Overview

overview

10

Static

static

10

2024-02-02...ye.exe

windows7-x64

9

2024-02-02...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 05:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-02_6612c298ea03000ddd9b76bd76d59a51_goldeneye.exe

  • Size

    180KB

  • MD5

    6612c298ea03000ddd9b76bd76d59a51

  • SHA1

    4eaa60fb827d8aa8e79209f4f88a081a401159b6

  • SHA256

    ee237518406caf40cb079484f4c0d13a58b76f9c20d319187ffc9e20746e2295

  • SHA512

    8f46fcb817ae95f876820a878503275fcdd5c7a5237060e64d9233426d1170dc44ab5b4b8564ba3cc7446d90c9f6f0d6f1f4b51cd3da948a495cad4fb933cee8

  • SSDEEP

    3072:jEGh0oYlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGul5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-02_6612c298ea03000ddd9b76bd76d59a51_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-02_6612c298ea03000ddd9b76bd76d59a51_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\{7C5C1E81-3953-4889-88CE-C311999753A8}.exe
      C:\Windows\{7C5C1E81-3953-4889-88CE-C311999753A8}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Windows\{929DBD22-6E25-47cb-8EEF-30F1AA2B5575}.exe
        C:\Windows\{929DBD22-6E25-47cb-8EEF-30F1AA2B5575}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2736
        • C:\Windows\{CB8A569A-C7C7-4d9a-A73E-D1B7AAA36636}.exe
          C:\Windows\{CB8A569A-C7C7-4d9a-A73E-D1B7AAA36636}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2684
          • C:\Windows\{2C60B285-FD32-42eb-B5DB-F3D5E6CA6B7C}.exe
            C:\Windows\{2C60B285-FD32-42eb-B5DB-F3D5E6CA6B7C}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:576
            • C:\Windows\{345D991F-FBC6-4e66-A398-59D0D2BAD7B0}.exe
              C:\Windows\{345D991F-FBC6-4e66-A398-59D0D2BAD7B0}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1652
              • C:\Windows\{612977E4-C8FD-4c51-879E-30CA46FFCE6B}.exe
                C:\Windows\{612977E4-C8FD-4c51-879E-30CA46FFCE6B}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2884
                • C:\Windows\{0BA1B8E3-5B2D-4b93-9C14-CBC8457425F5}.exe
                  C:\Windows\{0BA1B8E3-5B2D-4b93-9C14-CBC8457425F5}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1052
                  • C:\Windows\{FF488128-6F6C-4903-88E7-797C383EFA75}.exe
                    C:\Windows\{FF488128-6F6C-4903-88E7-797C383EFA75}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1988
                    • C:\Windows\{BDBF9D9E-C5D6-49b3-B716-DD7CF309641A}.exe
                      C:\Windows\{BDBF9D9E-C5D6-49b3-B716-DD7CF309641A}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1644
                      • C:\Windows\{D2DA6A2D-4CD7-4961-B2B4-9F3925C03E2E}.exe
                        C:\Windows\{D2DA6A2D-4CD7-4961-B2B4-9F3925C03E2E}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:596
                        • C:\Windows\{949965E1-35E7-4a40-ACE8-39D26E89102E}.exe
                          C:\Windows\{949965E1-35E7-4a40-ACE8-39D26E89102E}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:676
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D2DA6~1.EXE > nul
                          12⤵
                            PID:2932
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BDBF9~1.EXE > nul
                          11⤵
                            PID:2928
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FF488~1.EXE > nul
                          10⤵
                            PID:1824
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0BA1B~1.EXE > nul
                          9⤵
                            PID:1892
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{61297~1.EXE > nul
                          8⤵
                            PID:2484
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{345D9~1.EXE > nul
                          7⤵
                            PID:2188
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2C60B~1.EXE > nul
                          6⤵
                            PID:1828
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{CB8A5~1.EXE > nul
                          5⤵
                            PID:1628
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{929DB~1.EXE > nul
                          4⤵
                            PID:2980
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7C5C1~1.EXE > nul
                          3⤵
                            PID:2700
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2708

