Overview

overview

10

Static

static

10

2024-01-25...ye.exe

windows7-x64

9

2024-01-25...ye.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_4fa55fd404b924bfa9810aa11b49e4f9_goldeneye.exe

  • Size

    180KB

  • MD5

    4fa55fd404b924bfa9810aa11b49e4f9

  • SHA1

    2757134d986d31c6a034a9088dede09e0ecc01ce

  • SHA256

    de0a1e45ca271da7a40a9cb75d60c1637feaf6e009ca3ed2ac0694ab0d27027b

  • SHA512

    e1631b798089725f4244447cd07ba8dbb6c99d00d6ee6ce38a12bc4e4b62ed6553936adb026e491aa8904348ac88ccc92df1f9fc0c417e1b3a675bcf7b94d271

  • SSDEEP

    3072:jEGh0oplfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGbl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_4fa55fd404b924bfa9810aa11b49e4f9_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_4fa55fd404b924bfa9810aa11b49e4f9_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\{6CA3BD3B-DDBF-4e42-91CA-5467C1241105}.exe
      C:\Windows\{6CA3BD3B-DDBF-4e42-91CA-5467C1241105}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Windows\{1F9118F5-A012-4e72-BBE7-217863E5239F}.exe
        C:\Windows\{1F9118F5-A012-4e72-BBE7-217863E5239F}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2600
        • C:\Windows\{2F5C052D-2B40-4717-9C6B-4309A71345F9}.exe
          C:\Windows\{2F5C052D-2B40-4717-9C6B-4309A71345F9}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2696
          • C:\Windows\{15FF90B4-6B88-423a-A3E6-317AE4DC45EB}.exe
            C:\Windows\{15FF90B4-6B88-423a-A3E6-317AE4DC45EB}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2524
            • C:\Windows\{5E4CDB95-9FF5-46c4-8832-E04748F36737}.exe
              C:\Windows\{5E4CDB95-9FF5-46c4-8832-E04748F36737}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1844
              • C:\Windows\{4EF6467C-4466-449e-B637-8604250632C5}.exe
                C:\Windows\{4EF6467C-4466-449e-B637-8604250632C5}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1336
                • C:\Windows\{A4E6CF4F-A457-4fb6-9631-58F3F841DFC7}.exe
                  C:\Windows\{A4E6CF4F-A457-4fb6-9631-58F3F841DFC7}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2032
                  • C:\Windows\{132ED0E7-8A03-484e-98D1-172647794317}.exe
                    C:\Windows\{132ED0E7-8A03-484e-98D1-172647794317}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1680
                    • C:\Windows\{BF12E966-867C-46e3-B3BE-15EA9E8C6A07}.exe
                      C:\Windows\{BF12E966-867C-46e3-B3BE-15EA9E8C6A07}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2996
                      • C:\Windows\{F085D56C-AE4F-4055-A4E0-AE63B8AF854B}.exe
                        C:\Windows\{F085D56C-AE4F-4055-A4E0-AE63B8AF854B}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1692
                        • C:\Windows\{7595A350-57D2-42fd-AB20-2AD39031A2E0}.exe
                          C:\Windows\{7595A350-57D2-42fd-AB20-2AD39031A2E0}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:948
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F085D~1.EXE > nul
                          12⤵
                            PID:3004
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BF12E~1.EXE > nul
                          11⤵
                            PID:760
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{132ED~1.EXE > nul
                          10⤵
                            PID:1712
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A4E6C~1.EXE > nul
                          9⤵
                            PID:320
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4EF64~1.EXE > nul
                          8⤵
                            PID:2036
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5E4CD~1.EXE > nul
                          7⤵
                            PID:2760
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{15FF9~1.EXE > nul
                          6⤵
                            PID:2444
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2F5C0~1.EXE > nul
                          5⤵
                            PID:2820
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1F911~1.EXE > nul
                          4⤵
                            PID:1592
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6CA3B~1.EXE > nul
                          3⤵
                            PID:2664
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:1832

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{132ED0E7-8A03-484e-98D1-172647794317}.exe
                        Filesize

                        180KB

                        MD5

                        c31b4005d6844b83194129a6549ea24a

                        SHA1

                        afe75447d33aa33d2b5a3af6dbf6e973559deebd

                        SHA256

                        51292a97ead4d802ff18079c89f651185e48c5c6b6d1a6f7e1190714330686f0

                        SHA512

                        af158c0d8d965aa52e43ce3ffb40d58523333d541d471f4ed67e57dd46abe0538cba4a9d2c334e58616999d3ed19f3200782a2c7c19a758536a6f13d89c1553e

                        Download Submit
                      • C:\Windows\{15FF90B4-6B88-423a-A3E6-317AE4DC45EB}.exe
                        Filesize

                        180KB

                        MD5

                        b30b2ea94b4817abd31658c9417c5177

                        SHA1

                        3c53939244a1dcaeb4864426f389cbda9f50966b

                        SHA256

                        9e50d68b9e41fa603c7179366631ee1c612e35e04381b99b78a06ab9ecd910d4

                        SHA512

                        746a789202083d929c96dd004771a867513a46623e6dfe4e05fad8aeec7605dfd705ccbab529749751f1cb47b9d3d1a8e1984f3d399ebb916b2e563f82003f7c

                        Download Submit
                      • C:\Windows\{1F9118F5-A012-4e72-BBE7-217863E5239F}.exe
                        Filesize

                        180KB

                        MD5

                        e8e97f83dd28db3e9cece08bd14fd843

                        SHA1

                        54104308c773085e1d3d0ad9d0907dff10252a3a

                        SHA256

                        5f089f0de185671b101d3305a3c96f549673cae6549db81d3ab509ebab3464aa

                        SHA512

                        b30604f61aa3c9a125dac4fc17372a2b8a858db315002c953518e5500a9518a7a7bb550e8305eb06512072b77defcad99b8252e0bf839bdead11c9b34c0ea3a6

