Overview

overview

10

Static

static

10

2024-02-04...ye.exe

windows7-x64

9

2024-02-04...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2024 00:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-04_247716cccd861c3663c138a17cb480b6_goldeneye.exe

  • Size

    168KB

  • MD5

    247716cccd861c3663c138a17cb480b6

  • SHA1

    601ac233edbc3cd5888c12b4384d19b02c4f2f1f

  • SHA256

    7fecee1c31802d041f8d0b9f74ac70833501e21c04417cacdfc1f83e723e7a94

  • SHA512

    0398d45cd9b7d9cb595e25cc1b2f42fc7a3bd0a3c28d22ac8d94bdff2191ae88cb9ed3380313e5176b7993e3c6239accdd9218a4a8a37259a593f622419da23f

  • SSDEEP

    1536:1EGh0oflq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oflqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 13 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-04_247716cccd861c3663c138a17cb480b6_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-04_247716cccd861c3663c138a17cb480b6_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Windows\{4192530D-D253-4d96-968F-9F69F2C91832}.exe
      C:\Windows\{4192530D-D253-4d96-968F-9F69F2C91832}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4844
      • C:\Windows\{6B3E846A-85C1-42aa-B46F-8AB148818B2C}.exe
        C:\Windows\{6B3E846A-85C1-42aa-B46F-8AB148818B2C}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2840
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{6B3E8~1.EXE > nul
          4⤵
            PID:3708
          • C:\Windows\{22B1D5F4-CFA0-4719-ADF2-5575927FFB58}.exe
            C:\Windows\{22B1D5F4-CFA0-4719-ADF2-5575927FFB58}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1688
            • C:\Windows\{A5745D95-CFEB-46e7-968D-2763B9483438}.exe
              C:\Windows\{A5745D95-CFEB-46e7-968D-2763B9483438}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3612
              • C:\Windows\{56DFB298-214B-4247-BA1C-F2A9BEED9D1F}.exe
                C:\Windows\{56DFB298-214B-4247-BA1C-F2A9BEED9D1F}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3240
                • C:\Windows\{C49D3EDF-CBD8-47ba-B32D-A0AC121A9336}.exe
                  C:\Windows\{C49D3EDF-CBD8-47ba-B32D-A0AC121A9336}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4052
                  • C:\Windows\{47D18A3E-051C-46dd-BC16-2A668DF72225}.exe
                    C:\Windows\{47D18A3E-051C-46dd-BC16-2A668DF72225}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4984
                    • C:\Windows\{B5774F19-429B-429b-AA82-57B7B87025A2}.exe
                      C:\Windows\{B5774F19-429B-429b-AA82-57B7B87025A2}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2764
                      • C:\Windows\{61D1CBEB-8C31-4066-A15D-2C033BD10292}.exe
                        C:\Windows\{61D1CBEB-8C31-4066-A15D-2C033BD10292}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:1480
                        • C:\Windows\{AA402405-781A-4fb3-87C9-834E87B46296}.exe
                          C:\Windows\{AA402405-781A-4fb3-87C9-834E87B46296}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:4640
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{AA402~1.EXE > nul
                            12⤵
                              PID:5052
                            • C:\Windows\{52C9F9EC-3423-44fe-A3C0-F8DB5EF236E8}.exe
                              C:\Windows\{52C9F9EC-3423-44fe-A3C0-F8DB5EF236E8}.exe
                              12⤵
                              • Modifies Installed Components in the registry
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious use of AdjustPrivilegeToken
                              PID:384
                              • C:\Windows\{21D6DFC1-F812-42a1-8330-52785694CDAA}.exe
                                C:\Windows\{21D6DFC1-F812-42a1-8330-52785694CDAA}.exe
                                13⤵
                                • Executes dropped EXE
                                PID:4316
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{52C9F~1.EXE > nul
                                13⤵
                                  PID:3196
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{61D1C~1.EXE > nul
                              11⤵
                                PID:364
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{B5774~1.EXE > nul
                              10⤵
                                PID:3360
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{47D18~1.EXE > nul
                              9⤵
                                PID:4020
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C49D3~1.EXE > nul
                              8⤵
                                PID:804
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{56DFB~1.EXE > nul
                              7⤵
                                PID:4888
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{A5745~1.EXE > nul
                              6⤵
                                PID:1620
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{22B1D~1.EXE > nul
                              5⤵
                                PID:3304
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{41925~1.EXE > nul
                            3⤵
                              PID:2164
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2844

