Overview

overview

10

Static

static

10

2024-03-05...ye.exe

windows7-x64

9

2024-03-05...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-03-2024 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-05_d8a2d6a4ef75c2ea942165a28f040615_goldeneye.exe

  • Size

    168KB

  • MD5

    d8a2d6a4ef75c2ea942165a28f040615

  • SHA1

    f0cfad101bebf8625a592a90937af0fe0f25e402

  • SHA256

    d367241bcd2b4130028ddd6780247dbceb9e267655e24f147a4f87cb6c6eb79c

  • SHA512

    2e8c6460b21124bda4b87945daefc34c0f54d8f37ac4edc0213876e234b05251383aa6b57be0c63e63763d558901d5a5fa4274b03d41fa03a97c09a73f5c6b09

  • SSDEEP

    1536:1EGh0oVlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oVlqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-05_d8a2d6a4ef75c2ea942165a28f040615_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-05_d8a2d6a4ef75c2ea942165a28f040615_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\{A9C7F03A-666C-41c5-940C-C50B3A6CCB26}.exe
      C:\Windows\{A9C7F03A-666C-41c5-940C-C50B3A6CCB26}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Windows\{3FAA1ECA-1BE2-465d-9F57-57B4320FC903}.exe
        C:\Windows\{3FAA1ECA-1BE2-465d-9F57-57B4320FC903}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2520
        • C:\Windows\{5D2ACD27-2F3F-4c16-96CE-86E0B883BCF2}.exe
          C:\Windows\{5D2ACD27-2F3F-4c16-96CE-86E0B883BCF2}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2728
          • C:\Windows\{EB767A41-B4CA-43c9-B6B2-F17B4BBF26AB}.exe
            C:\Windows\{EB767A41-B4CA-43c9-B6B2-F17B4BBF26AB}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2032
            • C:\Windows\{A09D0FDF-2570-4548-8380-46CD42F3E694}.exe
              C:\Windows\{A09D0FDF-2570-4548-8380-46CD42F3E694}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2736
              • C:\Windows\{10B4AF5E-F1F5-4f6d-BEEA-37C520763CE1}.exe
                C:\Windows\{10B4AF5E-F1F5-4f6d-BEEA-37C520763CE1}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1636
                • C:\Windows\{B6279EB2-6A00-456d-BC7C-666E93714D78}.exe
                  C:\Windows\{B6279EB2-6A00-456d-BC7C-666E93714D78}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1932
                  • C:\Windows\{F941CFA4-136B-4a9d-898B-940A3F323E8C}.exe
                    C:\Windows\{F941CFA4-136B-4a9d-898B-940A3F323E8C}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1628
                    • C:\Windows\{ABE3B9E1-B86D-412c-B70F-D1CD67919D00}.exe
                      C:\Windows\{ABE3B9E1-B86D-412c-B70F-D1CD67919D00}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1324
                      • C:\Windows\{7FFA0E63-B30C-40fb-BCFA-30B1550F653A}.exe
                        C:\Windows\{7FFA0E63-B30C-40fb-BCFA-30B1550F653A}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2096
                        • C:\Windows\{0148771C-C2A2-4c38-A9F2-E62EC6A309CC}.exe
                          C:\Windows\{0148771C-C2A2-4c38-A9F2-E62EC6A309CC}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2268
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7FFA0~1.EXE > nul
                          12⤵
                            PID:548
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{ABE3B~1.EXE > nul
                          11⤵
                            PID:1852
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F941C~1.EXE > nul
                          10⤵
                            PID:1356
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B6279~1.EXE > nul
                          9⤵
                            PID:1100
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{10B4A~1.EXE > nul
                          8⤵
                            PID:2348
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A09D0~1.EXE > nul
                          7⤵
                            PID:876
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{EB767~1.EXE > nul
                          6⤵
                            PID:2740
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5D2AC~1.EXE > nul
                          5⤵
                            PID:1940
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3FAA1~1.EXE > nul
                          4⤵
                            PID:1116
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A9C7F~1.EXE > nul
                          3⤵
                            PID:2544
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2944

