Overview

overview

10

Static

static

10

2024-02-28...ye.exe

windows7-x64

9

2024-02-28...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_509382799a17de1c3a2046305887d5b8_goldeneye.exe

  • Size

    204KB

  • MD5

    509382799a17de1c3a2046305887d5b8

  • SHA1

    1de92885d4e07570266d9c00850e5019e7eab23e

  • SHA256

    7ac275cc486d48113ffd1f88351ce68d8aec7538207d0c083b8aabded5b8952b

  • SHA512

    7527570a5be123385e34e6c0e7fb11a5d729f97ca74d1b0b1fdcd13249e6d0ce8da441121b38a31840f00ef63705410a844d187dab2078a97e8fdc144ee18115

  • SSDEEP

    1536:1EGh0oOl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oOl1OPOe2MUVg3Ve+rXfMUy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_509382799a17de1c3a2046305887d5b8_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_509382799a17de1c3a2046305887d5b8_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Windows\{985FEE3C-E653-4bea-BE4B-1CF9412CA30F}.exe
      C:\Windows\{985FEE3C-E653-4bea-BE4B-1CF9412CA30F}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5112
      • C:\Windows\{56094CDE-B7A2-429d-8A9F-CDAD28A1C0AD}.exe
        C:\Windows\{56094CDE-B7A2-429d-8A9F-CDAD28A1C0AD}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1616
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Windows\{56094~1.EXE > nul
          4⤵
            PID:4108
          • C:\Windows\{C58A6D78-2369-4e46-B181-05A9DAC25532}.exe
            C:\Windows\{C58A6D78-2369-4e46-B181-05A9DAC25532}.exe
            4⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1948
            • C:\Windows\{92C08ADC-CB41-4bcc-A9C0-5AD258F6ABBC}.exe
              C:\Windows\{92C08ADC-CB41-4bcc-A9C0-5AD258F6ABBC}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4996
              • C:\Windows\{5A229D0D-C93F-4cac-B96F-CB61FEED0088}.exe
                C:\Windows\{5A229D0D-C93F-4cac-B96F-CB61FEED0088}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4668
                • C:\Windows\{59C890DA-F0C2-4da4-9C57-D1C43EE65FC0}.exe
                  C:\Windows\{59C890DA-F0C2-4da4-9C57-D1C43EE65FC0}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2068
                  • C:\Windows\{351EF923-574C-4164-8C4D-586053974B9D}.exe
                    C:\Windows\{351EF923-574C-4164-8C4D-586053974B9D}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4244
                    • C:\Windows\{2893ADCC-1382-4d84-B605-CD3456C6CC6E}.exe
                      C:\Windows\{2893ADCC-1382-4d84-B605-CD3456C6CC6E}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3024
                      • C:\Windows\{5D884D34-B0C4-4af7-803B-D47AFE0EA565}.exe
                        C:\Windows\{5D884D34-B0C4-4af7-803B-D47AFE0EA565}.exe
                        10⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:440
                        • C:\Windows\{B44A4BB3-34AF-4fec-A20A-02502CC4E09E}.exe
                          C:\Windows\{B44A4BB3-34AF-4fec-A20A-02502CC4E09E}.exe
                          11⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:4944
                          • C:\Windows\{D9CB4280-7ACD-47c2-A1CD-06DA89174E1D}.exe
                            C:\Windows\{D9CB4280-7ACD-47c2-A1CD-06DA89174E1D}.exe
                            12⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2708
                            • C:\Windows\{39657954-D025-4e84-A894-5BCB0B93E46A}.exe
                              C:\Windows\{39657954-D025-4e84-A894-5BCB0B93E46A}.exe
                              13⤵
                              • Executes dropped EXE
                              PID:3880
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{D9CB4~1.EXE > nul
                              13⤵
                                PID:1268
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{B44A4~1.EXE > nul
                              12⤵
                                PID:3488
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{5D884~1.EXE > nul
                              11⤵
                                PID:4416
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{2893A~1.EXE > nul
                              10⤵
                                PID:2388
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{351EF~1.EXE > nul
                              9⤵
                                PID:5104
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{59C89~1.EXE > nul
                              8⤵
                                PID:2284
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{5A229~1.EXE > nul
                              7⤵
                                PID:4620
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{92C08~1.EXE > nul
                              6⤵
                                PID:3128
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C58A6~1.EXE > nul
                              5⤵
                                PID:1620
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{985FE~1.EXE > nul
                            3⤵
                              PID:216
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:1856
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
                            1⤵
                              PID:3688

