Overview

overview

10

Static

static

10

2024-02-23...ye.exe

windows7-x64

9

2024-02-23...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2024 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_6fc12090822a30b1bc5a2b028d651e9f_goldeneye.exe

  • Size

    408KB

  • MD5

    6fc12090822a30b1bc5a2b028d651e9f

  • SHA1

    320b84a8e42b3637a4d6832f5c9fea81c832b5eb

  • SHA256

    05877561112a2769521ca091d0a5af648beee3956c8279d11064149f8dd7bb71

  • SHA512

    8a68a1051b2ed5b8b839c7d1261e5a901f2f1f5634bc2c7d846429927da928c275c6909256911f2c1f092fd0baffe246878b9bfadc716e5dd15fd1cbb19e10de

  • SSDEEP

    3072:CEGh0oTl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGRldOe2MUVg3vTeKcAEciTBqr3jy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_6fc12090822a30b1bc5a2b028d651e9f_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_6fc12090822a30b1bc5a2b028d651e9f_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Windows\{CF468BD1-716D-4df3-96A7-A4EDB65CC6C3}.exe
      C:\Windows\{CF468BD1-716D-4df3-96A7-A4EDB65CC6C3}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1036
      • C:\Windows\{418406A1-FE31-4bbd-9001-C96EBCD33C23}.exe
        C:\Windows\{418406A1-FE31-4bbd-9001-C96EBCD33C23}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5032
        • C:\Windows\{DB284BF7-4514-4022-B911-8EC57676E361}.exe
          C:\Windows\{DB284BF7-4514-4022-B911-8EC57676E361}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3896
          • C:\Windows\{BB8E99F6-7F6A-4ef3-831B-4A8930188A15}.exe
            C:\Windows\{BB8E99F6-7F6A-4ef3-831B-4A8930188A15}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1932
            • C:\Windows\{CB4633AC-02DC-47f4-B138-714492E30C00}.exe
              C:\Windows\{CB4633AC-02DC-47f4-B138-714492E30C00}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3564
              • C:\Windows\{6089A48B-2BA1-434a-A089-11391637C924}.exe
                C:\Windows\{6089A48B-2BA1-434a-A089-11391637C924}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2592
                • C:\Windows\{4F174509-C129-4762-9E34-0A9E9E873037}.exe
                  C:\Windows\{4F174509-C129-4762-9E34-0A9E9E873037}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4640
                  • C:\Windows\{727A1A07-83A3-4ebf-94A7-ABA6B6531FB3}.exe
                    C:\Windows\{727A1A07-83A3-4ebf-94A7-ABA6B6531FB3}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:8
                    • C:\Windows\{3C966C6A-BCA2-456a-A538-82E2A84BE012}.exe
                      C:\Windows\{3C966C6A-BCA2-456a-A538-82E2A84BE012}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1396
                      • C:\Windows\{32566857-6B13-4e80-8021-322D0929C483}.exe
                        C:\Windows\{32566857-6B13-4e80-8021-322D0929C483}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:1524
                        • C:\Windows\{8E0C16F4-BF8B-4997-8BEB-D6FF028CC8E3}.exe
                          C:\Windows\{8E0C16F4-BF8B-4997-8BEB-D6FF028CC8E3}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4548
                          • C:\Windows\{6F4767A8-933A-4a03-BD06-ECE193377CF5}.exe
                            C:\Windows\{6F4767A8-933A-4a03-BD06-ECE193377CF5}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:4984
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{8E0C1~1.EXE > nul
                            13⤵
                              PID:5020
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{32566~1.EXE > nul
                            12⤵
                              PID:4796
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3C966~1.EXE > nul
                            11⤵
                              PID:4616
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{727A1~1.EXE > nul
                            10⤵
                              PID:624
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4F174~1.EXE > nul
                            9⤵
                              PID:1780
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{6089A~1.EXE > nul
                            8⤵
                              PID:3608
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{CB463~1.EXE > nul
                            7⤵
                              PID:4084
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{BB8E9~1.EXE > nul
                            6⤵
                              PID:1656
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DB284~1.EXE > nul
                            5⤵
                              PID:1084
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{41840~1.EXE > nul
                            4⤵
                              PID:1556
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{CF468~1.EXE > nul
                            3⤵
                              PID:1568
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:216

