Overview

overview

10

Static

static

10

2024-02-12...ye.exe

windows7-x64

9

2024-02-12...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_0cfc053482265145ccc497d63bc3d217_goldeneye.exe

  • Size

    168KB

  • MD5

    0cfc053482265145ccc497d63bc3d217

  • SHA1

    4230d085a71cd170ae725548283f1e778a53ff42

  • SHA256

    a59518656442a30a6c8a2caeac983733149b011aeaad8c916e659047c7c2615c

  • SHA512

    ccd9c4d53f82ecdba5d292117b2a0e509aa6f2f24695885b908a7c95fb468ce86ee4cd6b7389a68d4a15cd28f23ea0cea21a9e45fb661342276aaf8972f4df44

  • SSDEEP

    1536:1EGh0oElq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oElqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_0cfc053482265145ccc497d63bc3d217_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_0cfc053482265145ccc497d63bc3d217_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\{E00E2301-4735-4107-B5C3-78221E61FA70}.exe
      C:\Windows\{E00E2301-4735-4107-B5C3-78221E61FA70}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1092
      • C:\Windows\{2C5D8AEE-02FE-4f28-A631-27476FB5124C}.exe
        C:\Windows\{2C5D8AEE-02FE-4f28-A631-27476FB5124C}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2776
        • C:\Windows\{7D8AC215-C856-4a7d-8F65-51E6716254C2}.exe
          C:\Windows\{7D8AC215-C856-4a7d-8F65-51E6716254C2}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2812
          • C:\Windows\{8ABE43E1-A5F2-4540-BF65-563CE39A653D}.exe
            C:\Windows\{8ABE43E1-A5F2-4540-BF65-563CE39A653D}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2840
            • C:\Windows\{C0125FFC-E2C4-4cf3-B920-2D0306721BCA}.exe
              C:\Windows\{C0125FFC-E2C4-4cf3-B920-2D0306721BCA}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3044
              • C:\Windows\{7831CC66-24FD-4ad7-81C5-E8B64AC26C35}.exe
                C:\Windows\{7831CC66-24FD-4ad7-81C5-E8B64AC26C35}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1568
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{7831C~1.EXE > nul
                  8⤵
                    PID:1036
                  • C:\Windows\{43704DAE-7A53-46c4-9BE7-278C72D0A9AD}.exe
                    C:\Windows\{43704DAE-7A53-46c4-9BE7-278C72D0A9AD}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1536
                    • C:\Windows\{26E0398F-D6A2-499b-B806-30C236A66101}.exe
                      C:\Windows\{26E0398F-D6A2-499b-B806-30C236A66101}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2652
                      • C:\Windows\{AA514BAC-8E44-42da-AF43-39642A3737EC}.exe
                        C:\Windows\{AA514BAC-8E44-42da-AF43-39642A3737EC}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2932
                        • C:\Windows\{480AB463-CA5F-4588-84AD-71C141F33D7F}.exe
                          C:\Windows\{480AB463-CA5F-4588-84AD-71C141F33D7F}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1984
                          • C:\Windows\{F4D3023F-EDF2-4436-9C87-9D1127626D62}.exe
                            C:\Windows\{F4D3023F-EDF2-4436-9C87-9D1127626D62}.exe
                            12⤵
                            • Executes dropped EXE
                            PID:1168
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{480AB~1.EXE > nul
                            12⤵
                              PID:592
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{AA514~1.EXE > nul
                            11⤵
                              PID:2624
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{26E03~1.EXE > nul
                            10⤵
                              PID:2900
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{43704~1.EXE > nul
                            9⤵
                              PID:1312
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C0125~1.EXE > nul
                          7⤵
                            PID:1320
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8ABE4~1.EXE > nul
                          6⤵
                            PID:3052
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7D8AC~1.EXE > nul
                          5⤵
                            PID:2580
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2C5D8~1.EXE > nul
                          4⤵
                            PID:2736
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E00E2~1.EXE > nul
                          3⤵
                            PID:1708
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:2192

