Overview

overview

10

Static

static

10

2024-03-05...ye.exe

windows7-x64

9

2024-03-05...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-03-2024 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-05_35ce086511f910175549a32949c56ac3_goldeneye.exe

  • Size

    344KB

  • MD5

    35ce086511f910175549a32949c56ac3

  • SHA1

    08571b7d3b1a4198a19edbe6c49804bad2bf519f

  • SHA256

    d349ee6d0de9f06fe8699b90f7ad82a93ade497bd3fc52642009b7b7877afca3

  • SHA512

    fa5c22cb0a57130bae13b001abe29d766eae90ee6b37bd7176db2106b5f1f4a8c05875cdd4c678e53a2b6fb359c9d700cc3a3e38706d467700c2ad94db87327d

  • SSDEEP

    3072:mEGh0ohlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEG3lqOe2MUVg3v2IneKcAEcA

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-05_35ce086511f910175549a32949c56ac3_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-05_35ce086511f910175549a32949c56ac3_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Windows\{C9FF418F-FA64-43a8-BAEB-C4D61A4039CE}.exe
      C:\Windows\{C9FF418F-FA64-43a8-BAEB-C4D61A4039CE}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3120
      • C:\Windows\{EC6EAC88-1E1C-49cd-BD3C-26B284B59267}.exe
        C:\Windows\{EC6EAC88-1E1C-49cd-BD3C-26B284B59267}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3692
        • C:\Windows\{2FFE8126-F7F0-477c-9040-6525D2A48B22}.exe
          C:\Windows\{2FFE8126-F7F0-477c-9040-6525D2A48B22}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3448
          • C:\Windows\{C1FCFEDE-DCBB-4d5f-9D2C-11A1CA4EE151}.exe
            C:\Windows\{C1FCFEDE-DCBB-4d5f-9D2C-11A1CA4EE151}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3540
            • C:\Windows\{E09B7D99-A1DB-44da-A0C7-CD8D4A50D7D7}.exe
              C:\Windows\{E09B7D99-A1DB-44da-A0C7-CD8D4A50D7D7}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1568
              • C:\Windows\{D48B0E67-4A17-4616-9C62-BAFAEFF5AB4F}.exe
                C:\Windows\{D48B0E67-4A17-4616-9C62-BAFAEFF5AB4F}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1296
                • C:\Windows\{C567AB3F-DAF5-4ed4-951E-1310CCC22026}.exe
                  C:\Windows\{C567AB3F-DAF5-4ed4-951E-1310CCC22026}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2472
                  • C:\Windows\{9306E198-2C21-459d-8253-602645E07C6B}.exe
                    C:\Windows\{9306E198-2C21-459d-8253-602645E07C6B}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2088
                    • C:\Windows\{3F855E90-5904-47f3-A021-6DCE4CABEA38}.exe
                      C:\Windows\{3F855E90-5904-47f3-A021-6DCE4CABEA38}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:5112
                      • C:\Windows\{567822CD-63DE-4790-87B0-60A4F530A544}.exe
                        C:\Windows\{567822CD-63DE-4790-87B0-60A4F530A544}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:3848
                        • C:\Windows\{EC4152DC-9043-4dd4-84AA-26B7CCE97300}.exe
                          C:\Windows\{EC4152DC-9043-4dd4-84AA-26B7CCE97300}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2468
                          • C:\Windows\{C818929C-80D7-438e-95D2-A45AF910C183}.exe
                            C:\Windows\{C818929C-80D7-438e-95D2-A45AF910C183}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:3236
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{EC415~1.EXE > nul
                            13⤵
                              PID:1864
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{56782~1.EXE > nul
                            12⤵
                              PID:1840
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3F855~1.EXE > nul
                            11⤵
                              PID:3752
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{9306E~1.EXE > nul
                            10⤵
                              PID:4068
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C567A~1.EXE > nul
                            9⤵
                              PID:3920
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D48B0~1.EXE > nul
                            8⤵
                              PID:1184
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E09B7~1.EXE > nul
                            7⤵
                              PID:2640
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C1FCF~1.EXE > nul
                            6⤵
                              PID:2648
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2FFE8~1.EXE > nul
                            5⤵
                              PID:2052
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{EC6EA~1.EXE > nul
                            4⤵
                              PID:3340
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C9FF4~1.EXE > nul
                            3⤵
                              PID:848
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:840