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{2893ADCC-1382-4d84-B605-CD3456C6CC6E}.exe
                              Filesize

                              204KB

                              MD5

                              f2b939af4da90b517170d445e45d8102

                              SHA1

                              4cc587c50a7cd45d7c2db72236349aacb8c987b2

                              SHA256

                              3d415ebf0394cfa35366c5e9a87b812679abd1c1cbe35b98426d8044580ae948

                              SHA512

                              b20b710159a58a3bbeba5f22052d2bd806a23273e603f65d4ee2b06e6e0fbe5dc0dabf60784884e32ff5b2aab624d417f70ed7cd16039f277a725bfde8a64d87

                              Download Submit

                            • C:\Windows\{351EF923-574C-4164-8C4D-586053974B9D}.exe
                              Filesize

                              204KB

                              MD5

                              af77989b458ca4263e827c1497bf1c96

                              SHA1

                              13da83abae628fe740846f91c42389e81fc04a98

                              SHA256

                              f92a6d5c2f0ea1736f12f5c559ad795630bc982f6a147b56ab88c56d4110fec9

                              SHA512

                              0a7f4cfe17fdc966f1b8d8414881d5a74462870fc97f80ed70fbfb2822ad2066e526caabcb0737c151cf337469812e7ffa8ae68b64a151fdcc288da4b9b54f04

                              Download Submit

                            • C:\Windows\{39657954-D025-4e84-A894-5BCB0B93E46A}.exe
                              Filesize

                              204KB

                              MD5

                              ec2d337602b672858f706a38d91ed311

                              SHA1

                              23d77533dafd56aeab4a5e58982915bfdeacbc97

                              SHA256

                              d8142af296918cc44459284d459690cd447710769680ffc6ab7edfe02aeb9ff1

                              SHA512

                              fe9b4812fa93ef5213f46e7cfa7091999d650804375355072d0d28b1e595b7690a99e3839f43c1c58877fe03237e9537677933f3a4d362f1fe22b29b1f825700

                              Download Submit

                            • C:\Windows\{56094CDE-B7A2-429d-8A9F-CDAD28A1C0AD}.exe
                              Filesize

                              204KB

                              MD5

                              fc436dd1a9b0353d40805865d7aea959

                              SHA1

                              13b9b8af6657a0a654c90b707dd789f0a250c8a1

                              SHA256

                              c893d48b4c77f1e72f67db7826d5b97f72396620766b1864586899871e684ee8

                              SHA512

                              8579b8763e8874cd608a38f14a93246e17f8c76ebbc5409711d0c9528a605b94fc44d63ae418a44f9ae1be5e21577866831ff475078d2b78d135d6aea326647a

                              Download Submit

                            • C:\Windows\{59C890DA-F0C2-4da4-9C57-D1C43EE65FC0}.exe
                              Filesize

                              204KB

                              MD5

                              d9087f2d7294b77f6d82d5c912919c64

                              SHA1

                              007c02a9febc5e5d52ebe4bf5855bdcad451d696

                              SHA256

                              19c0fbda96fc854b4760321ed55de90711a581043d7d3fd19521e50ab1fa061c

                              SHA512

                              11bd7bb4a7c6946375c1fa5988c36f23ca2a5d3228bc601fca2dea249e7afb3358bbbca3e85ab8adeb0228389ad6e5670bf6b91b93e5b5ad54d971b6454de634

                              Download Submit

                            • C:\Windows\{5A229D0D-C93F-4cac-B96F-CB61FEED0088}.exe
                              Filesize

                              204KB

                              MD5

                              09deda22cb9f0624216d1729230057bb

                              SHA1

                              4c97a6ce4d321da495db14701f447c9d69deda00

                              SHA256

                              2e956532ddb2c96d78f0d769710fa40ef555809ececefc888319ffadc6b6ae84

                              SHA512

                              b687547042289ab8f5cf90ea07b6c441f29c977ad052595dff9271b9d900d1b767b32b1a8559d6823997e7c0c8a7db60aca597874b02afc87e721ef8e8dd9f7f