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{32566857-6B13-4e80-8021-322D0929C483}.exe
                            Filesize

                            408KB

                            MD5

                            1e008c5645347a66366707fde781816b

                            SHA1

                            7722b7ba2bf29a64f64e7055ff34ce3a44af627c

                            SHA256

                            f965990dd800430d3ec6e6afa956fed248a685a7100fa5a89ec881fa5c60c7a1

                            SHA512

                            cdfc97911f6bd624389a16c4628a6973d1f8a2fb32b45fcfda595829968f3e8c029184898341776302f16c62ba976de6ccab4cfaa6537ae38faec67c87df8034

                            Download Submit

                          • C:\Windows\{3C966C6A-BCA2-456a-A538-82E2A84BE012}.exe
                            Filesize

                            408KB

                            MD5

                            9e4b0d993827712dc8da12d0742307c7

                            SHA1

                            3ae0861a037e501a736ae6b24c380dbb8eac2af3

                            SHA256

                            8679a587741b5245ce526c7aee8f7ef30f55bdc288c5c6441df91fed24b185dc

                            SHA512

                            fa9f9122471d5d20c707147ccdd38267c0089e439118cef7b4b3ade8535ce7f6e5a1e3ae1f6fbff4ca434d3a0c9a8373c8dd0f4165cb013e8a0fc1e380b73baa

                            Download Submit

                          • C:\Windows\{418406A1-FE31-4bbd-9001-C96EBCD33C23}.exe
                            Filesize

                            408KB

                            MD5

                            9f26b20f87a8c88cd1ffe10e31f94c53

                            SHA1

                            82c77af7768d40bd9f26c4a3d314dc0ac8836cbb

                            SHA256

                            c1031525fabb2ff1fdec7ece81058a44c3ccc6c92679a169dd884fddc740327c

                            SHA512

                            aac6a15d6da23b8d98f7d4c0ca912b4fbc6c3cafaab12f42067586ded84a276eab9b4d010642b1c935c431716aaab2917bd050d3b52c30e95987973b63a63a0a

                            Download Submit

                          • C:\Windows\{4F174509-C129-4762-9E34-0A9E9E873037}.exe
                            Filesize

                            408KB

                            MD5

                            7fda926e31e96af608089ed6bac831f2

                            SHA1

                            70d4771dd2f5922e829e295d46fdd285cc6f024d

                            SHA256

                            ca48947c2b471ab5ab9fa4a8e8102df50616bd83e44863ce63ee48d20d944d65

                            SHA512

                            ff2fa9292db43cd3b2d8231784cbcead2ac0348ef2326ac76d04a3e1865be340638b18635565526b862d152af7f0a9a3f4e1be32687629e4b358e242f3480749

                            Download Submit

                          • C:\Windows\{6089A48B-2BA1-434a-A089-11391637C924}.exe
                            Filesize

                            408KB

                            MD5

                            4c7365dd2e16fc20f9e192958367e8c5

                            SHA1

                            a5d52e8f0bf6e17e4780f001fbe3fd5e786b3313

                            SHA256

                            badf1466f63374f04e092c190ae44b6045d265dbf59053818809f4d2e63f40fb

                            SHA512

                            1759c5a67e58fad453f7dcd72efba84b80e900cfa27059cb9d107d115bd54d00c37d392f5f6abed813159cdb124a448bef7c80c902abb0db56d679b76717f462

                            Download Submit

                          • C:\Windows\{6F4767A8-933A-4a03-BD06-ECE193377CF5}.exe
                            Filesize

                            408KB

                            MD5

                            4ea4c682b0979d768d7cfa82c8e51874

                            SHA1

                            77d7605278cff289710ce6228df2bb3307493798

                            SHA256

                            36f601f5b9c73684fa042b368253ddc531de9048fc7f42d10db13e89fe8051f7

                            SHA512

                            e20c74cefc41ddb73cb365418aa61a2cacee3475fb146608a81ad1559fdf15af0e6687faa29d52eb2dde516c47c7d863f67b66fb16aa91c638a6018f4f58ef04