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{26E0398F-D6A2-499b-B806-30C236A66101}.exe
                          Filesize

                          168KB

                          MD5

                          dbfd47be7258b8c74e606acb39b02ef0

                          SHA1

                          6f886ebf5371f50bb7374ed09d509d481ebd056d

                          SHA256

                          90e9f3708361074fa9ff2d5b4455dc833779c441d994e5afd5c8335f5d03acfc

                          SHA512

                          a2bbad4594fe6ef29b6ae39250fc06fc641cd49a4c692576b0b8d68da13c3f26424d364d0734fbcf08f048ef229c8c58e514437cc1e3bb7252bbb84b93f2290e

                          Download Submit

                        • C:\Windows\{2C5D8AEE-02FE-4f28-A631-27476FB5124C}.exe
                          Filesize

                          168KB

                          MD5

                          1b702a969760d35570a8c9eb956b8025

                          SHA1

                          8e512aa1ad2e8eaab475ae1799a3c2e4d9fc98ce

                          SHA256

                          183bfc233334f90681dd02eb510192f5655167c9237e150c82c81276dbd0ab49

                          SHA512

                          125440e0b29ae03f4c10c8dd7457b5e7db2635d1b8ae64e7306ccedd505b20a36ddb867c7c322415fa0b8b8eaa9b840b0e33387e2e7b02f31ecf562d4151289b

                          Download Submit

                        • C:\Windows\{43704DAE-7A53-46c4-9BE7-278C72D0A9AD}.exe
                          Filesize

                          168KB

                          MD5

                          132caf6b90cadc4a9aac3d47aa8e514e

                          SHA1

                          f4f36dc12447f143a456ab2ba1c0ba52257f35d5

                          SHA256

                          f6212551bede80faf9aebb37ad64f2ede1131bec593e25e1c122181f066e8fda

                          SHA512

                          5ab787e603f110f33831eaaba20b7580a09ec2f031116e7fd0e8dfbe8eeca1d1e659016fe863fa24b5839ee30ca7df570db6b9d9636430e33340c8ab65ee0fe2

                          Download Submit

                        • C:\Windows\{480AB463-CA5F-4588-84AD-71C141F33D7F}.exe
                          Filesize

                          168KB

                          MD5

                          f69df45cf7f10cad69da6be3161bde33

                          SHA1

                          85591d5c28a02c603edd7da93495405e760dd6e9

                          SHA256

                          bcc43615083ee928f9c17756f35ec81bd996e83cfeca2cf2b79a55fe60ab3f22

                          SHA512

                          76891ad1a871e7b2d2657f28e0e7fc1d213bdec678312687e3b6ef022cbd1341beefbcc7a5b916247aae7f331c27268cc9bffbb401d2f1f4ef1b42eb69a29224

                          Download Submit

                        • C:\Windows\{7831CC66-24FD-4ad7-81C5-E8B64AC26C35}.exe
                          Filesize

                          168KB

                          MD5

                          7a244e19b4e176e93843402013b94208

                          SHA1

                          e62dc7deba488ef4121bee3521dec5d1f37f87a8

                          SHA256

                          3df980304246d9e484c173cff2114a09a3ba19a3d7db42960a9e94f367d76bd9

                          SHA512

                          3468c00c8519b4d699d2a1756bb95e4df47fdeb039640add3b42169cb9b2584a85576f878e9dd54fc5046dcbf1cc37f8cc338a3ff9fcca9388c9b174e74473c7

                          Download Submit

                        • C:\Windows\{7D8AC215-C856-4a7d-8F65-51E6716254C2}.exe
                          Filesize

