Overview

overview

10

Static

static

10

2024-02-19...ye.exe

windows7-x64

9

2024-02-19...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 15:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_922e4eaf5893540bd0a40051f35c508c_goldeneye.exe

  • Size

    408KB

  • MD5

    922e4eaf5893540bd0a40051f35c508c

  • SHA1

    d80bbfa595b9a6adbb4772cf7d499dfb1fe39a5e

  • SHA256

    d015650f4ef5954f73e3577f7dfa7f15042c3f3c7d139c31e0f20d48a2d7253c

  • SHA512

    babefa243aeaab19fff9cefe5742a42ecf5e23eda6e7f55528232f251118640640b06a404cf3ab98c2ebf7a8bb8e11eda73f7f39ccf2aa2b192ce627a47d09e2

  • SSDEEP

    3072:CEGh0ocl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGOldOe2MUVg3vTeKcAEciTBqr3jy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 13 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_922e4eaf5893540bd0a40051f35c508c_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_922e4eaf5893540bd0a40051f35c508c_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Windows\{D17FFBF0-7E28-4b5b-B965-7ACEA6D746FB}.exe
      C:\Windows\{D17FFBF0-7E28-4b5b-B965-7ACEA6D746FB}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:908
      • C:\Windows\{72087DF5-254D-413e-B53C-AB478EB45B56}.exe
        C:\Windows\{72087DF5-254D-413e-B53C-AB478EB45B56}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4016
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{72087~1.EXE > nul
          4⤵
            PID:4368
          • C:\Windows\{70FC60F1-588E-4053-9E19-F6E5119528B6}.exe
            C:\Windows\{70FC60F1-588E-4053-9E19-F6E5119528B6}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4732
            • C:\Windows\{62CC97E5-7F1A-4cbe-96D9-F2945DFCD0BD}.exe
              C:\Windows\{62CC97E5-7F1A-4cbe-96D9-F2945DFCD0BD}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1112
              • C:\Windows\{2150019A-380C-4f76-B4EA-B48B8ECE018E}.exe
                C:\Windows\{2150019A-380C-4f76-B4EA-B48B8ECE018E}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2736
                • C:\Windows\{0BD4D972-9614-432c-9318-3A4D5709B50E}.exe
                  C:\Windows\{0BD4D972-9614-432c-9318-3A4D5709B50E}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4404
                  • C:\Windows\{7CF846F1-AFA2-49c8-A092-2E761AC97DEC}.exe
                    C:\Windows\{7CF846F1-AFA2-49c8-A092-2E761AC97DEC}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2432
                    • C:\Windows\{9A393E40-9AAC-4b59-BA72-9493A65297EA}.exe
                      C:\Windows\{9A393E40-9AAC-4b59-BA72-9493A65297EA}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4232
                      • C:\Windows\{3E874403-0093-4625-8CA4-F62B52D4A3BE}.exe
                        C:\Windows\{3E874403-0093-4625-8CA4-F62B52D4A3BE}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:1804
                        • C:\Windows\{12752BE6-AECE-44bd-8AA2-1D2E3AE7D9AA}.exe
                          C:\Windows\{12752BE6-AECE-44bd-8AA2-1D2E3AE7D9AA}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:2628
                          • C:\Windows\{28C313C9-D27C-4a70-8279-8E565CB6DCED}.exe
                            C:\Windows\{28C313C9-D27C-4a70-8279-8E565CB6DCED}.exe
                            12⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1844
                            • C:\Windows\{F03F9D2E-2E7E-49ba-9D22-868E22A6AF59}.exe
                              C:\Windows\{F03F9D2E-2E7E-49ba-9D22-868E22A6AF59}.exe
                              13⤵
                              • Executes dropped EXE
                              PID:1880
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{28C31~1.EXE > nul
                              13⤵
                                PID:2724
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{12752~1.EXE > nul
                              12⤵
                                PID:3156
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{3E874~1.EXE > nul
                              11⤵
                                PID:1756
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{9A393~1.EXE > nul
                              10⤵
                                PID:3632
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{7CF84~1.EXE > nul
                              9⤵
                                PID:4348
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{0BD4D~1.EXE > nul
                              8⤵
                                PID:2152
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{21500~1.EXE > nul
                              7⤵
                                PID:5012
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{62CC9~1.EXE > nul
                              6⤵
                                PID:2448
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{70FC6~1.EXE > nul
                              5⤵
                                PID:3128
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D17FF~1.EXE > nul
                            3⤵
                              PID:3592
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:4560

