Overview

overview

10

Static

static

10

2024-02-23...ye.exe

windows7-x64

9

2024-02-23...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-02-2024 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_7ffa76dd27713a53b648f233d185d503_goldeneye.exe

  • Size

    344KB

  • MD5

    7ffa76dd27713a53b648f233d185d503

  • SHA1

    cf99c01cc394c0d73a7158137f095da2e50dcd78

  • SHA256

    f10528b6f423c143ffd3eb15f35f1a5a9a5da634ab8f2206565d09836c49cdf7

  • SHA512

    55c48de3e664f4b001a2fe1d91b6be8cd3bb5fe77491cefa32940636a9b2718457461692677c6764c3f75c89d3362e67f9e9f52b0e0c5ce6edf12c0868dd23ab

  • SSDEEP

    3072:mEGh0oalEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGglqOe2MUVg3v2IneKcAEcA

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_7ffa76dd27713a53b648f233d185d503_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_7ffa76dd27713a53b648f233d185d503_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Windows\{60CC95DC-558C-48d1-B43E-EDCC5E7DBD3C}.exe
      C:\Windows\{60CC95DC-558C-48d1-B43E-EDCC5E7DBD3C}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Windows\{5AAE76CD-B719-41c1-9F6A-3AE06082EA3F}.exe
        C:\Windows\{5AAE76CD-B719-41c1-9F6A-3AE06082EA3F}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2668
        • C:\Windows\{1C647F8A-10CA-48af-9995-9EBEBEF40366}.exe
          C:\Windows\{1C647F8A-10CA-48af-9995-9EBEBEF40366}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2480
          • C:\Windows\{CBB81B21-4144-42c3-B328-EE5643663077}.exe
            C:\Windows\{CBB81B21-4144-42c3-B328-EE5643663077}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2488
            • C:\Windows\{B9EBBACE-5709-4b77-9DA0-6FC28F2349EE}.exe
              C:\Windows\{B9EBBACE-5709-4b77-9DA0-6FC28F2349EE}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2792
              • C:\Windows\{D06503AB-E839-4be1-9602-A2A929751E4C}.exe
                C:\Windows\{D06503AB-E839-4be1-9602-A2A929751E4C}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1384
                • C:\Windows\{CE54FD71-CB44-4817-B174-5446AC1E7287}.exe
                  C:\Windows\{CE54FD71-CB44-4817-B174-5446AC1E7287}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2216
                  • C:\Windows\{2EB6B823-9879-4172-A93B-D3EDA3573982}.exe
                    C:\Windows\{2EB6B823-9879-4172-A93B-D3EDA3573982}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2508
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c del C:\Windows\{2EB6B~1.EXE > nul
                      10⤵
                        PID:2140
                      • C:\Windows\{DB060E41-741E-47c8-A4E8-B65F40EBC5A6}.exe
                        C:\Windows\{DB060E41-741E-47c8-A4E8-B65F40EBC5A6}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2076
                        • C:\Windows\{F74AF9BA-BC6A-4caf-A4F8-5B9767D13984}.exe
                          C:\Windows\{F74AF9BA-BC6A-4caf-A4F8-5B9767D13984}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2864
                          • C:\Windows\{F51C4F8F-3386-4ee6-BE87-B41DE3717DF4}.exe
                            C:\Windows\{F51C4F8F-3386-4ee6-BE87-B41DE3717DF4}.exe
                            12⤵
                            • Executes dropped EXE
                            PID:1168
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F74AF~1.EXE > nul
                            12⤵
                              PID:1512
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DB060~1.EXE > nul
                            11⤵
                              PID:1812
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{CE54F~1.EXE > nul
                          9⤵
                            PID:2196
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D0650~1.EXE > nul
                          8⤵
                            PID:1968
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B9EBB~1.EXE > nul
                          7⤵
                            PID:1744
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{CBB81~1.EXE > nul
                          6⤵
                            PID:2788
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1C647~1.EXE > nul
                          5⤵
                            PID:2948
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5AAE7~1.EXE > nul
                          4⤵
                            PID:2656
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{60CC9~1.EXE > nul
                          3⤵
                            PID:2604
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2628

