5287e1a9468cf

                          SHA1

                          db0004ac790d28f94843ff48ea66af2070a4fefc

                          SHA256

                          27d476f1f1a757257c28189565b73c3e7a8e42b8a10d80a549565a8f464c349e

                          SHA512

                          67a50177fd0dbb468c86f6cd258c7e8aca9ca20dbeb6b18efe6c25b9fb560b585820cfec0c0a942a5dd60da2159f094eb5d9422f9d4aac1cfd9872c5bcd8ac12

                          Download Submit
                        • C:\Windows\{7A50D849-1D0C-4b2a-A551-F48EE6A06008}.exe
                          Filesize

                          197KB

                          MD5

                          c161b0157c260375f0cc5f8c613cc553

                          SHA1

                          dcec85775b5c5a9681bada55b520bd0470f2174f

                          SHA256

                          97fa3a07ab4ba64e4786e3da7875e2a35ee921f651b901c681fe2ed8fe982c1c

                          SHA512

                          97c4f9d10cd484fded7e0da5aaec376f4d343c70f32bab908246b142deaec2a40184917d37670c5e0dadb26f60c1ee974508d8047b37b7b744910389be624be8

                          Download Submit
                        • C:\Windows\{80159D13-10F5-4252-B8B9-BDF96F954453}.exe
                          Filesize

                          197KB

                          MD5

                          a534a0c16b884cf7f369ba09bd1f823b

                          SHA1

                          6ee6384062ccf35383331f475299b1cee3b60891

                          SHA256

                          cd16277168995820e0945b3680697d7cb1c7092337303d9377e836e23eeede89

                          SHA512

                          0b7b54a55f938281d6d54bf0ec67d9e61255b553c32f43c552bd5d9ee1c9ac15342359ca6c8ec73ea8347b44be5a9928840ae0babe9b645d07664f27b5e6603e

                          Download Submit
                        • C:\Windows\{89409AE9-4B8E-4c64-B9C8-1B74CC172FF9}.exe
                          Filesize

                          197KB

                          MD5

                          d88862faba4c4eac26d19f8958b21acf

                          SHA1

                          fc803a60cf2ce70cf69e1da23507c30055ecd105

                          SHA256

                          691b95437718095feb22feab1f2be42700c9d38c75249a10f343cb84188de1c4

                          SHA512

                          9341b6de24176b24849f4358529af105c737bd66609f6430934f3db791e336334810ca1d183993caf82e3bfd6bc8e6f11f8d82f7d7871f23a25a29d6b5c6d966

                          Download Submit
                        • C:\Windows\{92EEED61-5F96-4cfb-AA36-1134D9E05C31}.exe
                          Filesize

                          197KB

                          MD5

                          2bb3823ff9a11025d19851d590d42c08

                          SHA1

                          f28cc2659e48ae0e53ad5d291f191acecac5ddae

                          SHA256

                          163ae4f1be5770950febeb75174a7140507dce325bb13a7c40c0f5ba44b95067

                          SHA512

                          d7aad5ce479ca8cd58458133bb4d2fa20a7f6a4f4aade856907dfb61c7ed04369e7fcc53329c2aa30a830188d32f5bf4af3616e4d0c65f52959859b02df20b45

                          Download Submit
                        • C:\Windows\{9C31DEDA-0B6D-4522-A9E3-A5DD00E94FA4}.exe
                          Filesize

                          197KB

                          MD5

                          bdcd9df8e8a5bf3779b8d547aef1dd6f

                          SHA1

                          a8fa603463e4acbddd7044c9485f255659aa2667

                          SHA256

                          be097820070128610ec221b8e391e31d0810828c6e161e477076cf5f9a5a5668

                          SHA512

                          70d070e7400c001437f743ea638677cef13b320280e7c15ba1a0d0a9a1376a0de2dd753cd534fcd40550af4d5500ddf8b223d305fd13a88f99964bca7c17226d

                          Download Submit
                        • C:\Windows\{B44A2A77-704C-4ea4-9DEC-9670EA68FD03}.exe
                          Filesize

                          197KB

                          MD5

                          410a0b4de2a299ef3085eacce7121aa2

                          SHA1

                          e8dad3e7f59da1bafe578143e78c2953ddab52f3

                          SHA256

                          527a0a3d697adf0ba30e8231aa74b9c8d22b6c3471448761eb0b1527d57c77e9

                          SHA512

                          f30b81f78dd8ae323a2b5a5e76ad54995909cd994aeada0429789bb81dccccb9edffc07f155d110313de401196b70f47f2f801eefa494e36edf6378e46f8c720

                          Download Submit
                        • C:\Windows\{D48B77F2-FC48-4138-9117-B7236D50E59A}.exe
                          Filesize

                          197KB

                          MD5

                          a0efbe952fb0b3eeb3b4f9a2859056f8

                          SHA1

                          7a2d61e75891715d05a9d2f72b49ef457cb54ea3

                          SHA256

                          4f86ddf93f070e91837a3845c6602c3e2ad78d982dc839fcec34feb4aab8319e

                          SHA512

                          d0c142744093a768e207a79237b53d79efe2528907ea2d41f9be482eb79aa7afacceb22c61ae10bd48b8ad28805ec9c5013c13850e26a73f27b72066ef8e3f02

                          Download Submit
                        • C:\Windows\{E271936E-6122-46b5-8380-8CA315573BC5}.exe
                          Filesize

                          197KB

                          MD5

                          8c4d198270934ba9cb7472c98ddf89f3

                          SHA1

                          db2e2b6d889e2ccbe29563e60a2795f6b7d274b3

                          SHA256

                          573706bd6eaa4d22a199a0b2f3b6bdabeb3a498e02fe00c98536e2519e273860

                          SHA512

                          2bc95290f2c00f0a978b3b83ccfa36eab99bf820e8a22d14dc3f43dd26ff610c2685b6d24d27d6d247686d0020691e869777e0b86510ec348396b8122d3d4134

                          Download Submit
                        • C:\Windows\{EA1A0A67-A0E4-4fc6-A055-792FC2E01BA7}.exe
                          Filesize

                          197KB

                          MD5

                          d00c6b05be541cde2010e473921af85d

                          SHA1

                          eeb66031701f0b795b8b67b9f291ea92d4e6884f

                          SHA256

                          bcf8dfb5feb686e08b8e432b3d9eb0672241cf9c0518eb95617d5b1706a3bd85

                          SHA512

                          ca904f49c40281a0cc07e3d88416148d21e79eb2ff995346f2a15578daf436ff6d9d63b76f2a9685278e7c4db921f988c8764cbab9e248a42d1a546d271cfd11

                          Download Submit
                        • C:\Windows\{FDF51D7D-3F1A-4bc6-9BEB-42E9AF9B14C2}.exe
                          Filesize

                          197KB

                          MD5

                          42999cd6859f9c640cd704ed2258c5ab

                          SHA1

                          a7a554adb256df22e88d15c80708b61aaaf33132

                          SHA256

                          cc8f8c05d243a5d810e84f8a6cd3aff033a933ce29f3fabed8935647cb2e27a1

                          SHA512

                          b93be1302b374a60bf5a5ec17d918321e33880b40f91fecaf6321de17a6a7f4a4ea99f59f5e3133fe39b31c4c7ee3fffbd2ec4a40b6d8644dfb30f92d1a9bd14

                          Download Submit