Overview

overview

10

Static

static

10

2024-02-12...ye.exe

windows7-x64

9

2024-02-12...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_9bd223db2855b3132105851b1eab8c6c_goldeneye.exe

  • Size

    180KB

  • MD5

    9bd223db2855b3132105851b1eab8c6c

  • SHA1

    bc9fba551d039a6c5b5b61aee62c34ee35c7fdb4

  • SHA256

    bf29b2f520b9fdbe5614450d4fb05da7fd54b8f0edccd8d80dc3d5f1bc787eef

  • SHA512

    54e6b019c2e0c08ab5f130bf95dc8fe9c1d4a9298d664fa1296575331a2fa9a34e381599de6c548840da9a99215bf45e8b786dd4ac419cbc3d726c134a3436cd

  • SSDEEP

    3072:jEGh0o0lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEG6l5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_9bd223db2855b3132105851b1eab8c6c_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_9bd223db2855b3132105851b1eab8c6c_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Windows\{E364790D-49C4-4807-B814-1592F002290A}.exe
      C:\Windows\{E364790D-49C4-4807-B814-1592F002290A}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Windows\{FC438743-566A-498c-8C72-3339D64D656F}.exe
        C:\Windows\{FC438743-566A-498c-8C72-3339D64D656F}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2760
        • C:\Windows\{DCD1923D-6446-41ad-BAE7-C500A3DBC5A9}.exe
          C:\Windows\{DCD1923D-6446-41ad-BAE7-C500A3DBC5A9}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2788
          • C:\Windows\{BF1D99D6-BE4D-47fd-B99D-D18C07F1D175}.exe
            C:\Windows\{BF1D99D6-BE4D-47fd-B99D-D18C07F1D175}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2128
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{BF1D9~1.EXE > nul
              6⤵
                PID:2784
              • C:\Windows\{FD710072-AD4F-41f7-9BF7-F80D0E85C7EF}.exe
                C:\Windows\{FD710072-AD4F-41f7-9BF7-F80D0E85C7EF}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2824
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c del C:\Windows\{FD710~1.EXE > nul
                  7⤵
                    PID:1992
                  • C:\Windows\{0E3CBA3F-7224-4692-AC71-37A8EB1E40B4}.exe
                    C:\Windows\{0E3CBA3F-7224-4692-AC71-37A8EB1E40B4}.exe
                    7⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2072
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c del C:\Windows\{0E3CB~1.EXE > nul
                      8⤵
                        PID:548
                      • C:\Windows\{4ABE6B66-D861-4052-9EC9-0E563903F940}.exe
                        C:\Windows\{4ABE6B66-D861-4052-9EC9-0E563903F940}.exe
                        8⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:2496
                        • C:\Windows\{B27C2678-3D65-4415-B6D8-2271AF3BB0F2}.exe
                          C:\Windows\{B27C2678-3D65-4415-B6D8-2271AF3BB0F2}.exe
                          9⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2804
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B27C2~1.EXE > nul
                            10⤵
                              PID:2440
                            • C:\Windows\{7B05688D-5BAF-43d0-978D-57DBAB4BB3B0}.exe
                              C:\Windows\{7B05688D-5BAF-43d0-978D-57DBAB4BB3B0}.exe
                              10⤵
                              • Modifies Installed Components in the registry
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2088
                              • C:\Windows\{D041CFF6-E10F-457d-A2B3-7F7047A4EF10}.exe
                                C:\Windows\{D041CFF6-E10F-457d-A2B3-7F7047A4EF10}.exe
                                11⤵
                                • Modifies Installed Components in the registry
                                • Executes dropped EXE
                                • Drops file in Windows directory
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2808
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{D041C~1.EXE > nul
                                  12⤵
                                    PID:1100
                                  • C:\Windows\{85D1B3AD-0CEE-4981-82F5-29C8D182A09D}.exe
                                    C:\Windows\{85D1B3AD-0CEE-4981-82F5-29C8D182A09D}.exe
                                    12⤵
                                    • Executes dropped EXE
                                    PID:1140
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{7B056~1.EXE > nul
                                  11⤵
                                    PID:2112
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{4ABE6~1.EXE > nul
                                9⤵
                                  PID:1736
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{DCD19~1.EXE > nul
                          5⤵
                            PID:1980
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FC438~1.EXE > nul
                          4⤵
                            PID:2196
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E3647~1.EXE > nul
                          3⤵
                            PID:3020
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:2468

