Overview

overview

10

Static

static

10

2024-02-28...ye.exe

windows7-x64

9

2024-02-28...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    156s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_b9c344d3fcb706381d7a9671dcc9e478_goldeneye.exe

  • Size

    408KB

  • MD5

    b9c344d3fcb706381d7a9671dcc9e478

  • SHA1

    92dbabe172d5f33568599b717c5062ea6e45139c

  • SHA256

    435c98d19d8010771c7ae72b4382e3935c26c766627647c6224199a6bb455cd9

  • SHA512

    aebd48f0d6c6761c07c381f2d594ec1dec2296378bd315459e937b0252bc87c7734a4dc58924b423b89fee9aa78492645fe18e392d0ea24048f2a2d60ff49760

  • SSDEEP

    3072:CEGh0ozl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGBldOe2MUVg3vTeKcAEciTBqr3jy9

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_b9c344d3fcb706381d7a9671dcc9e478_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_b9c344d3fcb706381d7a9671dcc9e478_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Windows\{7C6B17F2-63F2-4dd0-9DBB-8320D994C118}.exe
      C:\Windows\{7C6B17F2-63F2-4dd0-9DBB-8320D994C118}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1552
      • C:\Windows\{0E21C972-3375-448f-9597-5092D87A7B5E}.exe
        C:\Windows\{0E21C972-3375-448f-9597-5092D87A7B5E}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4472
        • C:\Windows\{52777205-A495-4eca-97ED-F3EADA4D7ECE}.exe
          C:\Windows\{52777205-A495-4eca-97ED-F3EADA4D7ECE}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1404
          • C:\Windows\{EEA5ACE3-5D4E-4296-BB69-1411929581F2}.exe
            C:\Windows\{EEA5ACE3-5D4E-4296-BB69-1411929581F2}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1488
            • C:\Windows\{16D3533A-58A2-4763-8523-1E12419AD53A}.exe
              C:\Windows\{16D3533A-58A2-4763-8523-1E12419AD53A}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3996
              • C:\Windows\{0FAB12B4-AFF6-48c0-BE65-ECC00933B3E1}.exe
                C:\Windows\{0FAB12B4-AFF6-48c0-BE65-ECC00933B3E1}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4392
                • C:\Windows\{39F9AF00-B19B-498b-97E5-812871CFE410}.exe
                  C:\Windows\{39F9AF00-B19B-498b-97E5-812871CFE410}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:3384
                  • C:\Windows\{BBDDEEF9-80F9-4ede-9821-C2DECA1AE7A5}.exe
                    C:\Windows\{BBDDEEF9-80F9-4ede-9821-C2DECA1AE7A5}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:636
                    • C:\Windows\{C236F996-2B9F-4d31-82DA-AF33EFCCF691}.exe
                      C:\Windows\{C236F996-2B9F-4d31-82DA-AF33EFCCF691}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1260
                      • C:\Windows\{159755B9-30A5-4b60-AB48-7D0CDED07A0F}.exe
                        C:\Windows\{159755B9-30A5-4b60-AB48-7D0CDED07A0F}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4884
                        • C:\Windows\{3FA5CE45-A5C3-457e-AAA3-3FC02C3E8988}.exe
                          C:\Windows\{3FA5CE45-A5C3-457e-AAA3-3FC02C3E8988}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1736
                          • C:\Windows\{4C5E7766-533B-4081-B2BF-08EB8149FA29}.exe
                            C:\Windows\{4C5E7766-533B-4081-B2BF-08EB8149FA29}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:2996
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3FA5C~1.EXE > nul
                            13⤵
                              PID:1568
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{15975~1.EXE > nul
                            12⤵
                              PID:4232
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C236F~1.EXE > nul
                            11⤵
                              PID:4524
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{BBDDE~1.EXE > nul
                            10⤵
                              PID:4012
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{39F9A~1.EXE > nul
                            9⤵
                              PID:3840
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0FAB1~1.EXE > nul
                            8⤵
                              PID:3032
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{16D35~1.EXE > nul
                            7⤵
                              PID:1584
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{EEA5A~1.EXE > nul
                            6⤵
                              PID:2408
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{52777~1.EXE > nul
                            5⤵
                              PID:2924
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0E21C~1.EXE > nul
                            4⤵
                              PID:2308
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7C6B1~1.EXE > nul
                            3⤵
                              PID:2356
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2660