                          168KB

                          MD5

                          9fca320746900e6fc1de84c0ae58473e

                          SHA1

                          042ce1abd964694761d2b710bfae8a7e71550e24

                          SHA256

                          fe7fb5a86de863ffbeaf548160b7a39d352aff75f619ff77380e2f7ddca9266c

                          SHA512

                          867e206ef81d2ee9dc2b6f30b9ed66d210fab14802bbb8faf236a7abb848e9efc25075f9c5298cbc23812b4c17e3b20e7a8ab003d7e0dfb093e3002e1615b89f

                          Download Submit

                        • C:\Windows\{8ABE43E1-A5F2-4540-BF65-563CE39A653D}.exe
                          Filesize

                          168KB

                          MD5

                          51d7bb83b21392c0763ef3f2466f370d

                          SHA1

                          f96e3f58d52ea058713355df3b8e4a86ba4168b7

                          SHA256

                          5cbe3cbcb1c794cd18302dd0084820d28b8ce3b813f86f323dd241c59f1bfda0

                          SHA512

                          72964434f1b8aa77c1b268789c804b818620b46321226a6ee3ba878002c8056acbd5b6793f5bf6e721d65b217a10989f0c1636ca1e73c57dd4a4cf0c144c8864

                          Download Submit

                        • C:\Windows\{AA514BAC-8E44-42da-AF43-39642A3737EC}.exe
                          Filesize

                          168KB

                          MD5

                          74482338dc7f1bd1fd7d8ff55e0466e8

                          SHA1

                          12ad21ff6ff7439a18660504240d90456913fb75

                          SHA256

                          583b2b3aa72ee4510f888a261f9123165d0031e39359b4090e7fb5394918d8b6

                          SHA512

                          5b968777af523dad8cfc1b205628b33ecdf821ca3bcdf6aea73f5994f5c3e54eb8201598cd603b160827d30b451d5ba8114831f83eb686d88c94ddf3da633278

                          Download Submit

                        • C:\Windows\{C0125FFC-E2C4-4cf3-B920-2D0306721BCA}.exe
                          Filesize

                          168KB

                          MD5

                          d9d7f3c03918ad7ca29a9b26e86250b2

                          SHA1

                          c4839e05dd63d9552270b201b284bdc4c623ae12

                          SHA256

                          64cd6273cc8ab5f134eacb484e1957cf6f1aef05b09b4315b42876d4419255aa

                          SHA512

                          939437105ce60f5882183146efb87b04d7cce65f33fc4641256b03a97aac304975cb002e11210a658255d8416500baf6410e953a46528d9f22c430523de8dea4

                          Download Submit

                        • C:\Windows\{E00E2301-4735-4107-B5C3-78221E61FA70}.exe
                          Filesize

                          168KB

                          MD5

                          da9e7aa00d50c0bba84f51ad94e280dd

                          SHA1

                          46088af3b2930d17084aff23519307f07c8cbef0

                          SHA256

                          f05b0db3a680eb07ce248d8c798de37ccc595832531ab300c071ddccae806df3

                          SHA512

                          048e32413b8d08ad08f03f6bcee66a94ed2cf539c4df445c16dd797742904a404febbc5f67674387dceb14d82c0dae62b4871a8bf2f5e281a1eac2ac3a8de855

                          Download Submit

                        • C:\Windows\{F4D3023F-EDF2-4436-9C87-9D1127626D62}.exe
                          Filesize

                          168KB

                          MD5

                          8c031d3eb364dfda5b91ea8c19cf8eb3

                          SHA1

                          67a248741b92d5fe7ede607dd161e9e697b3e00e

                          SHA256

                          a6c53361d494a53c17fc7c1eb2a5b6aa6f6bce546b13a6a1fc9ce5b14ce4f2f6

                          SHA512

                          f8ce6a5e9e57a2e7cf686cbe4c464450dbcfafcf448b1502ccac3c74d289b7d0af0f3de098dde0b802302b575427e7a6c684122fb7b8d7527f89a46b0e884600

                          Download Submit