Overview

overview

10

Static

static

10

2024-02-11...ye.exe

windows7-x64

9

2024-02-11...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11-02-2024 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-11_8d258646807568a133177ae894ec4019_goldeneye.exe

  • Size

    197KB

  • MD5

    8d258646807568a133177ae894ec4019

  • SHA1

    92e35ae009764fc31fc44d6de546dfde293d3d57

  • SHA256

    5be47f6cfa23c963c5c5b95cf30bf4d5822fa55df5b629858e6b0b681c0b2c6f

  • SHA512

    01be30b5536ed9ab5c331871e0b9fec9c0daab8b4e23ab5d3bc33df9cb76bdd0da37cfa98af61d23b429efa6174a803a9612a1aa8c2d908a13e9e377a8be4333

  • SSDEEP

    3072:jEGh0oel+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGklEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-11_8d258646807568a133177ae894ec4019_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-11_8d258646807568a133177ae894ec4019_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\{23CC631B-C5ED-4a42-AE5F-0E0BDECB90F1}.exe
      C:\Windows\{23CC631B-C5ED-4a42-AE5F-0E0BDECB90F1}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Windows\{76F342E3-58CE-43ea-9D9C-0BDB37E04CE0}.exe
        C:\Windows\{76F342E3-58CE-43ea-9D9C-0BDB37E04CE0}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2676
        • C:\Windows\{FCC9FA82-5A9C-42fd-9867-13746C69C06A}.exe
          C:\Windows\{FCC9FA82-5A9C-42fd-9867-13746C69C06A}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c del C:\Windows\{FCC9F~1.EXE > nul
            5⤵
              PID:1004
            • C:\Windows\{975D4E6C-F4DD-4231-958A-B0CF57732DC9}.exe
              C:\Windows\{975D4E6C-F4DD-4231-958A-B0CF57732DC9}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2432
              • C:\Windows\{E85154D8-83AA-4a32-A887-7B72A5F67FF6}.exe
                C:\Windows\{E85154D8-83AA-4a32-A887-7B72A5F67FF6}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:344
                • C:\Windows\{18D8C5DD-2815-4242-9BF3-362CE0B52990}.exe
                  C:\Windows\{18D8C5DD-2815-4242-9BF3-362CE0B52990}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2112
                  • C:\Windows\{D2B16E38-1605-48c2-A8AC-1E066AB0D3A3}.exe
                    C:\Windows\{D2B16E38-1605-48c2-A8AC-1E066AB0D3A3}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1508
                    • C:\Windows\{C7565BE8-DA59-42bc-ADC8-0EA1858FCE7E}.exe
                      C:\Windows\{C7565BE8-DA59-42bc-ADC8-0EA1858FCE7E}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1252
                      • C:\Windows\{EB9844BF-5C2C-4bd0-876D-D28AF1C3E0C0}.exe
                        C:\Windows\{EB9844BF-5C2C-4bd0-876D-D28AF1C3E0C0}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1340
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{EB984~1.EXE > nul
                          11⤵
                            PID:3020
                          • C:\Windows\{F4655EA5-7ED7-421c-BAFB-4FD70E903CED}.exe
                            C:\Windows\{F4655EA5-7ED7-421c-BAFB-4FD70E903CED}.exe
                            11⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1900
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{F4655~1.EXE > nul
                              12⤵
                                PID:3004
                              • C:\Windows\{B6AD6CB1-1F06-479a-8680-65BB9FBBCF6D}.exe
                                C:\Windows\{B6AD6CB1-1F06-479a-8680-65BB9FBBCF6D}.exe
                                12⤵
                                • Modifies Installed Components in the registry
                                • Executes dropped EXE
                                • Drops file in Windows directory
                                • Suspicious use of AdjustPrivilegeToken
                                PID:1100
                                • C:\Windows\{0E48038C-CE25-4594-8B72-F5AE1DC9031F}.exe
                                  C:\Windows\{0E48038C-CE25-4594-8B72-F5AE1DC9031F}.exe
                                  13⤵
                                  • Executes dropped EXE
                                  PID:2396
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{B6AD6~1.EXE > nul
                                  13⤵
                                    PID:1936
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C7565~1.EXE > nul
                              10⤵
                                PID:1248
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{D2B16~1.EXE > nul
                              9⤵
                                PID:2928
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{18D8C~1.EXE > nul
                              8⤵
                                PID:2880
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{E8515~1.EXE > nul
                              7⤵
                                PID:2544
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{975D4~1.EXE > nul
                              6⤵
                                PID:2868
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{76F34~1.EXE > nul
                            4⤵
                              PID:2576
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{23CC6~1.EXE > nul
                            3⤵
                              PID:2944
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                            • Deletes itself
                            PID:1112