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{21D6DFC1-F812-42a1-8330-52785694CDAA}.exe
                            Filesize

                            168KB

                            MD5

                            4078b13ef036d8bcf72d74e00afa531b

                            SHA1

                            0853f877263059222066e6ca7bbd63917a2c3249

                            SHA256

                            23ebfb05ff98bdd001674bdc289ab5d2b62b256d544cce95d84c86f65a46eb69

                            SHA512

                            0369428b9dee53808b72f9344f35b24d40fdff18db1850e7fe44669bac211368e35a8877e7a7d0cd633da44a00d2028578e5113dcace660770f5b2a62921fbae

                            Download Submit

                          • C:\Windows\{22B1D5F4-CFA0-4719-ADF2-5575927FFB58}.exe
                            Filesize

                            168KB

                            MD5

                            fdc5433cea3069244d04b9f085e70451

                            SHA1

                            8c5dba1f7b5ac0d72101e9febd6997e7aee98339

                            SHA256

                            946407f448c9dee791930f9edd13141f60c541b2ead906519f805dad7b8055f0

                            SHA512

                            7ad989ad9799a801d0cc5e8a61b16e9f593bb474c3d1dba944526ef5bbb292f699583bbbf19a85913dfcade79dd903c01746a9cc391d066696cf76a9ecb1fd1b

                            Download Submit

                          • C:\Windows\{4192530D-D253-4d96-968F-9F69F2C91832}.exe
                            Filesize

                            168KB

                            MD5

                            3cd143f4ca2091fa5dcb991bd2cd4ac7

                            SHA1

                            706036c2673ac86bd6aa8aaf8ec504ac1f629367

                            SHA256

                            9af6887da5b24d1de1575fc387a43394ff9e537fe8bdb4fe7789e21301345e5a

                            SHA512

                            92089a5de8e6a74a67d6be12c7899dc90054774a37290c690d262654027cfac1bb7d4a1061f153d4f42ab34f7ee4cc2c2a29057a3488e6d89d303855940bfcf0

                            Download Submit

                          • C:\Windows\{47D18A3E-051C-46dd-BC16-2A668DF72225}.exe
                            Filesize

                            168KB

                            MD5

                            c6d49df7ddf35b907a0ad46e75c62fbc

                            SHA1

                            861fe3d5419215521aa924564f1eab32f10470d3

                            SHA256

                            60f20eec5d5bbb31b0bf518c12057ceb4e6fc05ec423bf4103fecc36a360884f

                            SHA512

                            022ebe0789ae686dcc86aabd787e0872005b48b23085b3e00b47879ae494e359924f5a704cf76371684e5a8df456a8718403e830dcf8ea0eb4a11e368b4ed29c

                            Download Submit

                          • C:\Windows\{52C9F9EC-3423-44fe-A3C0-F8DB5EF236E8}.exe
                            Filesize

                            168KB

                            MD5

                            0d94e9bee6d4a0af96a985d30d28fd65

                            SHA1

                            a58635287e98c09f4f249366767ce1186e29cdc2

                            SHA256

                            9a0fa3957ea2c4e8a412d3a5835a3aff2e40954e193bda4f4d5f6f3072522ca8

                            SHA512

                            c93801ef6fb5cdd818fcb12918f6bd52196b81c3241f275ec42184ea04ce875eeec59c589fbf00dec81e23b1dcc40fa1774c4440db62f58b0dd5b745d6c854cd

                            Download Submit

                          • C:\Windows\{56DFB298-214B-4247-BA1C-F2A9BEED9D1F}.exe
                            Filesize

                            168KB

                            MD5

                            d38afc7935ab9996b04654d82bc77d65

                            SHA1

                            45964a84f9d845cb200282b589bc61a92cbf3e23

                            SHA256

                            32f48c3cf9dd4d94540c35f7dd061e24b3ab65a4b581434e09c8a37eddc87688

                            SHA512

                            fa4d29fac7dba4a1566391a85c7ca43cf579bef5298d8e2e8322ccfeaf6a0b56667477a400f205a9c547fbcbdcd7a86df2e29ca0e129db5413e038e5c0674814

