Overview

overview

10

Static

static

10

2024-02-29...ye.exe

windows7-x64

9

2024-02-29...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    152s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/02/2024, 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-29_a30d8203a447e8dccb64619da78f857a_goldeneye.exe

  • Size

    168KB

  • MD5

    a30d8203a447e8dccb64619da78f857a

  • SHA1

    7f366fe236b041ef78db70420c1163db42c8135f

  • SHA256

    0e18928295cb9fc9912d5806916a1611b8b4dc442d5c98f0a396e4a0b08131fa

  • SHA512

    deaa73d6799cf217fc7793a5364669e4a940b5ac85fc9913d3c60c7beb0b72058137a1fe98294094486812cf7c90b4f941409de1f0352bc6e6b53bdbea2db79e

  • SSDEEP

    1536:1EGh0oOlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oOlqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 13 IoCs
  • Modifies Installed Components in the registry 2 TTPs 26 IoCs
    persistence
  • Executes dropped EXE 13 IoCs
  • Drops file in Windows directory 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-29_a30d8203a447e8dccb64619da78f857a_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-29_a30d8203a447e8dccb64619da78f857a_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Windows\{A8DF5045-C466-44c1-8BD8-2788608C948C}.exe
      C:\Windows\{A8DF5045-C466-44c1-8BD8-2788608C948C}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Windows\{FA38EB1D-9C65-40f7-8AE0-35A744A278F8}.exe
        C:\Windows\{FA38EB1D-9C65-40f7-8AE0-35A744A278F8}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3016
        • C:\Windows\{6D162634-6DFF-4d1d-982A-CADA0EBF7897}.exe
          C:\Windows\{6D162634-6DFF-4d1d-982A-CADA0EBF7897}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5068
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c del C:\Windows\{6D162~1.EXE > nul
            5⤵
              PID:32
            • C:\Windows\{FB8D4816-4DB6-45a4-ACD2-5EC298EEE21C}.exe
              C:\Windows\{FB8D4816-4DB6-45a4-ACD2-5EC298EEE21C}.exe
              5⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4856
              • C:\Windows\{DAE78DD3-E695-4ce9-93C0-B7003C30DBF5}.exe
                C:\Windows\{DAE78DD3-E695-4ce9-93C0-B7003C30DBF5}.exe
                6⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2212
                • C:\Windows\{1E3751BA-D477-4e22-B9EC-58D50472E350}.exe
                  C:\Windows\{1E3751BA-D477-4e22-B9EC-58D50472E350}.exe
                  7⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4940
                  • C:\Windows\{CF162904-2FEE-4e94-8ABC-CDF20FC409E6}.exe
                    C:\Windows\{CF162904-2FEE-4e94-8ABC-CDF20FC409E6}.exe
                    8⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:484
                    • C:\Windows\{91EF9781-A93B-44ec-B981-5BDD866BDF2E}.exe
                      C:\Windows\{91EF9781-A93B-44ec-B981-5BDD866BDF2E}.exe
                      9⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3956
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{91EF9~1.EXE > nul
                        10⤵
                          PID:2972
                        • C:\Windows\{0B4E0C05-3367-41d4-A6FB-458F75C6E493}.exe
                          C:\Windows\{0B4E0C05-3367-41d4-A6FB-458F75C6E493}.exe
                          10⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:4484
                          • C:\Windows\{BD06F96E-D1D7-49d7-A1D8-5F3CF92E8CD4}.exe
                            C:\Windows\{BD06F96E-D1D7-49d7-A1D8-5F3CF92E8CD4}.exe
                            11⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of WriteProcessMemory
                            PID:448
                            • C:\Windows\{6C0BBD9F-A85F-4cb6-B8CC-398FC4B8E540}.exe
                              C:\Windows\{6C0BBD9F-A85F-4cb6-B8CC-398FC4B8E540}.exe
                              12⤵
                              • Modifies Installed Components in the registry
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2788
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{6C0BB~1.EXE > nul
                                13⤵
                                  PID:3120
                                • C:\Windows\{9F4171EF-DA54-44aa-BF69-8940E82ACF39}.exe
                                  C:\Windows\{9F4171EF-DA54-44aa-BF69-8940E82ACF39}.exe
                                  13⤵
                                  • Modifies Installed Components in the registry
                                  • Executes dropped EXE
                                  • Drops file in Windows directory
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:3800
                                  • C:\Windows\{4FED47A5-0C04-40b8-B40B-A16F5C06BE35}.exe
                                    C:\Windows\{4FED47A5-0C04-40b8-B40B-A16F5C06BE35}.exe
                                    14⤵
                                    • Executes dropped EXE
                                    PID:3576
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{9F417~1.EXE > nul
                                    14⤵
                                      PID:3792
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{BD06F~1.EXE > nul
                                  12⤵
                                    PID:2180
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{0B4E0~1.EXE > nul
                                  11⤵
                                    PID:2464
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{CF162~1.EXE > nul
                                9⤵
                                  PID:316
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{1E375~1.EXE > nul
                                8⤵
                                  PID:3588
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{DAE78~1.EXE > nul
                                7⤵
                                  PID:380
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{FB8D4~1.EXE > nul
                                6⤵
                                  PID:1132
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{FA38E~1.EXE > nul
                              4⤵
                                PID:4324
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{A8DF5~1.EXE > nul
                              3⤵
                                PID:2796
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                              2⤵
                                PID:1624
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2232 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
                              1⤵
                                PID:4252