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0148771C-C2A2-4c38-A9F2-E62EC6A309CC}.exe
                        Filesize

                        168KB

                        MD5

                        82da03bdd2c753a96f53a6a26d9b3367

                        SHA1

                        2757c15fef62cf8d6b6d94b56fd4c6f09f714c7a

                        SHA256

                        11204606115206342a8fd9b31cca4e787436ff2d61c3235a4b7c2ee379e494ea

                        SHA512

                        9071dd384dbffdf4a56433c109ec2f687024fbdd6f6eae4cb5132d64306e3c2343d82f7cd7c83f293b08d3c256bcc70e8ec54a94155ee94684fe61c5294c4746

                        Download Submit

                      • C:\Windows\{10B4AF5E-F1F5-4f6d-BEEA-37C520763CE1}.exe
                        Filesize

                        168KB

                        MD5

                        507eb33e306e6024e6178cee1141f978

                        SHA1

                        d75d70f82494f2769be0ed057c6874c034308c8b

                        SHA256

                        3a152f8dd7d243d4075b538afa6feadabbe76443f68c5a4961b11e841e971a3f

                        SHA512

                        f92f793ad1e6a4626c6dbc8ca6d9005cc3e2048cc1ffd8d5466b7d97e6541e68907cfc62abb127c92f8443bae482b7acf87f8f7e06085867e5f810dbae9b16e6

                        Download Submit

                      • C:\Windows\{3FAA1ECA-1BE2-465d-9F57-57B4320FC903}.exe
                        Filesize

                        168KB

                        MD5

                        77ae11f836f1d74a44d8ec3122fb7f54

                        SHA1

                        991ca768424117b5ba3012a88a51034caff75e6d

                        SHA256

                        82aa394153571d0044b4bc47db0862dc6eebca64a0f24671ea9ac84f83ec5b4e

                        SHA512

                        a18adcde91b0915ca4bfc33fc4628137399750f8bc3555c5a021d8239d8829d02bf871e297f2dcfc451f6fd243e2caa2f6a995f2e7dcb5e3da03306b46735cd1

                        Download Submit

                      • C:\Windows\{5D2ACD27-2F3F-4c16-96CE-86E0B883BCF2}.exe
                        Filesize

                        168KB

                        MD5

                        3243e8cfb102ceb4bf823c9bcf4b58ff

                        SHA1

                        9fbcaddfb3ea4c11e4ee1ebc902519ccf53ae06c

                        SHA256

                        6478b670abf1062298cd2702744aac85c27247ae8deff277ed1196a1a9b397ad

                        SHA512

                        86c39e0973bba5cbf22e18f411c0f46a0eeda258ef538da6238984f7983795f2893da875c894112b36162ffa3fdc33f4b50b40dc1b2fd3f63d88126320129929

                        Download Submit

                      • C:\Windows\{7FFA0E63-B30C-40fb-BCFA-30B1550F653A}.exe
                        Filesize

                        168KB

                        MD5

                        777d440c3c142069a95a14eb8c288c6c

                        SHA1

                        2b4d590147dce5d99d5adf588195e7def6486096

                        SHA256

                        18d366d7fc640610f0fc2393d16161ade55fbc8c55ab15cdd0bdfe0d94c10805

                        SHA512

                        07e9d0002db10fe38be0a7dda3bdbbe0c5131c9bc3ada8fb5b24f90ba6e51d037c048bc194826797c9086c5e815a310c0caccb01c890ebc8371ae44e525cf1ef

                        Download Submit

                      • C:\Windows\{A09D0FDF-2570-4548-8380-46CD42F3E694}.exe
                        Filesize

