Overview

overview

10

Static

static

10

2024-02-18...ye.exe

windows7-x64

9

2024-02-18...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/02/2024, 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-18_d26d049c40afc42fcc6bd7dda92f957c_goldeneye.exe

  • Size

    168KB

  • MD5

    d26d049c40afc42fcc6bd7dda92f957c

  • SHA1

    a020778e503db58c4678a603bf7513f1da7333d2

  • SHA256

    e7b34d163469cf177e9327ec822e05ad0d061d16c8d26550ec795204f7ec3b2b

  • SHA512

    1ae3e83191dfec5e2be320e4e95b5221f085b3ec40102cca955217f39d4099841d656535013c05253f9bad0729c171a98144275add4d4b6e155565cbeaa36b84

  • SSDEEP

    1536:1EGh0o1lq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0o1lqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-18_d26d049c40afc42fcc6bd7dda92f957c_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-18_d26d049c40afc42fcc6bd7dda92f957c_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:444
    • C:\Windows\{B8828316-05C4-4e6b-8BCA-2B38A6A8A5D0}.exe
      C:\Windows\{B8828316-05C4-4e6b-8BCA-2B38A6A8A5D0}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Windows\{01A99EA4-8397-4bd0-9CED-D078F32CAE8A}.exe
        C:\Windows\{01A99EA4-8397-4bd0-9CED-D078F32CAE8A}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1696
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{01A99~1.EXE > nul
          4⤵
            PID:2408
          • C:\Windows\{8D5F687C-A6D9-4e36-B9B3-57155B478C29}.exe
            C:\Windows\{8D5F687C-A6D9-4e36-B9B3-57155B478C29}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4816
            • C:\Windows\{9257C844-EA30-4e93-A977-E3E3EA372771}.exe
              C:\Windows\{9257C844-EA30-4e93-A977-E3E3EA372771}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1588
              • C:\Windows\{038B23F0-4D85-46c9-8E9C-9B3AFC31FFAC}.exe
                C:\Windows\{038B23F0-4D85-46c9-8E9C-9B3AFC31FFAC}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3664
                • C:\Windows\{AEEE8CE9-FC90-43c6-8996-C52DEA390D00}.exe
                  C:\Windows\{AEEE8CE9-FC90-43c6-8996-C52DEA390D00}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2328
                  • C:\Windows\{62255D5A-9126-4e88-8D75-C3C045328E5D}.exe
                    C:\Windows\{62255D5A-9126-4e88-8D75-C3C045328E5D}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2468
                    • C:\Windows\{D72E8A33-EB8B-469d-88D0-6FD3468F63F1}.exe
                      C:\Windows\{D72E8A33-EB8B-469d-88D0-6FD3468F63F1}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4060
                      • C:\Windows\{16D0ABFA-3DB8-4844-B088-7F2EE3965808}.exe
                        C:\Windows\{16D0ABFA-3DB8-4844-B088-7F2EE3965808}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        PID:3116
                        • C:\Windows\{B0CC04C8-977E-4fe2-B2BA-AF56D5521E70}.exe
                          C:\Windows\{B0CC04C8-977E-4fe2-B2BA-AF56D5521E70}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:3208
                          • C:\Windows\{660C0E99-5945-4739-AB5F-07D0E911EEDA}.exe
                            C:\Windows\{660C0E99-5945-4739-AB5F-07D0E911EEDA}.exe
                            12⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:4656
                            • C:\Windows\{9DC9C102-B511-4395-9204-4D7D52431F7F}.exe
                              C:\Windows\{9DC9C102-B511-4395-9204-4D7D52431F7F}.exe
                              13⤵
                              • Executes dropped EXE
                              PID:5072
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{660C0~1.EXE > nul
                              13⤵
                                PID:2144
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{B0CC0~1.EXE > nul
                              12⤵
                                PID:4812
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{16D0A~1.EXE > nul
                              11⤵
                                PID:1972
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{D72E8~1.EXE > nul
                              10⤵
                                PID:4400
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{62255~1.EXE > nul
                              9⤵
                                PID:1472
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{AEEE8~1.EXE > nul
                              8⤵
                                PID:3908
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{038B2~1.EXE > nul
                              7⤵
                                PID:3640
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{9257C~1.EXE > nul
                              6⤵
                                PID:1520
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{8D5F6~1.EXE > nul
                              5⤵
                                PID:2428
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B8828~1.EXE > nul
                            3⤵
                              PID:5036
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:3616