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{0E3CBA3F-7224-4692-AC71-37A8EB1E40B4}.exe
                          Filesize

                          180KB

                          MD5

                          3ff592689db0acf6c46092e5ce8d773e

                          SHA1

                          e0c49056b7a7f7d2667c6adb3ff811302cd2a873

                          SHA256

                          f38d2d2366fec36cce0961af34cb17b06141b494d103ca6ca92843db3c7db03c

                          SHA512

                          008bf14eb88698e013c1efc702b4651a097fc65c41cb623888cd74d1cc4604336a2be50a33df27caff590688c976d82578ac6a33b9d36c9c6f4bd6594b943e66

                          Download Submit

                        • C:\Windows\{4ABE6B66-D861-4052-9EC9-0E563903F940}.exe
                          Filesize

                          180KB

                          MD5

                          b7dd3ec2b0449ea381e7345482628f42

                          SHA1

                          61d83a3bff658ac7d8ba863692f298771fffda96

                          SHA256

                          6c5cd05140305f66ebf091740726f92bb06d3b5588b6f84e1c70d2ff24b224b5

                          SHA512

                          da9275c37c69c0c5814dfeae37ae05f154cd97ef0598258bd333d590ca414f74b51726ebb1be52655a0a413445f10533708292c30dcb1adb6a05662f13aea3c4

                          Download Submit

                        • C:\Windows\{7B05688D-5BAF-43d0-978D-57DBAB4BB3B0}.exe
                          Filesize

                          180KB

                          MD5

                          35bd6cab45335ca29b27b7ee2c1cb212

                          SHA1

                          08a05ed0a85279cf9b1a8a3aa29b94278dc1d9c0

                          SHA256

                          dedc47f3c7f934700a315f51e369a08f44cdb0e93529da5b6f0ca1d8e555323e

                          SHA512

                          4d24612b177cc629adbfef2f63f69eddf8f04683167e79b266835c8e4dc6d51a97e4aaf1bebb1e9ce37b67709075e424378f09ce6265796e1aa54926f94f42b9

                          Download Submit

                        • C:\Windows\{85D1B3AD-0CEE-4981-82F5-29C8D182A09D}.exe
                          Filesize

                          180KB

                          MD5

                          37e8a1ded78e60ceecb108d90d66c05c

                          SHA1

                          612b73ff96bb7bf06298989a41914ef7862bf9a1

                          SHA256

                          30e8accbb3e6c35fb85b11e4014705232d6ebed8d68c5605bf3b91d7dba9c154

                          SHA512

                          0ee39e26e2adb75f0e2e30406df017719a6bb70acf2136c381c87458bf319cf7736e68c268271167607083b68422e9c918821a4a21c856a994c42890d42bfb64

                          Download Submit

                        • C:\Windows\{B27C2678-3D65-4415-B6D8-2271AF3BB0F2}.exe
                          Filesize

                          180KB

                          MD5

                          6e14648c787caaae9c6b8244e91e8cee

                          SHA1

                          ddf074ddd9f7cb727a6f5e149453b9a138a48f97

                          SHA256

                          c55367a7f70eccd471040a29600c160f52535261a2007372f35cede459e01124

                          SHA512

                          9cdc0848fbd14545c5c5cc977b18a6ef04d80447d1832508c4fe048ce769e1f0b9659b5f619ecc146a77c3cb582124e3faf3bbdbff4a85249244738ba5b62d17

                          Download Submit

                        • C:\Windows\{BF1D99D6-BE4D-47fd-B99D-D18C07F1D175}.exe
                          Filesize