                              Download Submit

                            • C:\Windows\{5D884D34-B0C4-4af7-803B-D47AFE0EA565}.exe
                              Filesize

                              204KB

                              MD5

                              c34b052b1c80411810e3428f3e929b12

                              SHA1

                              d63b2c50b9fce144523933d17d2056e61b6f491b

                              SHA256

                              204cc9ef1ea5ba24d5e238b7f13877804d56204c6ad95719dfe0ab952e98d398

                              SHA512

                              383f9b1f528c7a20966282948556b7d7d395d11c516de8a8c7b2153e886e958454982e5c52e5341f0309a4a53546cc2dfa79be12b0691fde5272bc4da03267ce

                              Download Submit

                            • C:\Windows\{92C08ADC-CB41-4bcc-A9C0-5AD258F6ABBC}.exe
                              Filesize

                              204KB

                              MD5

                              c0321eff86778be2553bd62bd9f6fe02

                              SHA1

                              af2bec222f177a4899198ad799743b3101bf5012

                              SHA256

                              444d1f0f74f01c2dcc7ca61fc563165b506ff65c23e5e3dad901dbc57a9d661f

                              SHA512

                              1ed8e677934915065b347ad4f2b3a41df0c84705667313db1c5c7f0e5b90aded965336b5ae85fe62e244967e1045818ceab59131d191f908e20d24b3775787a1

                              Download Submit

                            • C:\Windows\{985FEE3C-E653-4bea-BE4B-1CF9412CA30F}.exe
                              Filesize

                              204KB

                              MD5

                              ddbfd420ad3f7eb2381a168d157502d2

                              SHA1

                              65a6128120a65f46bd53d62a76b14bd749e14026

                              SHA256

                              cacdc390834002f1452cb78bfa927238b53be57e702090b2dc1e44c8b68c8ff0

                              SHA512

                              617675434b57288e7473a1be83fc7d608e746d43f8383d1ecc2d8788cfd15c98823e4b34a0d4b277d91a9c40d75c8bddaae5da8f82ad16453af757b24db93ba3

                              Download Submit

                            • C:\Windows\{B44A4BB3-34AF-4fec-A20A-02502CC4E09E}.exe
                              Filesize

                              204KB

                              MD5

                              10f92a44d0d57f79642e1f3120088b66

                              SHA1

                              3ab2b80753612729621b42035477d38519bf3183

                              SHA256

                              a5e4576163f099cc9204304062174ba0acb43b8f11458021e9cd9a9fc7349c9e

                              SHA512

                              fe8a6fe4729778409405603aad056a9cc0327c6c147ed25303b8dfd85a9fc6f172cf81ead56319671b2da4f85addf70435ee8280c3e1ce6d0d3cca7b6add5036

                              Download Submit

                            • C:\Windows\{C58A6D78-2369-4e46-B181-05A9DAC25532}.exe
                              Filesize

                              204KB

                              MD5

                              e26b37e0a1e4ebc21fe22df6b8c89777

                              SHA1

                              a7245b7f85b6b4e384f0f4bd242e0f055ea6d3d7

                              SHA256

                              75179cb839a6bf3bd73a749d7e8809f31f43a00063392c35a840939eba8f5e0a

                              SHA512

                              b4f7b9be812c684aacf0c826108e4f15a5b8d24e1425c4df18b3b74cab31d3064c4b64759bd0ade5f2d9ef72506eba4aafd9822a16bf506e8b57cb908281d8b5

                              Download Submit

                            • C:\Windows\{D9CB4280-7ACD-47c2-A1CD-06DA89174E1D}.exe
                              Filesize

                              204KB

                              MD5

                              35514938ebaec6515285355aa530b619

                              SHA1

                              d297b787b7f369ca61d41dd55fd92c325a1ffab7

                              SHA256

                              dcce271040fbba0279735d445357ff1c4245f0576daf278645d7f798c1a079d1

                              SHA512

                              c1587c95b4949b74508f5ec66cda6db7c53043c3045e14458972de9d2bd2eed0ee62ca39f65622a170427c00f7d4f539dd79e5d2a86b75d95a3f29618d94ce70

                              Download Submit