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{0E48038C-CE25-4594-8B72-F5AE1DC9031F}.exe
                          Filesize

                          197KB

                          MD5

                          a4f33843f819b019a64e05ff9b6a3108

                          SHA1

                          f44a70c8640fd5f271ba35ca9509bc7458395c30

                          SHA256

                          bb2e88ff23a326de99ebdbf0cfb64e486f12a32089e04b371bc3be6a2d9a0a30

                          SHA512

                          3b3897ee151a880241e8ac56f6273ed77d47d8b7be9eccf8672741f2bc90f7a6e52f75fd235c8014d8f5e88bfcf940aed503fd7f82a460280e68255e89b74a48

                          Download Submit

                        • C:\Windows\{18D8C5DD-2815-4242-9BF3-362CE0B52990}.exe
                          Filesize

                          197KB

                          MD5

                          e0182a1797256ac617fbde0bb67c02e0

                          SHA1

                          cced296b7db01930e38d33a285d3d81c61df421b

                          SHA256

                          e0e621661824190a30f2be374ed96c2c265b7c3a60ea1c2fd305d89ea1f81199

                          SHA512

                          1a2157321fec3a2263bbe79d0816d539638fef9df4a4f810ccbdfa32e78dae661abcac0575ad89d9f0a4a2057ec15d137cc9ae1bbb78c15ae98b8a2909155b38

                          Download Submit

                        • C:\Windows\{23CC631B-C5ED-4a42-AE5F-0E0BDECB90F1}.exe
                          Filesize

                          197KB

                          MD5

                          baf4a9d832fccd24d2ceb00fedcb821a

                          SHA1

                          9215326eee683fe518bff6f3aa1e1fab3c905576

                          SHA256

                          4ad96242d8bcfb785f6c5badf8cbf5758bf82f10d2574a9cf53c5790e4be13eb

                          SHA512

                          93d662ed9f1d4e160cb0c7b8a5ea6714679d8631784a0ade355d39ec00359b4b8a29edc5961cf99dccb1a8dc92ee0b86ee03afe98d86252d892cb6617eb76a75

                          Download Submit

                        • C:\Windows\{76F342E3-58CE-43ea-9D9C-0BDB37E04CE0}.exe
                          Filesize

                          197KB

                          MD5

                          d17ed5ff0fa4696fafc5ca09ec22a663

                          SHA1

                          2ab8de6d810f49a035fb8b06a27a513f21362a39

                          SHA256

                          5ce6c4929aa2b189187c6cb0a031efe8e2f800a33e206f218a8b96ea7c3c1918

                          SHA512

                          feba23029667f63c7dc0203116ff3e836ceb6115d609e0e212143b2e45ad756e7cee88b28fa17f9cfebc050973d63b1bfc5a26ab409e5865e3ebb28b72914c2e

                          Download Submit

                        • C:\Windows\{975D4E6C-F4DD-4231-958A-B0CF57732DC9}.exe
                          Filesize

                          197KB

                          MD5

                          0d5a7076e0df43ac0611fbf154b7b627

                          SHA1

                          7ac861bc3a9c0e8bf31da72b6d47a0bff670eef4

                          SHA256

                          9cb2a68480e9abab050a827a6e11e92331e4b8ed0ca995cfe97c46abf3f5d2eb

                          SHA512

                          4b963135ee5855c8f047b8702d6b9bb7876a96405f590cf64ac8be8208428a25173da48bd970ddfa1fd073e17652b4b8660ec574ab1a68fa0a29882092442791

                          Download Submit

                        • C:\Windows\{B6AD6CB1-1F06-479a-8680-65BB9FBBCF6D}.exe
                          Filesize

                          197KB

                          MD5

                          82896e2c890867c9b083a27a2e752071

                          SHA1

                          b8c8a4fca20c4fae491b46ec4720ee2516991d53

                          SHA256

                          a7f5b113ef0d47058dec42ab9d801aaa8dd670a5c3b7a92568e368f13d1e5e56

                          SHA512

                          b1da11cc11f5e487748c3604629394c541512c6092cfb8293ed2f13f67f6434e134d9e1277e095b86b3f60879036ffc79fc2450278d4b0436e88e9c4700d8563