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0E21C972-3375-448f-9597-5092D87A7B5E}.exe
                            Filesize

                            408KB

                            MD5

                            ff6af9a6273e1ac0ab3d497139c37143

                            SHA1

                            9ae2d96271271746f3184727b837e95c341bd2f4

                            SHA256

                            6cfa5b428611e93012190f93a4626ebb1a708bc2b952568f6d7a3054095bdbd6

                            SHA512

                            bb85043384638c6186c2a0e6c3339143938b84c349e8dc10cdcc601f06189096d354f9ab3f33537a6c255004c0491269fcc0fc0b7f781d4cc673524c37a6e347

                            Download Submit

                          • C:\Windows\{0FAB12B4-AFF6-48c0-BE65-ECC00933B3E1}.exe
                            Filesize

                            408KB

                            MD5

                            c649f5b34f8a7665ac7f9cf8567d4788

                            SHA1

                            5d1c2cec86893f5f621dbba81585a22669a82037

                            SHA256

                            7adba9a826edac3916dbf53cea218aa43c5f3ae70f7d172069c431fe38d56dbf

                            SHA512

                            378070ec13b26cb93b78cc22f545fdc78b81a370c3d8be1c3166de27b3ffdef6613f7baa98e63260df19b4eae7f9a9063d480c9b9bd4c71eafc233c264206043

                            Download Submit

                          • C:\Windows\{159755B9-30A5-4b60-AB48-7D0CDED07A0F}.exe
                            Filesize

                            408KB

                            MD5

                            beb865cb4cbfecae7a6ee35aa3cc89e4

                            SHA1

                            bad041ccf82af5306aee089831cfe0482fc60bc3

                            SHA256

                            790ae81f2b83d2c298eace62942b7696da88d4a8ab3331f82db7a0e5ffac0d9f

                            SHA512

                            90eeb7f3a23aef233d2d922c56fb33dd5b57d02a702fd07ab0538cb3b3dd8c92dd8345769471bb648d0c0856cee000b0a8777e9a5e4761cdc0ae6a00d30ca41a

                            Download Submit

                          • C:\Windows\{16D3533A-58A2-4763-8523-1E12419AD53A}.exe
                            Filesize

                            408KB

                            MD5

                            3e05dbe764f4d1ac089d59bf9469028a

                            SHA1

                            5e9f4a3f38f79c7d7fe59431ba28aa22c147167c

                            SHA256

                            53c34b3cec71b7dff848f7923a4e9b3370e3209d1466056795b278047e7233f5

                            SHA512

                            3bd1f7c552b1048b181c5da4a7778b4fda4df44c026a45eabc196ec66bbd894203a457912150b9f236861d86681ba86940ff715ffabea1157fd8343f655f3a02

                            Download Submit

                          • C:\Windows\{39F9AF00-B19B-498b-97E5-812871CFE410}.exe
                            Filesize

                            408KB

                            MD5

                            a427f47e8116116918ba3e43c79da06f

                            SHA1

                            71ce744ca0556f55a66f132b1a9359757d327726

                            SHA256

                            4266f80adebf32e5722f2d3ff1be5eeccfbf89545d458c00103f42e5f93e6ab9

                            SHA512

                            45318fcc88fa1a8bee0e17226de42cb4bb3874135ad0ca756f8dbc56471b233f848629534a2da1b44af7c050feb235c2dc6c86d6f0e221d846cbd36d2787f01c

                            Download Submit

                          • C:\Windows\{3FA5CE45-A5C3-457e-AAA3-3FC02C3E8988}.exe
                            Filesize

                            408KB

                            MD5

                            4602431728ffaf96e541a02d95783278

                            SHA1

                            ec58ab1755925bb72549409aa38bcfa5dd72141a

                            SHA256

                            2056a7c6d9f4a9b9c554c40b22afaa15a8e75ef059c0f91a80f5cf4867a45dac

                            SHA512

                            a4c84058be1de8e08f82b921664d894802056ad7ca10f331d9c93f7ee7ca5f6783e56ca56062076f821ef0363bf27fd873e7954fc012e212a5f40c6ec48f1596