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0BA1B8E3-5B2D-4b93-9C14-CBC8457425F5}.exe
                        Filesize

                        180KB

                        MD5

                        4d4653c862466a99bf608f2dd4b5d38b

                        SHA1

                        a687c27b366436456114175bab7adc17cf73e373

                        SHA256

                        29af294af50d23133fb576b5c4f29a57805146919890f1cbc44186efb9c6cab0

                        SHA512

                        ff330481bc21722aae1a0c40c0deb0a748e49eec84f22365bef36d7221576bfc3eb295629e953da9a00a959fe17e0bc764cab3a72b4180f60804cd69df03c1ee

                        Download Submit

                      • C:\Windows\{2C60B285-FD32-42eb-B5DB-F3D5E6CA6B7C}.exe
                        Filesize

                        180KB

                        MD5

                        ea134e2bf352ff7303373b693074d020

                        SHA1

                        315b09655448f5768a96cefc89d32cc749104ecd

                        SHA256

                        a6cf0ae668fd0f3c82ede2c9c0f09a9b68d2c1e95db72bdc00a6120b7c38dc8e

                        SHA512

                        e627646936af4bb0d3d6d2d6b489f52f11613a2fca9d2f7d34bad2cf1150be87c96af0cc2ccab717ac1264b9a7a8a8a1c9359d98648df150ef48d3066eb66b5b

                        Download Submit

                      • C:\Windows\{345D991F-FBC6-4e66-A398-59D0D2BAD7B0}.exe
                        Filesize

                        180KB

                        MD5

                        b33bff92e4e93f3c8905559c194266bb

                        SHA1

                        683bde5d5fa051038382cc2d3a76196c52287173

                        SHA256

                        40ee3e4dda2f267bd6e48185155d934223d4ccf3ff9bace3d3937e074abcf5bf

                        SHA512

                        f05a6c6d21a19eb2712a32a7658a7e33ab0b9833bf4246b93cf21792b6b7ae6b7c480069db6fedbbbf58c3e6808cb92a4fffd9de5fef526532861fddf3be3cee

                        Download Submit

                      • C:\Windows\{612977E4-C8FD-4c51-879E-30CA46FFCE6B}.exe
                        Filesize

                        180KB

                        MD5

                        ec4b672c5250d6c5d9ac2e5cd30ab573

                        SHA1

                        95cfbbf359edfdeb829759427bda5b28981f46ba

                        SHA256

                        8a797c03dde16f48f9604573eb84b0614d4f24d81ae6c73a0a7add43b1fe7919

                        SHA512

                        f55e69197bbb831f140b5dc1625aff78994af9360b4c616a1a7b8b5cb3a81cb9ac2c5d16162c46832161d629e3c94dd4538d108ea0f6c3cd3f15e81ffed30b11

                        Download Submit

                      • C:\Windows\{7C5C1E81-3953-4889-88CE-C311999753A8}.exe
                        Filesize

                        180KB

                        MD5

                        fb78e48e0d204c3f5a4b02a221081a16

                        SHA1

                        91bccb84c6698d9d3d96e559dacfb91d5540260f

                        SHA256

                        07a292327bea882ca16dd927c40cf19c8299b9a0d786804359c6511e0a09e568

                        SHA512

                        4054f3be39c58b88eb5da29c61d0aebd785527d0703921d290fed665f363bb45c4fb15ee0eea132498b7b5afb270135dcea69b8acf9840b75ee82662ec395c7a

                        Download Submit

                      • C:\Windows\{929DBD22-6E25-47cb-8EEF-30F1AA2B5575}.exe
                        Filesize