                        Download Submit
                      • C:\Windows\{2F5C052D-2B40-4717-9C6B-4309A71345F9}.exe
                        Filesize

                        180KB

                        MD5

                        5c8ed5a5247bb62754357a208b957391

                        SHA1

                        003e47cf9c40f83dce7429c5c8bc38f888d40e8e

                        SHA256

                        68da2be8905b57338895ebf9f8dcbc0a31f8cf4ed4588026a58712c6a74e959d

                        SHA512

                        ff7a360197d0ec27851e43468e99ebbcbaa8a9b469fee0bc88db8eebaf1263697fbbba3f19d8465d138ce89b728eee7ea17fbc3b00464a88bf78e34b281737bd

                        Download Submit
                      • C:\Windows\{4EF6467C-4466-449e-B637-8604250632C5}.exe
                        Filesize

                        180KB

                        MD5

                        8ec853f14367d3ade8216ddc9f4e6019

                        SHA1

                        d4f79cc6cf5869a2adbaedc90ae1844c3f831b15

                        SHA256

                        922a9c85d989f1c80efeaebe5b85a62ad151ea831613805a9106168710118ae1

                        SHA512

                        48812183e48024fff35741d8e779a6c06b1a5f27881494ee80863335d705ad7d24d691ea0bffcba1ee6a862f3498ff61a4a13b1c04dc3c393178cc31976272f8

                        Download Submit
                      • C:\Windows\{5E4CDB95-9FF5-46c4-8832-E04748F36737}.exe
                        Filesize

                        180KB

                        MD5

                        bf193126d41a7bbf8269b72e56e36e63

                        SHA1

                        0a63879f3b0bf9d8cf0b8fdb0181d73241015f6b

                        SHA256

                        96c1eeb344cddb5a8685c0163e6e952b3abfc76dd797da31004a55a86c965162

                        SHA512

                        a65629a8603940c0f3f89a3c85f335c5b05644f7ef36d53b0b6ccdfa324ecf80d53b1703626a318a469f423fa5fefedc8e84113e976342bdc90242e07ce05217

                        Download Submit
                      • C:\Windows\{6CA3BD3B-DDBF-4e42-91CA-5467C1241105}.exe
                        Filesize

                        180KB

                        MD5

                        1be86667e87e513ac3ba501879657e42

                        SHA1

                        3de6289d6194ca3053bdeeb60270800e59c33ecb

                        SHA256

                        00bc1d7a5f3399cf973fdf82c662c354c81d92e40088e1e578ec4f73735218db

                        SHA512

                        f488fcf426f2536f46d5923de51e1e603b0fe8dcc752be9a2736eb76a7436be6f394f816c7165d316d9b65fb66337c9538f519723b295bbe1b96d6e2acd44c59

                        Download Submit
                      • C:\Windows\{7595A350-57D2-42fd-AB20-2AD39031A2E0}.exe
                        Filesize

                        180KB

                        MD5

                        fdf7e9cca8f9d3b0247e3164ebb452e6

                        SHA1

                        4a3068c539029ddf9afde4328d86b8e7b33c46fc

                        SHA256

                        c28f1a662b126b8b0f7ce485f24522cf077dc94b5b9a0cc216ce55fe0201651a

                        SHA512

                        f9d7cdf98371dadde7d440e48fc8c4a32e4b3332a91a0b39e87f5b76be71f9492c3b4c180d85da7ed1f8c9ef5c1c55e8271a554b7cd823636d8fe54f400fbd56

                        Download Submit
                      • C:\Windows\{A4E6CF4F-A457-4fb6-9631-58F3F841DFC7}.exe
                        Filesize

                        180KB

                        MD5

                        9d88c64fab9d91732656ed003b8e07a5

                        SHA1

                        976a7eb24140ce212be08f05cb74c302967faf6f

                        SHA256

                        8fecca9c7c711c919e963c50db2150dc2d8bf0aa4f8b65eb30d800e576382294

                        SHA512

                        11ec6d5a2b7187b223a56f728d97fc76f4ecd883ec3ac5bfe172ad3fb8f2297834bd62f2afb60c128e7b319882281e9088eee707adbceea0cac0c4161551428b

                        Download Submit
                      • C:\Windows\{BF12E966-867C-46e3-B3BE-15EA9E8C6A07}.exe
                        Filesize

                        180KB

                        MD5

                        f955253f722bf82c6031658b25aa196a

                        SHA1

                        1684e295685884b4b9207a048453ec42eeea914c

                        SHA256

                        d4bf1374faaa0c113f090742c64a7b6416b97e90254d426d07fb03f1c46d7333

                        SHA512

                        e8b427fff195fd9418640d4216957ec17bac0319ffd431938a6447af3edaffd001724ae63e46a02cad309997fcec2a70af058ca418c4180e0c22d55284e15853

                        Download Submit
                      • C:\Windows\{F085D56C-AE4F-4055-A4E0-AE63B8AF854B}.exe
                        Filesize

                        180KB

                        MD5

                        7c61750bb1812f107fbdc110ccd6b7a4

                        SHA1

                        dc03a4eefe9796a0b27e9e37a1208cb0e3401a44

                        SHA256

                        67df324e624938f89e6f1ee26e98e8228fc62afa3be1a92b7298e1db6ed4a999

                        SHA512

                        5d4b75fc5456db877b4479490f4449602e62a59a64960e21de679f0fb77b4410410e35652e6de2c8166ed798e2064cc7b503afdea5f5731f57b6c66ac9115963

                        Download Submit