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{2FFE8126-F7F0-477c-9040-6525D2A48B22}.exe
                            Filesize

                            344KB

                            MD5

                            d14688898e8e2548bc31f32160d9d4af

                            SHA1

                            fe28e6623e230c9b3a43b1c6cc69d33460113b86

                            SHA256

                            4d6bdfd8331d1b6d327ea782dde833be797cc13f4f5d121fac2433f1f52a21a2

                            SHA512

                            9c07e398b55eb5fea8ee7e8bd3bd5494a77369ae1eeb255862d067a0da86d7493f89b46d35a630890efc2ac7d1cc12aadd968e206faec45403a3e5326eaa60ad

                            Download Submit

                          • C:\Windows\{3F855E90-5904-47f3-A021-6DCE4CABEA38}.exe
                            Filesize

                            344KB

                            MD5

                            0ddefab320f9ce9acd4a40490493559d

                            SHA1

                            14428c558c119657cc5f27e16616fb3c1fb4d0b9

                            SHA256

                            5fb29262bd9efa400730c1973c9fb8fe9f74026b4643e86db9b1035127de4c20

                            SHA512

                            55ce0a08c79bc734da74c91d6078625a66ff56e1eddb94d72854fbf51ec50f2c2628a0ee90d241ca3b8c6604e96806313eb5356e21a199c1b3e31ac18a655552

                            Download Submit

                          • C:\Windows\{567822CD-63DE-4790-87B0-60A4F530A544}.exe
                            Filesize

                            344KB

                            MD5

                            9c3f70e6323b1807cfa535980218891d

                            SHA1

                            fbcccdec877c3010908972b53c947f817032e4b7

                            SHA256

                            b749eb03cb8e5981f4080fbe2228fe6afdb604c0840d7f38eb46afda234c22fe

                            SHA512

                            3ad04192008cd5fa3fcc894250c5311d5017b42619d43e76e191966e67f4c8221e1ac29180d5d0ab5ae8e1382fa86fb019f93fdd012237b9f38593efa7c1a38d

                            Download Submit

                          • C:\Windows\{9306E198-2C21-459d-8253-602645E07C6B}.exe
                            Filesize

                            344KB

                            MD5

                            42eac9c8c10c78b8f049d5aa7fa94c02

                            SHA1

                            7784821b4b154b97b8f16c05bc26d726aab83410

                            SHA256

                            5670c87bd5ab8059ac86473c5b6aefe78427ef753af20d2da0594dcf96ff409d

                            SHA512

                            d5ebf61ff3434187c8bbdc4057d0853b309c0db5d4e06bf08810d6cf1c94a7f6945612a940580c81c895dafdda84ca5d420bf08e36cbc4cc11594c02fd59e8f6

                            Download Submit

                          • C:\Windows\{C1FCFEDE-DCBB-4d5f-9D2C-11A1CA4EE151}.exe
                            Filesize

                            344KB

                            MD5

                            6f7ae802a2dcbcd7c9319b1b993befa5

                            SHA1

                            1785801bc6b4bf53b555888b096046d117d47265

                            SHA256

                            3b4eb3d53c790349d4c208cd11b5ef11e9e18d7bbd80c032af710ca3b2f1e035

                            SHA512

                            cd289e455a5a81626d6d1f45e60e2800f45a9f58b71e76453977e101f9a9621ba2f2f4d98df25b1abd50fa363c651e4a49c9d8fa7400dacfedcf24eb809ee4ef

                            Download Submit

                          • C:\Windows\{C567AB3F-DAF5-4ed4-951E-1310CCC22026}.exe
                            Filesize