                            Download Submit

                          • C:\Windows\{61D1CBEB-8C31-4066-A15D-2C033BD10292}.exe
                            Filesize

                            168KB

                            MD5

                            aa6de4ce0e162b506be7a48226e95f5e

                            SHA1

                            1ac5960afe3feca418e04d340718032dffb09a81

                            SHA256

                            ce932c72361e867b06b7c2f7f06e55b0c3ed50f4ad0c62d5ea3ef7b6fad935fb

                            SHA512

                            4dd19f1a1420373028bab620d7c9cf9bb2335e7f42718d45c6edeff1005638566fc7d8abcee8bdd54ebef466ea025557782d0ce89119922c9545ae97790ff64d

                            Download Submit

                          • C:\Windows\{6B3E846A-85C1-42aa-B46F-8AB148818B2C}.exe
                            Filesize

                            168KB

                            MD5

                            24b677733342735b27ac22e36760d8ec

                            SHA1

                            72db859d5aee297080122868c56580f61733cf21

                            SHA256

                            add65564f70c94d15de6299c854a9367d280fcd8870e13608a4cd1d8d59869b4

                            SHA512

                            bd435cea8898b7ffbb202da5ba9f22e178c193140054f841ef2770a9c58e2307e33c56520a28a6962122af6762b1a74fa3363df99b60ee39765a46ad2861334b

                            Download Submit

                          • C:\Windows\{A5745D95-CFEB-46e7-968D-2763B9483438}.exe
                            Filesize

                            168KB

                            MD5

                            6a26b9b2b7887968b2a6a2fd88542760

                            SHA1

                            93f33eabd698d1dd174c5e7ae4fcc8ddc4dd1568

                            SHA256

                            24e88dd5b8cc2f27bd0940dbaf55163ddff2f8771ac9697057e078caefd716a0

                            SHA512

                            8a8ccd4473cc2f74ae83c3ea323d520fb4cf830a218b7514ba282e656ec1362b796800aa7bb10b7d6d5fd4ae1e3624fd85a6363c2e9eeaa0f184b3e02080e1e6

                            Download Submit

                          • C:\Windows\{AA402405-781A-4fb3-87C9-834E87B46296}.exe
                            Filesize

                            168KB

                            MD5

                            8bb0b691ff1b3463692525d47eb76f9e

                            SHA1

                            1edd058cc6d36ad35384f128ecf036facb85a396

                            SHA256

                            7305354b3f4871e02c1472f113c9c276874e93f64a9196a1ad48c53274539a4b

                            SHA512

                            6177f712d0622599dd3d8827c2a1c848bb593a8350f49172bab325f7e91bdfcea2d88dc74c7d34c2945b91db080557f7a6fc112b27c239680a8214b4aaa36f78

                            Download Submit

                          • C:\Windows\{B5774F19-429B-429b-AA82-57B7B87025A2}.exe
                            Filesize

                            168KB

                            MD5

                            1ab4dca89b8c99962a2eeb631119fd2f

                            SHA1

                            a2981e5fb7d7c6b0dce4922339e7957e665bbc17

                            SHA256

                            4f6688f94d16b2ad0c9eeb20642c1fe3cc2443157a5e35f34fce12f4f2e75ce0

                            SHA512

                            da99017719082b44ae6ec9e2226365eab7f2b74527104e4cb408ceaf6154a9b150bfc13a04b4dbc398ef1c0e90aafec7020a269504321748ba15c0b6d12c5023

                            Download Submit

                          • C:\Windows\{C49D3EDF-CBD8-47ba-B32D-A0AC121A9336}.exe
                            Filesize

                            168KB

                            MD5

                            cdc03a3a9ec2823459842458bfeba09b

                            SHA1

                            5927b09c0ce0c3b3a8adbf1b4287d06ec68cde6a

                            SHA256

                            1ae8c0343edb9a2ef4fed9e71245794e17b2401ccc93cb38b5955c2032dc8bf4

                            SHA512

                            7c0f79d87a5f3d89e8959fcd2c7e59ba06d79accc21c645124aa90b23de3dc09f2041e03d159eceb3bf53a50097c14987128c0090df6b509a5ce6c530e4e281e

                            Download Submit