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{01A99EA4-8397-4bd0-9CED-D078F32CAE8A}.exe
                            Filesize

                            168KB

                            MD5

                            8aeacc238f80fc6a7334bbc2f3657406

                            SHA1

                            84985eebb6c4d6f3719cdf44ac6813cb2dcd4aa9

                            SHA256

                            57c1ae1456313318ac2dfc91cb3e50335b7c1879a6afb07709ec78d86b9e2859

                            SHA512

                            69e02c17f693bc33fc691ed36ad3151572549ed5a91ce87b7333e5060a41bd4ffd08d08d883ec2213d8370ce08b8204f0b453a54a5a7fb5fab5ed637a80042d9

                            Download Submit

                          • C:\Windows\{038B23F0-4D85-46c9-8E9C-9B3AFC31FFAC}.exe
                            Filesize

                            168KB

                            MD5

                            661cff4fe82e292e23a8a35e26e209d0

                            SHA1

                            3118eb0e52004beb9381d81c78e2021070c427f1

                            SHA256

                            8b7d3e21f07588889257da799e41cdf8d1400082728f1f1059b1ac60ac9c926b

                            SHA512

                            8cc2b2b966fcf2b18ec42b1caaa1eac40d690f271d79e305205e8d2ce0c577adc35d0307ba78da31fc99a983add61423d96cb589bf7f8b4b1bf26969d72a5a30

                            Download Submit

                          • C:\Windows\{16D0ABFA-3DB8-4844-B088-7F2EE3965808}.exe
                            Filesize

                            168KB

                            MD5

                            e07159eeb014f6ec8d601f1b49de77ba

                            SHA1

                            4f8feed0cf9c5c27042dda20ca2a5e738107583d

                            SHA256

                            8f1dc84ae9c07a653bafa8ffa8e79bac5f4ab8dd2cb5f0fae472fa1a71ae043b

                            SHA512

                            1330059cb9ed13bd050d8b43a56f21106b5d9538d2013caf02e93adf8f3937a1ea3d35efac2d8f5d62f5d6fb08e210b18032b3faa6157bbfc8f37cd219ad311a

                            Download Submit

                          • C:\Windows\{62255D5A-9126-4e88-8D75-C3C045328E5D}.exe
                            Filesize

                            168KB

                            MD5

                            4b2d0366f5a14170329e3971b88490fe

                            SHA1

                            a046a21ed6115a2d301e276815f1def390c6e64a

                            SHA256

                            fc726463ea53cd5ea52c27d696da76b1160e07c2dbe9346fe8694ed94e9dc002

                            SHA512

                            9b22178445db4da88b04316edaa1a196ab6762ea710614145b472101cf5c2b17dba2bed52165bb0b3982d813b7e4cfaea6adf804c45aa5aad4872c9f1371c27f

                            Download Submit

                          • C:\Windows\{660C0E99-5945-4739-AB5F-07D0E911EEDA}.exe
                            Filesize

                            168KB

                            MD5

                            59e742ecf187892c17086c40d92eef90

                            SHA1

                            048759060971d26a9578f08eb27adea16559afb7

                            SHA256

                            a28308c35f9cacf259554dc519d764792009776c8cfad52dbdf5d8549a1eb5d1

                            SHA512

                            b9b038839c0bbddfce4384544457dfa476b9671e8c05ffd0d43ffed0aaea149c4bc7d3ea2e8684577c19f3449cfc0686f350769b31cb6b56ab176fea453b84f2

                            Download Submit

                          • C:\Windows\{8D5F687C-A6D9-4e36-B9B3-57155B478C29}.exe
                            Filesize