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{1C647F8A-10CA-48af-9995-9EBEBEF40366}.exe
                        Filesize

                        344KB

                        MD5

                        c159b4cb046b0b2275e755b2321d058f

                        SHA1

                        1ab05d8d580b1592bd299e221c747fb3f8c6599a

                        SHA256

                        e83b8ab1ebe35da95cb89009d283c68d26cf927a9116e64ae5afe08e2516882a

                        SHA512

                        a39179d169011a3a4179723b180f50a6e8257d6a1b0817dfd8115b3418301b52edb2bb9accd3913f0490c628c55a5d42f0f22811cd989c271d08c69cb218c5ea

                        Download Submit

                      • C:\Windows\{2EB6B823-9879-4172-A93B-D3EDA3573982}.exe
                        Filesize

                        344KB

                        MD5

                        f0297b8f9e7be5662c82b865f26d4999

                        SHA1

                        9e489d897193958c39d83e995aa1bd72a6fc80d1

                        SHA256

                        e7f73688d67f9584b87ed4e43fb4515cfe81bf4404ea3c5cf319857503bdce35

                        SHA512

                        4077318fada9874306a9648476d3667c939551caf2ba01aa1efa08cd7348d69b5c5a2d1e6c3ebfc681022ab22b65c64a8991dd6ce3af8a6af73f235f4eab301f

                        Download Submit

                      • C:\Windows\{5AAE76CD-B719-41c1-9F6A-3AE06082EA3F}.exe
                        Filesize

                        344KB

                        MD5

                        150d4b1d4b3f3556c13eb94e196da2dc

                        SHA1

                        44154d766b4042af3075502d03fc294c22ee421c

                        SHA256

                        d98f5aa2db1beabb121c152bea9712e02e624501680974fa0c62e3c01d77c963

                        SHA512

                        3781a8b72c3bfabc4b668c0c49952804846e55c4a6c81e74d1854f290cfb382eceff1d9fec9932a756c2195bd911ce3fffcd0552a4071fa9a4cc980d6cfba11d

                        Download Submit

                      • C:\Windows\{60CC95DC-558C-48d1-B43E-EDCC5E7DBD3C}.exe
                        Filesize

                        344KB

                        MD5

                        0346674294a9686ece0060df5adbd101

                        SHA1

                        ebc017038619e42047068ab6e9cb0b1e34f78d91

                        SHA256

                        0d3541878b7aa13cb9d37c578b13b7898699914df8aa9f7fd061229a32a148fb

                        SHA512

                        5986507df3a16e3ed552120f6c72b22a0bdd87a36ddca64e6a967039b21de9ca5f2ce28bf1c7cd1823537bc235f53b329ce06857dcdb08ae92b588330908f54f

                        Download Submit

                      • C:\Windows\{B9EBBACE-5709-4b77-9DA0-6FC28F2349EE}.exe
                        Filesize

                        344KB

                        MD5

                        d037b64a7bb1b1cc807cca14701412c7

                        SHA1

                        5783ba055fefae965b13984213cf2fdb5d700410

                        SHA256

                        0299e66092c4b4a9876ed63b76978e87384826bde77f35e18830d3043ab7ff58

                        SHA512

                        e65f2cc2768b9d2176843b0fc84589ba7f144c47ce9ae79d4feb2e8506604e5a58eee7f03f225c8c85f13b1b66f0c375df5d2b6cb13db4d52ff8c7aea7ee1b7b

                        Download Submit

                      • C:\Windows\{B9EBBACE-5709-4b77-9DA0-6FC28F2349EE}.exe
                        Filesize

                        3KB

                        MD5

                        2dbca5a1940ccc48eeb39a0369fe5100

                        SHA1

                        d44c7dd2f37d831eff7dd9514406f515ef7ec42f

                        SHA256

                        19e59143ad087fc440c91b1a8cf901b2aca5707a54f7aea6cc11768ac92c9ffa

                        SHA512

                        2139bb618e5d8b589de40c08f0f77cc6c59d3bc20f0ca75d22711bd9df16863d28c4355b95757be80b12c82126e8bde0cec279011336648c6858f77029550861