                        180KB

                        MD5

                        e9efddd4727d1b2e24964ed95f4d44fd

                        SHA1

                        11e572d4dcd379c882451212be23ee1598a3f67b

                        SHA256

                        e9a2ab7966047bcae160410fdd1aac7299a8034520c26ad6703ce3afbc6f7e88

                        SHA512

                        f1906a3c60ed1c83542875e0e71f4cfc6acc43db3de82496e3f6560fe74fe8e50c675d5db6d041ee60017dea61fd24eea4d9ef7eabd005d81c103ad0da3b8af2

                        Download Submit

                      • C:\Windows\{949965E1-35E7-4a40-ACE8-39D26E89102E}.exe
                        Filesize

                        180KB

                        MD5

                        030056bc07921fa50c1fb72666b18bef

                        SHA1

                        740e7ab6373771aa521c0199e99412687c39581f

                        SHA256

                        edf06aa47e2703971eff9aae8167b91b086cafac4c5f827e8b2ffb1f0b82a5af

                        SHA512

                        3f6b549a1fb0417f35385398b88a9f01a2bdd3b061257df1bd4823453fad0650b89b4c12d151e69427a5c6f0c34a2712a857d8568af458cda0652bd26f035bb0

                        Download Submit

                      • C:\Windows\{BDBF9D9E-C5D6-49b3-B716-DD7CF309641A}.exe
                        Filesize

                        180KB

                        MD5

                        aa1d05f1166265b7d104fe46962eeb72

                        SHA1

                        1af42298159b9180bf85a28ef65a8ce9e6a10c82

                        SHA256

                        ca1a73a4c052053d790e9bf580637ec2ac58bad926f6bd815328abcbddf77f1c

                        SHA512

                        eaa4141665f233db681b35e6119b4d83ada3eca5bf557e22010196dd23e003751c9a4d946bad99d0da204b57f42d517e531099d8b7a3ff28bd3b485cc8126746

                        Download Submit

                      • C:\Windows\{CB8A569A-C7C7-4d9a-A73E-D1B7AAA36636}.exe
                        Filesize

                        180KB

                        MD5

                        88dbc81326050a8d59439865772ba5d7

                        SHA1

                        e4a67febabd6302c46833872d05b385e5efd4b6d

                        SHA256

                        80954f6d2f516a1fa0dde0bce12846fe933b40064597759ad9a22764c1af7ea2

                        SHA512

                        155b3b716c274e5be3888b793240009ef165c24352477be7ebb9ddd621a05582da927d8eae9d607ec135df76ffbe1969f16b3f0573b3286f7124e50313bc2c5b

                        Download Submit

                      • C:\Windows\{D2DA6A2D-4CD7-4961-B2B4-9F3925C03E2E}.exe
                        Filesize

                        180KB

                        MD5

                        3a0bd52c8a6e9f4a6ac5327e268f56b8

                        SHA1

                        8108b9fec977e8be3124bca51bc6d14c10c9fad8

                        SHA256

                        f0cd239b900002130623cdad4199ff9d2ad4c1aa003bb85f46e78131364960b0

                        SHA512

                        911d3c80b42d132dc3de2b975f169655845c76299b4c3eb7c7800e0cee290b8e8b76425cf6ca3dc79a9a3ab9bc2a9a9212d557717b9f7953a464f96432ac0853

                        Download Submit

                      • C:\Windows\{FF488128-6F6C-4903-88E7-797C383EFA75}.exe
                        Filesize

                        180KB

                        MD5

                        a52ec6461d3e9b41dd33e16cb6afa0d0

                        SHA1

                        26663b868c54d3ec61f8d219433c3b17038b2f9e

                        SHA256

                        901bb08904667acf1d77d818b3ff17a34facc0c145babef9cbdac5152d65abf4

                        SHA512

                        d7dfe3308c475a424080a8f76d02e5029cf92804c4d5843bbf3c499d05065e88861fcfa3ec55747a35854d561b6649e52a65f7b7262b7c51e4414f5af07e664f

                        Download Submit