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\{0B4E0C05-3367-41d4-A6FB-458F75C6E493}.exe
                                Filesize

                                168KB

                                MD5

                                a76693e6fb80b8fc71cc740d8d79d38b

                                SHA1

                                3007b0663a83df04e782ab612439f8bce7746751

                                SHA256

                                274219c78d09c6b1bc44d8ea6990b846ed13eb869e148898e22db099d3f22a0b

                                SHA512

                                4b538281b823b6f38bbb3fad26a0fb297e1f4db506b27bda258a8b6c335d252a7449f2c4877cbf9d160ce6a981cb41aa528aa0ab45969449315ece0da6555330

                                Download Submit

                              • C:\Windows\{1E3751BA-D477-4e22-B9EC-58D50472E350}.exe
                                Filesize

                                168KB

                                MD5

                                d4a215562d2b1cd0f898424d50feac5d

                                SHA1

                                477525a11874e33e44729902b5f3c2faaeaefbff

                                SHA256

                                22d73e056e02f570278389600be5c88db58d1b301b5d443c833ebd18ea725705

                                SHA512

                                d7f4afacb8adc0654b6185bd461bf9fe0c59060d393d1fecb4e26543741cd4b2c8cecdb67300e3e562a38f5d915ff27cb5db8b39301b03524bbb39cdf24ec2e7

                                Download Submit

                              • C:\Windows\{4FED47A5-0C04-40b8-B40B-A16F5C06BE35}.exe
                                Filesize

                                168KB

                                MD5

                                6966ddf4a8da09e272ea3e5cdf34ff37

                                SHA1

                                6adb5b44044ed4e03ffcc8b027e17c16a523b175

                                SHA256

                                2d6214eef9ed28c7bbd24e8dedfb29794c3c9bcb61133ff16946ef437223c968

                                SHA512

                                743d874421cb72c029a8f57d4477d31f7f6a978569a050e2ce542b2441f23f4758134dc004d379c4025b10d5bf177dc3b717d81e24f9ea8b130c7e433086a92e

                                Download Submit

                              • C:\Windows\{6C0BBD9F-A85F-4cb6-B8CC-398FC4B8E540}.exe
                                Filesize

                                168KB

                                MD5

                                3e2debb2914299706dab3e2ec4d5f0f0

                                SHA1

                                f82ed32250bdcd157d704fb711880ee645e4ee90

                                SHA256

                                29c3bee05164703651494571db104c3f526fb06a9ac6c59fc7b38476accdff58

                                SHA512

                                af83dedebbadf10b03eae4a7ce45431bba07e164601a312983656bc7fcea7f4fa185fb70f0260b44307fb1f61ef5857c47be89fb3bcde1504204d6840bed6c2b

                                Download Submit

                              • C:\Windows\{6D162634-6DFF-4d1d-982A-CADA0EBF7897}.exe
                                Filesize

                                168KB

                                MD5

                                20d8f4f04576223a26d784c7d6dc88d6

                                SHA1

                                779c03ee39dde8619f02cb26d8b49e885e12d3a9

                                SHA256

                                9a5212aece058dd0ff69a8d71f064c61a017a7d520e25b40c970f2de09c674a2

                                SHA512

                                14bbf01900237d0d0327a0a2e054d995ecf16791ae2e700d1bf13087228cc74531c3191813e29fb101c582e0c2543dea1308b8fcd9bc5f1adf711aec0a155487

                                Download Submit

                              • C:\Windows\{91EF9781-A93B-44ec-B981-5BDD866BDF2E}.exe
                                Filesize

                                168KB

                                MD5

                                99dd5c6d51ece639d3300e3c4f75a80b

                                SHA1

                                703c57bf3cfd08db60e09b24c801e12461936439

                                SHA256

                                b1b15179dfd5165b825c09d584c8e5dc380b26d8533e8b2dbae4441dc57f4b99

                                SHA512

                                361245a5ee46bdd66ce62452e312ae42c981f46c13392b3edb8f8b7d5d5c1b1c410eca7a9d600de1dab3f8591550e419ad3cb03a3b6325b1776ad87bd799321d

                                Download Submit

                              • C:\Windows\{9F4171EF-DA54-44aa-BF69-8940E82ACF39}.exe
                                Filesize