                          Download Submit

                        • C:\Windows\{C7565BE8-DA59-42bc-ADC8-0EA1858FCE7E}.exe
                          Filesize

                          197KB

                          MD5

                          713eeca874657c17dca93da6f0da7243

                          SHA1

                          36f6328c2565141f344e1e910102c5f1bd8aab40

                          SHA256

                          c17370c941092f8cc841cd9385e99eb11aafd99c157de51f407ebcaf38a8e545

                          SHA512

                          969f42400689ecf3c5d966014f17feccb5588d8bc019dc1d64f14210aee890d686317acf3308df479c67e2db3f763dff813402f8e067cd4f19d1693053f2136a

                          Download Submit

                        • C:\Windows\{D2B16E38-1605-48c2-A8AC-1E066AB0D3A3}.exe
                          Filesize

                          197KB

                          MD5

                          6d5ad62d1bd4964e012502bd19b2f959

                          SHA1

                          f14d1bb32ba468595e5c5c6452afe0a2d4d5f32b

                          SHA256

                          98e6f90fba20e8c91cb4af025bea234395f00334a978b1a5fd603312e6393ce8

                          SHA512

                          84e98b73ed6fff288e0ea2b51c9ca0a83cc07e661113f32eec3369183b2f561cb80b4feb483afaebb8758137e57e10a4b7a2df75c0a2dc18d18d58de492f7a43

                          Download Submit

                        • C:\Windows\{E85154D8-83AA-4a32-A887-7B72A5F67FF6}.exe
                          Filesize

                          197KB

                          MD5

                          a235041625bcc0cc55ba5e4cbf7c7d4e

                          SHA1

                          42b6c989394282003d7753ba0343476c4e5863c2

                          SHA256

                          c9fc6a9c2862d985b2b6977f71da62b69ca7a47c031dc640696cece1452b22d2

                          SHA512

                          b4d85e6c728753a4cf6c1e163a4322ba3c0a048d4df4f99c0cc9a9d06a352630c58407e86cbfe91d3baf467a6044d2cfd03d092674ae51adbd17e5e61940ec44

                          Download Submit

                        • C:\Windows\{EB9844BF-5C2C-4bd0-876D-D28AF1C3E0C0}.exe
                          Filesize

                          197KB

                          MD5

                          dafbf55c7acbf774c720b29d6ad87f13

                          SHA1

                          6052ba9eb2b231331461be4bec9f65883eedf926

                          SHA256

                          50145626052db1eba0a452b1364cbafbf7f71cc86b9c6b8b4a6b2b7e813be2f0

                          SHA512

                          e618bbebc57d2507f01be836f7ef03018283298b4042d11b08cfa2c57913bdb47544b7ea2146b5924c69bfb375319ab14dcb2b0d3f2f054fbda2b4dd5ae89d39

                          Download Submit

                        • C:\Windows\{F4655EA5-7ED7-421c-BAFB-4FD70E903CED}.exe
                          Filesize

                          197KB

                          MD5

                          b4a7bcae74c60bba41d8d1be60624e33

                          SHA1

                          505150e753ebc358e5f6354b7a8a662bc7a135b5

                          SHA256

                          ada112ed3e839474f522b7261a3b92b1dfa0be4b7c46709a4ad1c3a77b54468a

                          SHA512

                          5e83fb6efc7b5f105e976ee6170eaa71a3c29d6511b62d8ada78cc758ef6acf088d2ef540e9b881996c7bc21971a17709ea9712bb867ae1104b9adc04d3b0c85

                          Download Submit

                        • C:\Windows\{FCC9FA82-5A9C-42fd-9867-13746C69C06A}.exe
                          Filesize

                          197KB

                          MD5

                          1f806559a200cc7d9b331f4b2dbf3015

                          SHA1

                          7b274fc1ef2b546c7138396bb4fbc8dcb9f0ca20

                          SHA256

                          a40ad3634ebb0c62b57b567c9e48bb492de029c971dc9e2f82fb26a86d2d4ae1

                          SHA512

                          516d60572d8471e3ec7a97b5e89933a34c2dda4a2646f0072403245506125d225a234c5e3532ca4940437d99d06cbb732d7310c9ac3dcb3c5fbf3577bad1d0f3

                          Download Submit