                            Download Submit

                          • C:\Windows\{4C5E7766-533B-4081-B2BF-08EB8149FA29}.exe
                            Filesize

                            408KB

                            MD5

                            db3ee12adc6ca475eb0417a2e349d154

                            SHA1

                            e6d6943f417b198f936d48f45d574a0ecfe61a32

                            SHA256

                            27d4f2b7e6be3996c292f82f422804ee61affe883ab830d78ce977069b503de2

                            SHA512

                            cd40c7776de37d1d82c8436b4041542fa4b165617dadd6d48e31d2e01d714f29274cf28092c899959ee5b87818b28667beccd0da16510fb527f493ec9ae20a7a

                            Download Submit

                          • C:\Windows\{52777205-A495-4eca-97ED-F3EADA4D7ECE}.exe
                            Filesize

                            408KB

                            MD5

                            65817c37315cc07df79cc6f72a638efe

                            SHA1

                            5a4aefff8cf560106489543af64b56335496b5eb

                            SHA256

                            53ec9ee196f6db379634fa0a585fa2ddfb28fe1682723863e34e32cd7b49da7f

                            SHA512

                            50a4e57a9b3c44d3433305106296a8bb694767e288c61810901c6d5d159064178002c3c5bb5943f35793924cd97ae6e425161bb5575a70266a4941dba060bcf3

                            Download Submit

                          • C:\Windows\{7C6B17F2-63F2-4dd0-9DBB-8320D994C118}.exe
                            Filesize

                            408KB

                            MD5

                            5f4cea64153e2200da933ddfb83f01bb

                            SHA1

                            4dd48f40786c32724e9c3cd1fee6c58f7110691f

                            SHA256

                            7087191e0cc6686e60735ba7dd8512d5cfbd4045ea56eeb471844f48ec737f86

                            SHA512

                            5ed59f52251625b17bb5539840fdbd8e5af1c83703a169fd927edf20c877384d3bfd327ac4073fa9dd815fdfb6ce5e61c034eda749a9126281169ec78cc4fdb7

                            Download Submit

                          • C:\Windows\{BBDDEEF9-80F9-4ede-9821-C2DECA1AE7A5}.exe
                            Filesize

                            408KB

                            MD5

                            95214e8d04e42eec0f4cbb3e86129d37

                            SHA1

                            dd9fb0e911b60942e73cc75b1eb5fa5bf925933c

                            SHA256

                            a49de8d3b321bef9676516a7d29a3d600c423f19ef384a9cf0576556489afdec

                            SHA512

                            464c0f74fc4a1b5f74b726c24eefc69db7d6aa26d9054e5c4cb92f0670c297ed900e188c855bb0f517b69b92dacf10520bbd76e90f7e13a45a75658525155582

                            Download Submit

                          • C:\Windows\{C236F996-2B9F-4d31-82DA-AF33EFCCF691}.exe
                            Filesize

                            408KB

                            MD5

                            75af6dd2e71682f2716d474a23fff9dc

                            SHA1

                            f8afc57171c1bad291ced8898becd6c1a6d759d5

                            SHA256

                            59dc6a046b06d121ca78770b680931c3a6e7ece45d6b23ceb3c296e9883f358e

                            SHA512

                            a7f1afddb0a83048404e74382c3ddab9d1f89213038ae1564fb3a2191e4c8fe7b5cf144cfd3ed608ee4461aa683c824daaa60acac3b3459f764559fbd30d861c

                            Download Submit

                          • C:\Windows\{EEA5ACE3-5D4E-4296-BB69-1411929581F2}.exe
                            Filesize

                            408KB

                            MD5

                            4603b44e475c3bd2d427b467d56ddead

                            SHA1

                            7a157a483ee80a17f1ad3b6e40f3ddffebe34760

                            SHA256

                            da8df52f2f669dd55235ddcd9328a625ade1d98a58296b7b11541004e284870d

                            SHA512

                            67b82b577e70f7bb3ace601433ab18920f52d7fc97d386a7c71ef6c8a3b78ce83e4eb7ea4d450a081dd1932a7a643b341898ca47d7ca04b404deb5878c94675c

                            Download Submit