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0BD4D972-9614-432c-9318-3A4D5709B50E}.exe
                            Filesize

                            408KB

                            MD5

                            308251533525506890e9e24401dff1b4

                            SHA1

                            829c5e978e130c96c404eeafeb274c8994008aa5

                            SHA256

                            fabd169387472cb9b9609256a95e91e634747f8718fda2fc170ba1d2e8ec6de0

                            SHA512

                            4fe7931284208f79efee985d5211dc423d1112567d1c1ad3e371fa1363e3014560af660eea6137112ab626b4531d3a62d6c346f9f86525b5c7ad55138c356f26

                            Download Submit

                          • C:\Windows\{12752BE6-AECE-44bd-8AA2-1D2E3AE7D9AA}.exe
                            Filesize

                            408KB

                            MD5

                            f411bebb937a0d126da30c204481d110

                            SHA1

                            dee2d4655a3a1efd43311ba4467ff1b4dc4837aa

                            SHA256

                            0cc855880105692389db3d774559b5c4ba253f2cb0206d4e2449a1c52529e1d3

                            SHA512

                            6973a415c00b18d780ddb9458bb9b86b94da126d9d4d9e5cbaf1f85c0d31cee6a54a27013a5d58380bd62862609d57b547296aca21465c173a370f8195a45449

                            Download Submit

                          • C:\Windows\{2150019A-380C-4f76-B4EA-B48B8ECE018E}.exe
                            Filesize

                            408KB

                            MD5

                            80cfc1fa40ffa0b623f7b7508e80e2b5

                            SHA1

                            9dcbce8e2c2baf2d82adeb79686c0f68c6c1ed7d

                            SHA256

                            bc7f759cab86f5b769bb29bc00978f8ceb7fc8517c8687ef0a170cb304ec7478

                            SHA512

                            c4c0e6d0f0c6899fb62816a5760a90057991fbaf48387b0215cef2b716f40f63162b439a6934d7c12c93bd9d1bd0d2149de35525dc29f1dd19709c03821af5a1

                            Download Submit

                          • C:\Windows\{28C313C9-D27C-4a70-8279-8E565CB6DCED}.exe
                            Filesize

                            408KB

                            MD5

                            49a9811d57e1019627e2a3d9cbeda5df

                            SHA1

                            54595c3da9c6f78a058c78309ef0c54a7d2fa58f

                            SHA256

                            94cf8bca8dbb3528688a7cb34db2438f2c622049a8a307c08ce8604ba690be24

                            SHA512

                            ac1d0b9d0f118b5216372e6949dbc4c7ef350afdded534f89e2d735b06c7bdc73dfd0cdd06b557f486abe584b15289df8aeef0c86086a441c83d822e98d4e790

                            Download Submit

                          • C:\Windows\{3E874403-0093-4625-8CA4-F62B52D4A3BE}.exe
                            Filesize

                            408KB

                            MD5

                            e7a28bba1ac7375042d737f0f1d96577

                            SHA1

                            4b7e7827a4393294b62b400de18db4a7fea921ef

                            SHA256

                            8a6e46f3dad78b81aa8ef50f3f645f222764cb93e4e0f0c2e36bbb7ed7fe708e

                            SHA512

                            ea76156adf4b8eaa263d1081103d6612aeeef4b7d10b4b8f56a21d3b86e7b8e9152020fb949987f5b25c1d0d8299da367eb217ec776fc5a02b986a02ce82ef32

                            Download Submit

                          • C:\Windows\{62CC97E5-7F1A-4cbe-96D9-F2945DFCD0BD}.exe
                            Filesize

                            132KB

                            MD5

                            3b0b4a5430418a553b1e8827f4aae281

                            SHA1

                            da0bf8ab079e50c3a80b437c6b2d9ea5a2d74962

                            SHA256

                            486d1aec3dc23b997bdce110eeb11ed6f18448ad6ab01683a706fb4582b16ae9

                            SHA512

                            ea2a15fab56b4cd47bd3a4e8ba1ad6a77c7dc85441efafd886a31c93c0a00572826b9a6ded36f8df0eca6cb3524adf7663127eaf84eec36c2f320a18835b8b79

                            Download Submit

                          • C:\Windows\{62CC97E5-7F1A-4cbe-96D9-F2945DFCD0BD}.exe
                            Filesize