                            Download Submit

                          • C:\Windows\{727A1A07-83A3-4ebf-94A7-ABA6B6531FB3}.exe
                            Filesize

                            408KB

                            MD5

                            e15d7b99d0acbb9b47d3fef10da51df0

                            SHA1

                            daef382037f44d13f2875950b0b997a2e765471c

                            SHA256

                            d544ad6dde41f0fbb5b5c6fc11b2a3ee76186bd4c31ba48337d71c88b571bf6e

                            SHA512

                            5fa087be3230bcdc65912b1272565d595dc2819b346ca9aacfc2ee3d9bed1a569fd4898e352b09db767b782340b20ad7f6c24b8c641eb8b25e424f692ef02a43

                            Download Submit

                          • C:\Windows\{8E0C16F4-BF8B-4997-8BEB-D6FF028CC8E3}.exe
                            Filesize

                            408KB

                            MD5

                            54623d5c0214a60d1d30275e8146e02a

                            SHA1

                            bfe927bb87a433bf52ff733bb4048312f97580cb

                            SHA256

                            fd30c1aca7fadc0b2e109f97185cc79523a9b5a4fa212f00a31431f7135561d1

                            SHA512

                            4a8dd22c8be7e2f470599458bccb8cd8b8756b10995bd9a8b538c7478b3d13fdb7b933e10a0a5df792512b982a1a61d925ff2b7d85f6c0f29214f174ac11492b

                            Download Submit

                          • C:\Windows\{BB8E99F6-7F6A-4ef3-831B-4A8930188A15}.exe
                            Filesize

                            408KB

                            MD5

                            c1db5eb095f1b75c1db4e462aae744c7

                            SHA1

                            c53f9979fe7cc03db620b2f14190bf00a7f4eb62

                            SHA256

                            26eb28329a74e4bc0947bece94766030e3065af35e7485b88a2aebbb8633e086

                            SHA512

                            cb97b3210dbd18a853c6a72222e6d09cd6eac18a6e8e696792c374e8527d4e651e497b1efe401b48aaa2a4e0e738345d64904e721304ff0bd6b2c310b1a6e1e6

                            Download Submit

                          • C:\Windows\{CB4633AC-02DC-47f4-B138-714492E30C00}.exe
                            Filesize

                            408KB

                            MD5

                            cad76ce724be9126616bc32a89327220

                            SHA1

                            b1d826eb3a995a0a1b3a67d3298e398bf2733292

                            SHA256

                            6b47cb53dc3fd2500a968dd9de6fb961621e5ee98eba77bafee2ec6874d303ee

                            SHA512

                            c681e8e6206b126ce39c53b235237c5e241c5d10eae8611531859415241b6b6011017004efee55a09f98eba264af01d1960d36a1b4ac2d6f1636931617792e74

                            Download Submit

                          • C:\Windows\{CF468BD1-716D-4df3-96A7-A4EDB65CC6C3}.exe
                            Filesize

                            408KB

                            MD5

                            41381e4cded4571b31f129f805ab6100

                            SHA1

                            d019c2e7a81cafdabfdbb35c73c06115423f087a

                            SHA256

                            6d5754e2535496b25359ea87a06522e3d4acc33398749ddd7e4425aa14cd90e3

                            SHA512

                            67c35da296100dfb7f7b854730da859b2879573cee9c9f63c9deb2182662f534be9b992a60f4c6b11c10345e4a265df50d440045ecce67b4a106b15fb95cc16e

                            Download Submit

                          • C:\Windows\{DB284BF7-4514-4022-B911-8EC57676E361}.exe
                            Filesize

                            408KB

                            MD5

                            9c86bf2983e090979facf265b03bc0bf

                            SHA1

                            4a4413f5d285d4755d4d31968eb23376f919cde3

                            SHA256

                            6eb85cf57b50bf4277fd170db87b30b8f7a0b327f884f47c54ab385d84460f11

                            SHA512

                            00a3994edd0ba9e3e396a212f0d8af0c487f35bc3800220410f1161357435a6a67ab16b8469311c68d7729adb3e3853b07175b1a81c8ca2b3f071212caa8d376

                            Download Submit