                                168KB

                                MD5

                                7bb813c25e5eb5686b6a7d2767c9a398

                                SHA1

                                3a6fabd6e2bf9b40720790c375fc05aa6b9a9e85

                                SHA256

                                47b922d297f4d78b238676cf3e46783b69b0ab022d2f4b9ca200b7a9a2ef1f03

                                SHA512

                                4346ecb7d2fa4ef260aeb93cc256920952b63f26f0a888a3cb1b7cc07b3cb356b6bc0e5efd5a828260a1d4da8cda468f41661bdcb1d84879d54062b674a99312

                                Download Submit

                              • C:\Windows\{A8DF5045-C466-44c1-8BD8-2788608C948C}.exe
                                Filesize

                                168KB

                                MD5

                                b4d2cc680b6fb4f010b7785e58e32773

                                SHA1

                                1e254a68bb318bec3f2c9418c561f85167f66279

                                SHA256

                                a536fe581ad9fc72dfb905056599a4b33d229260c99df48e68e250aa28828fd7

                                SHA512

                                aad5b25b08d975feeaac99dd082928d8da769563f4fe13f5968aab635aa6229e0f35d78a56524601826dbe469550cf317caf3ca67c24d040c0b66dbc8217c1b4

                                Download Submit

                              • C:\Windows\{BD06F96E-D1D7-49d7-A1D8-5F3CF92E8CD4}.exe
                                Filesize

                                168KB

                                MD5

                                443f6c12ed2dd73131672c91e4e3ea8f

                                SHA1

                                a183b6abb4151fe39cb398ee851920b1b4bf8b57

                                SHA256

                                9fb1fccfa769d954088f7ce97df278e03655dad10912f88caf1fef9292affab9

                                SHA512

                                b6939c5a39673e8ab2adab537b32c0559c540380d4f8ddd55c87fc8b1e57ee98c4e0e6e9c41feed3004ef63e3ac5f81b2b71b6321795cb36f05245674210fabc

                                Download Submit

                              • C:\Windows\{CF162904-2FEE-4e94-8ABC-CDF20FC409E6}.exe
                                Filesize

                                168KB

                                MD5

                                e6126e2189fd077597ddaf3e71108cdc

                                SHA1

                                2c59b69c1f465c8fdf63b2f2577534adcc1c3865

                                SHA256

                                5b6fa05c8a2beda1d1c678e111fe1bd9d03d326c4db1b1ae0243b8642bc9e5b7

                                SHA512

                                3a844ab0ce70967b9d96ec66080ec878c478616e60027f2e4a37600d02208a708d2e7890431bacec6fbeaca83cf16423bed90920a0a51e9ccc979505c740f576

                                Download Submit

                              • C:\Windows\{DAE78DD3-E695-4ce9-93C0-B7003C30DBF5}.exe
                                Filesize

                                168KB

                                MD5

                                1c92587004dfcecfb48df5125b2a40e9

                                SHA1

                                6fed4726eeed9d163428580700797dc1aa841e87

                                SHA256

                                cbe1f1feabd9e2e447394b288cfa7e3cce4ef9442a50a624d1b5c20e06918e85

                                SHA512

                                81a2203175394012315c0e6958bb218e71f1d069096a2c39b80dff6d183ee365ebd0873d9f95743d99f5b8521336bf444a6973b5a2f20fe2b2b7e503bb68d4a0

                                Download Submit

                              • C:\Windows\{FA38EB1D-9C65-40f7-8AE0-35A744A278F8}.exe
                                Filesize

                                168KB

                                MD5

                                43ba41a36b6c5c6a9559125d720c0b5b

                                SHA1

                                23877bd4f04a7ddafaeee0aa329f7a50b2ce0fb3

                                SHA256

                                c3cd9b7675b269e9efd017ed1458a42f8487cef2f03d5e2349f00a2c04707308

                                SHA512

                                ac6281086868ced2448f7faf1e300f637938c1565fdde103e49220af358f112cc403ab449f2159948a3e4dc1bd5714b265578145867de7c04b11493090bae993

                                Download Submit

                              • C:\Windows\{FB8D4816-4DB6-45a4-ACD2-5EC298EEE21C}.exe
                                Filesize

                                168KB

                                MD5

                                f85f8e2bca90c0a55dd95a1ae81a122e

                                SHA1

                                56535291b17ecbceb64ef3e08b91a57ca5a3fba3

                                SHA256

                                55656bcfbcae8236799d6512e69627d51df0f7ee5b52e00b75fecc419417b5f8

                                SHA512

                                0acc5d8f1084a5900f9075c66afad6d0c7c44073d2dba2bb6514929f0e7769c12bba95218da5cf93190f6629479f9424fa362736f5685bf3f70393db52be2987

                                Download Submit