                        168KB

                        MD5

                        85df755959d5c634717f375992006a17

                        SHA1

                        9f47833ad8c77273539d46e84a356562cb30a90d

                        SHA256

                        096901f5ac19dcc96f6724ce342219c8a0bd1e08b591dfb5c47a36b7ac06bc71

                        SHA512

                        641572ceda086916eb35767a3ba4af996478a96b028435d9dff13779477dae0a5ff12e1095b6e03cf4574e71c9ed32ff296e8a05f742071e18e8e3be9342c70a

                        Download Submit

                      • C:\Windows\{A9C7F03A-666C-41c5-940C-C50B3A6CCB26}.exe
                        Filesize

                        168KB

                        MD5

                        87c5388f846e26418050c8504c2bd636

                        SHA1

                        4c823dfd577742a168775c4d3c04282a4a3d299d

                        SHA256

                        2ae8466ecb4c5605f54a9d8368efce0c8c6234a129acbdb0249e3dfa3dc067be

                        SHA512

                        3ce5a8948bf0865679cd5c1dd7cf024d27f10e753bca0a28f6dd29e1bb14ed40f00c65e4abfadb8106c356c4e4fa5d43194623e4bdb9b8df049245118b3aa362

                        Download Submit

                      • C:\Windows\{ABE3B9E1-B86D-412c-B70F-D1CD67919D00}.exe
                        Filesize

                        168KB

                        MD5

                        3c3344742fa8d453e10d16948b71a093

                        SHA1

                        c4ef2d83ee2172dbbe20409f99ee152a3d04e734

                        SHA256

                        3cca38700b68b5c262abcc77c0e99a6374716b3b3de8876a5f26307576480bb4

                        SHA512

                        350fe80a32cdd194f5f78c0f123e06d62040f03e24a4c2f529a50ac51f45822c22dd3271b87617934af6b5cd9b222e7e0afd4228019b79e095ad965468de7aff

                        Download Submit

                      • C:\Windows\{B6279EB2-6A00-456d-BC7C-666E93714D78}.exe
                        Filesize

                        168KB

                        MD5

                        5098b461217c779710def4147aeeeaf2

                        SHA1

                        239a8b2897d1e293b7e3b0297a8ce5f68c51732d

                        SHA256

                        eeefb3c8fa45e2e74240ccecb637193c4fbbd373aeae7889bf08a620beb7c8f5

                        SHA512

                        2e2e18ba2fbfbf330db31f46ec377ab752b3cd427ddd6e2583b125664b0327c3c11cb8ac0710928f19e990e48fbc1d15c114412a74e97974ee05fe8ce40528dc

                        Download Submit

                      • C:\Windows\{EB767A41-B4CA-43c9-B6B2-F17B4BBF26AB}.exe
                        Filesize

                        168KB

                        MD5

                        6790c68a540731c88feb2b5d072c7fb0

                        SHA1

                        256e82afcd1fbb9f564c3cc0e8bfcd61a0454fbe

                        SHA256

                        4f88993103e967f95a385f523fdecb08f7bc1007f74dff1197b820ebdbe56410

                        SHA512

                        f851c571ecf1434250308f0fa693e38c0b0428ca20e5d472f32d9d00dc33601fde3b490eecaa99ef3bbf1de45e5081456fdbfb70f048e75a37d51feb722d27eb

                        Download Submit

                      • C:\Windows\{F941CFA4-136B-4a9d-898B-940A3F323E8C}.exe
                        Filesize

                        168KB

                        MD5

                        9b4337231101288e3b46756734256ce6

                        SHA1

                        395876870e3a6b68881625b17ba50260d209e28c

                        SHA256

                        16afa0f9a2021ecb3d7c6c82b63546a7008a9019aab1853466caba2a458691f1

                        SHA512

                        ba42a17d10ed0ee51b85cc5edbf675fe201d268d029b832e090569519630051cee69309b798ad3a80a2167e9fccd7059009bbc0dd0d2bf7e128332f9962776cd

                        Download Submit