                            168KB

                            MD5

                            6afb1b58d726ac986adab8b9e317b45e

                            SHA1

                            eb6d39275e3db5fd927def98daa859d0a8f2c2bb

                            SHA256

                            51af12864d134af7c4ee7cf336fd0cc4775877917024ef12fed9d1e9f2d0ba5e

                            SHA512

                            b64575291535f2ade2d8bebcd67a7c6652127453cdd178f653df9884a1fd805c40c9f225a05d74d13b578660cabe66d5a3b1466b046d258d82e0f0772cb1c982

                            Download Submit

                          • C:\Windows\{9257C844-EA30-4e93-A977-E3E3EA372771}.exe
                            Filesize

                            168KB

                            MD5

                            a4e6e76b005421ec063b095c839d63fc

                            SHA1

                            81104f75b257083c47fad2d93430b6d63c076f9a

                            SHA256

                            2d5609c792638caacd6b7d45d901bf19a31357c5d1fad1a7923b8b144df2afe6

                            SHA512

                            2e17e109f0d46bfe9c0168d373f272ee1140adeb45d7feea666da7bf77113b6a1031d842183994fc4ed7c9002343b78e314684371bc0d7ad883b3c4d3e1233d9

                            Download Submit

                          • C:\Windows\{9DC9C102-B511-4395-9204-4D7D52431F7F}.exe
                            Filesize

                            168KB

                            MD5

                            8aef045f6a3d289c880dbc76bc3c0db8

                            SHA1

                            cba0c4e8b2cd17f6abd49cbd4b304dbbfa1e5d03

                            SHA256

                            2255387eff62c7a5c450da7bc39ecaa12cf846cba6331f1346eb75b5c5c408a1

                            SHA512

                            a229fb8cef9fc85d18a2ecf2ac1b1b5f96a1a26b18c0c6c67930da361da162d48bc5616b54d71a2312815ac29d59ec66bc43b8f89b498fd94852c84deca2ac9a

                            Download Submit

                          • C:\Windows\{AEEE8CE9-FC90-43c6-8996-C52DEA390D00}.exe
                            Filesize

                            168KB

                            MD5

                            4dba3f578b4a1f6578f1c260dbd8ac30

                            SHA1

                            427f9936fe06252137dccaa86f0fe4bfa8f6f8ac

                            SHA256

                            9d35d546e6be7c31e6c1da918cba1b88ac10a11c2cf49a22620a18d511159acc

                            SHA512

                            298c2a0dd1311d830f74b243079c19b32d0d18d2e5970f7c12a7dc1b10786b1474039f0ba800cd15bdf24c56f94e53964d6dcefc27b6ca5d1cae782cd96ed240

                            Download Submit

                          • C:\Windows\{B8828316-05C4-4e6b-8BCA-2B38A6A8A5D0}.exe
                            Filesize

                            168KB

                            MD5

                            201f6bfb985bf227db364408fcf97f35

                            SHA1

                            d4ca68de24a4ecf68b24806211f154513d92873c

                            SHA256

                            d5da22f11444f430f414addb4b11498ab40e870a54b20cedf39823597c16229b

                            SHA512

                            924a265f62cdd7486bd4d1804cab517e4ac0c5b3ef253a181e4ef2c91467df3591d582943032b2d14d3387447bb4190cd47d03178bc92dacdcfa17897a792760

                            Download Submit

                          • C:\Windows\{D72E8A33-EB8B-469d-88D0-6FD3468F63F1}.exe
                            Filesize

                            168KB

                            MD5

                            6989ffc4df190e20c517477c299da8eb

                            SHA1

                            dbd91f357cbb4ab6e2f14bff457df84b13e4c0f6

                            SHA256

                            847152730faa6d1e5d5093ab273a34fa08b41c145e606810b8131eb9719fe798

                            SHA512

                            2c52cd2777969d40f87abb3dab8ee2b79e0254acf356afe50fe2a68625629691e2599b3454b19c38d761a5f3c3b945063e059bd3353ca279c1cd8ebea218ceda

                            Download Submit