                          180KB

                          MD5

                          03338e08ad31b248b46229e6e412e249

                          SHA1

                          e5e8e25cf8c453f6923406962f408979f2690972

                          SHA256

                          035524f8b7668d0c4797e9417dc68a481b0696f26ac24cdc1819755ec9de069e

                          SHA512

                          a81cff34682bf70574e50fdfd20ac22ce85370ae74f738fd33a74acccd41ccc5fea3c840257a30a457e1f124a9abb6e021e1ddb23f85d51c29d20f0155de1fca

                          Download Submit

                        • C:\Windows\{D041CFF6-E10F-457d-A2B3-7F7047A4EF10}.exe
                          Filesize

                          180KB

                          MD5

                          82a944f400f6b793acc31347af182fc7

                          SHA1

                          531b2e3eea0b03955ba287f3c5df48adf37fc878

                          SHA256

                          e39007bda10dfb9cc0a05a94bb6595a04b3683f0a4e1a902facc05740940e561

                          SHA512

                          5ae8bc75570c412923135e302110d42f3b738a660ee6be85ff9531c10d9ec6904e1dfd493ce2a01be68ce87f5c7ddb75635187e2409561c532671bb177ad46f8

                          Download Submit

                        • C:\Windows\{DCD1923D-6446-41ad-BAE7-C500A3DBC5A9}.exe
                          Filesize

                          180KB

                          MD5

                          6c004e4017549b1877d2bd97a99aba49

                          SHA1

                          ba503ccc4953ecb228a70f585ee56b8e7923a751

                          SHA256

                          f5a3363be1390cbf442b4cd8da2341f5965cdf25eb6a6440ad9be092fad93191

                          SHA512

                          0ad264b0cbd3091ae0de195d7877e0aa30509f6c9058c15b4ba2fc99fb99bf3468b61020b9698b943bdfff26d37f2b48676c911451bed20573a9e89fc6078c8d

                          Download Submit

                        • C:\Windows\{E364790D-49C4-4807-B814-1592F002290A}.exe
                          Filesize

                          180KB

                          MD5

                          2177e166ca9a9c2cf048d6758af7c0d4

                          SHA1

                          867bfed5a688a12626482d3aa517bf828a26a23c

                          SHA256

                          7179773354a524747de88e5354d56919feb7ab83d2144968773fd9f84a059732

                          SHA512

                          ec8e129d9333a0232ec5cfdfe0e686ed0d805c4d03f0b0b0ea3b0a36bf741f243f106d659c585c72b91f8a49a7287d4a9ac8ec5945abf0aaaa22ee449fafc22e

                          Download Submit

                        • C:\Windows\{FC438743-566A-498c-8C72-3339D64D656F}.exe
                          Filesize

                          180KB

                          MD5

                          6ce9668a6b5ccea16620266468ad2857

                          SHA1

                          4fe56cc5adb2e98e26ccf01dba54edcab4a54c17

                          SHA256

                          4317e8c98fd9c1245da49fc01f73a0f9ec8c17ab228cd79b24ac87d635d3a477

                          SHA512

                          365ee4ef2836a668e83ec77eca9de75d5b6c20d92de860284d5fc5da5d7dd976715acb6a8f7f57212ae8d391c503fa661a92925d0a4543c308ccc1d4dd709d7e

                          Download Submit

                        • C:\Windows\{FD710072-AD4F-41f7-9BF7-F80D0E85C7EF}.exe
                          Filesize

                          180KB

                          MD5

                          be36fa99dfd0f4cbb1fccfa70b4cea81

                          SHA1

                          02d094e22a5acd9a63fe1b45a879ea8ca96fa990

                          SHA256

                          f44302b6c54ac3eb924fddb64aab1b65a6f888993aa6a8c409b30d74d22c35d3

                          SHA512

                          2c41eb09aa7adfac8f6005a968d977bcb681e510987303d4522aa03457321ca0bd7989397dafd6edbc53174443ba1c6f1d22b6840d03dc1da7a9432b64257ecf

                          Download Submit