                        Download Submit

                      • C:\Windows\{CBB81B21-4144-42c3-B328-EE5643663077}.exe
                        Filesize

                        344KB

                        MD5

                        0d3a4f0dc87537753441621ba6a061f8

                        SHA1

                        6d7256572dca525f1c35cc592d00469e479b797e

                        SHA256

                        4e0db6a3e573bc164dd70082de4b0d007915406d414a337337a473b099e06e2d

                        SHA512

                        a8577c8a01699a3445b356c473de5fac655d32026565b3c86cd4aa112030e597953243cd9a8a9830da824cccf8d9ffee1ca524c1cf072051dc19cea14c7edb5a

                        Download Submit

                      • C:\Windows\{CE54FD71-CB44-4817-B174-5446AC1E7287}.exe
                        Filesize

                        344KB

                        MD5

                        b0e8b1a1f566474cf262bc5ab84ca2c1

                        SHA1

                        f975fd95a93ac93ae7c1c5aa3c7c16bd5970ad41

                        SHA256

                        51ffe7a9fcd786d3946ccf6565fa011998954dbe0e0157eaa498c9cb5177bae9

                        SHA512

                        1825516d8508e367f2e26eeca97f97ed0c0233e318c96c7d44fac4cb04e3c8abe948ebe98841de1ed59ac4ced7006e32ba3e35d57d8714a9505bead74608abbe

                        Download Submit

                      • C:\Windows\{D06503AB-E839-4be1-9602-A2A929751E4C}.exe
                        Filesize

                        344KB

                        MD5

                        c225fc9e75906ba53dfe65390cfcef33

                        SHA1

                        03527fd500049216e999342f073ff54218df9285

                        SHA256

                        c38b4d19c731c477a049059fe4c412aa28f4df4066b507e97a934e39c87bf1fa

                        SHA512

                        86a4b02e05984b88a718802537b9f471e657a5d618cadc5ac345408ca39e0d71c797ac53041ca0fee024e452cdef73a3248d24021faca382b500901f08e06ebd

                        Download Submit

                      • C:\Windows\{DB060E41-741E-47c8-A4E8-B65F40EBC5A6}.exe
                        Filesize

                        344KB

                        MD5

                        06822912bc9bfbda24dea1337ce64031

                        SHA1

                        2bc915073f59c4e9d79d1d5ba313e273eed09f39

                        SHA256

                        294e9b6c4f21ef2b46923013d1e0163bc4d1d31abc6f71bcd763c9854de706f1

                        SHA512

                        9ef6d80c46c7e2c003f1fde729a6476ec568e2faa185e69cce9b81b0408f37b1f691fa2f1ab9da92f217dea5c358c854072f7038065c579092a97bfe4f1f39c4

                        Download Submit

                      • C:\Windows\{F51C4F8F-3386-4ee6-BE87-B41DE3717DF4}.exe
                        Filesize

                        344KB

                        MD5

                        1b08c824448cef84ee000926c43e4ed6

                        SHA1

                        a3653b7bf65ac90d7c72105e0a6535cc7a81d0c8

                        SHA256

                        9573c73f7f74543f018d3dc037e2c12852fb890b7eda7b9e1bf763ced3c280f2

                        SHA512

                        8d5cee542230999c3ceaef18467ea8b8cd7ba95701b72fda6b3dd2a6478d8f569d787907f5b9e66f0d9dd2d09a8fecc5dc20647a274c9826b7e22c799e59f7df

                        Download Submit

                      • C:\Windows\{F74AF9BA-BC6A-4caf-A4F8-5B9767D13984}.exe
                        Filesize

                        344KB

                        MD5

                        9be338546c4c2b0cafc697b539e23e2a

                        SHA1

                        f590b5251e4f23dca451daa0d879ea0eeca9ac3b

                        SHA256

                        c102809972f65b9dd4b5b0a6bbc79058148c509e89de0911398c4f7de1421f08

                        SHA512

                        74db7afbc1b1ee1cc82f7fe41b6a3c57b2d6d75a74936d8a3e9deb6b645c38ecc0e6a9c515378eb6cc7ea91df260d5ed0d4fae1380e56cb0a8f0b7c7db3f0b84

                        Download Submit