                            286KB

                            MD5

                            bdef6bff2a4b8c6abf7815ece07aa683

                            SHA1

                            e748d1a28d3aa79f7f0b7fd9fe347c77252734e2

                            SHA256

                            e4a058460020b704d0b2769fce60c45ec38e04607cf2fab0aebe39464e574b57

                            SHA512

                            c34e5d5053164555f3a445c3cfa340607dad6f387ee4d13bb0772503692e2708b6f3e9a203e6eb42f5dee6677c0c62b7e77d46a146f16bcf69905821fe7244b6

                            Download Submit

                          • C:\Windows\{70FC60F1-588E-4053-9E19-F6E5119528B6}.exe
                            Filesize

                            408KB

                            MD5

                            eb815db7d2e17995ab641fef9009db67

                            SHA1

                            a3c5e1ef9215d73fe6ef70bad766b78f1faf2773

                            SHA256

                            2b983d2f6691c1fc605ca1eb60da99fc0b73204f33c5a35492d7260f9f6fe7fc

                            SHA512

                            4bb93c46ca8118457ff069387b8b33d7dc1792ba55369e024feb93221a4ccf3566ccc5dda04105e31f6eb995337dee0ed14b6884e9cb9c3da2ea53bc4d2d6a6d

                            Download Submit

                          • C:\Windows\{72087DF5-254D-413e-B53C-AB478EB45B56}.exe
                            Filesize

                            408KB

                            MD5

                            ae2722c4576502676d21baf48b8a09e9

                            SHA1

                            99faafaa2f6c4d7ccbcc07bbd6df8b88ffa5606f

                            SHA256

                            b67fa156e19b7f08314547e615a5308bef7d18d84102054f7ac9501a405a8fb1

                            SHA512

                            6d4003a265c313e077d1366af24deb871099b46bc27772a0b4f55614c64b905ab569ff9dcba737fc1978a9e229876bfe7c1a0fd9a18f1a6130a852dae2e633cb

                            Download Submit

                          • C:\Windows\{7CF846F1-AFA2-49c8-A092-2E761AC97DEC}.exe
                            Filesize

                            408KB

                            MD5

                            0189661362f98a9f072f68bdbfa993c3

                            SHA1

                            54ea53859d2a1316d4bdb219e5f41991e8fba5e5

                            SHA256

                            a8f670fa7fce03246f4ec74201f9288a1c3ce71758038a651d77954fff75f678

                            SHA512

                            4f6a3b5f69d79938ed98de89d9a54ec622be3f09fc45714f1b8d6f7d71ffdad0e27bfb4d981ca0e8b687514458a10b60e28f621e806d95025c72b4e6480481c1

                            Download Submit

                          • C:\Windows\{9A393E40-9AAC-4b59-BA72-9493A65297EA}.exe
                            Filesize

                            408KB

                            MD5

                            b56b84825b105ae904cb3badb72d4348

                            SHA1

                            71f5e2530be5c4256d315c6f83dbef2f054b5eb3

                            SHA256

                            8d74426b7ea5dba6990930de7a1ec46f56c2d3ca5f1eb42f91c2b876cdee37e5

                            SHA512

                            be9859e31e5fade44bd12b57959b0039e8b177dcbfdc08c86fdc86852346aa3d2a80691f49956820db8c00c2a644d20a81aa91bd49d7d8bfaa2df169bcccfe79

                            Download Submit

                          • C:\Windows\{D17FFBF0-7E28-4b5b-B965-7ACEA6D746FB}.exe
                            Filesize

                            408KB

                            MD5

                            ab2d2cc3eada3b12908f6b0ce9f01ea0

                            SHA1

                            638140768f96548368b3d15d7b2791bbda14a187

                            SHA256

                            38fef9d9a268a67b881b3db283ce3eae0a2463cb38b87bf7af43ec2010cac6f7

                            SHA512

                            47f4dc5846c38306aed2ec77d054312b9d9423a89d739ae4bd16d3bd83238226216fd968436c3d58ab705cfe2f1f7af3fdca5182b06809299f356b40e20f2477

                            Download Submit

                          • C:\Windows\{F03F9D2E-2E7E-49ba-9D22-868E22A6AF59}.exe
                            Filesize

                            408KB

                            MD5

                            e643aa7a6a51c14b5e151b713f3b12d1

                            SHA1

                            b47a280a242bcff702bec8e713d5ca336e25f065

                            SHA256

                            7569bbbb4c8930f59668ffde5144b19fbd78579f4cc7710bd0b7c5a36d995078

                            SHA512

                            3a70b9cd13b21f2a9c56389c12ca202da0703f162ba9cddbcecb68be568d07c8fe6af46ea1545b373d1de2910b1e1a83278d27d8ca9dd0a5258d4711b0223e96

                            Download Submit