                            344KB

                            MD5

                            c29464b16fb593312bae7f887fa4d79e

                            SHA1

                            4abf236aa1f5f3477ae1930791dd384f87f677c9

                            SHA256

                            fcc7f6e080f0e03ae3680ac8ede8164332c9590e7a983e79f9d8def747000115

                            SHA512

                            3170b441292d6077153b3aef0d542ceb5343565ad45928ae17e341f9bd464230cb2bb264ab94794ea0a736b7909a28ee6ce832719b9ee8199da1981e85037e9f

                            Download Submit

                          • C:\Windows\{C818929C-80D7-438e-95D2-A45AF910C183}.exe
                            Filesize

                            344KB

                            MD5

                            e43f190872f81caccd2ca555443caa0f

                            SHA1

                            54dfaebe155ae3a4b2a1ea05664a913ff8190b79

                            SHA256

                            14cab142b469898e0b4ae1c49025708ea98fc1380b48250ad2f26e8ce4b50aef

                            SHA512

                            3133b32c125b9ca51462286240a76a4deac033344b1826281de3e811563027c9c5178f6a874ac57b0b6b714d1ba9673f4d9197e755b83897d35075f9da94eeab

                            Download Submit

                          • C:\Windows\{C9FF418F-FA64-43a8-BAEB-C4D61A4039CE}.exe
                            Filesize

                            344KB

                            MD5

                            6209e74ec664b05b914eea92f81d8d16

                            SHA1

                            0c029d074cff9782ebf6104399f63c38d4fb3f94

                            SHA256

                            4690b19b51d09e360cbd331087307e58bf7ebd439b77fb6ccb6e7b034b2ca46f

                            SHA512

                            9eaf880c026db3d1e7e84b1380f510a0c07637f53d375600dd857dd8d6368c14251842b276aad8636527e3a54f5be30456ffc2fb9c82a0da855cca0dc55f1e3f

                            Download Submit

                          • C:\Windows\{D48B0E67-4A17-4616-9C62-BAFAEFF5AB4F}.exe
                            Filesize

                            344KB

                            MD5

                            829bf9f74572478d8c085bc6fedd647b

                            SHA1

                            011d6d7c4a4aeaf28db8a273b43107a3af307f26

                            SHA256

                            712809c5bfc545ecb1246c233a645f7cc90905225231a1563618f71b430dc3e6

                            SHA512

                            eb20ab99dae9bd5b9bcaaff841195246699705f75471f47e5301ef054d561389aae1f01f909cd3b2e6d1101afdb71f5733b8c77a12dc6abb28bfa6362c2df280

                            Download Submit

                          • C:\Windows\{E09B7D99-A1DB-44da-A0C7-CD8D4A50D7D7}.exe
                            Filesize

                            344KB

                            MD5

                            15d52be6f20be77c905d11f238e82fab

                            SHA1

                            1e8b96e67f20d356af085adaf457e3390bc124a4

                            SHA256

                            1dd9624f333ed789f88293e39ae54d87ba4322362d7b7457ec2636819a7ca64a

                            SHA512

                            a77259ef3670567839af11fb710da8f7df144fe10b0b8c7adbb7256ec948c27f822e251ee9f378acd5d50dccf5a949a94f8553396bb9d601647be81a88fa1835

                            Download Submit

                          • C:\Windows\{EC4152DC-9043-4dd4-84AA-26B7CCE97300}.exe
                            Filesize

                            344KB

                            MD5

                            2c7a2ea7a8cec1f92b5f60f867743f13

                            SHA1

                            9891d553cf8037f184d2ee97c7153144cb7b1d5f

                            SHA256

                            08e3c4e12029587eaca5eea1c9928893877d9f79dc8da754c17902ab0f16bc3f

                            SHA512

                            d1f8a5a5281ebd23401e48aac1bd1b7ef11a939f227594baea4b7f071a699c30a81a5e9afbff398d75323871e8bcd60a20602ffc872889d67466896027a441ca

                            Download Submit

                          • C:\Windows\{EC6EAC88-1E1C-49cd-BD3C-26B284B59267}.exe
                            Filesize

                            344KB

                            MD5

                            220465f005cc716f8f1142b0dcf98551

                            SHA1

                            34711c64c14809ed8e8931bd855a3f21c066c2c4

                            SHA256

                            3ad579e33bffc7c72ed8e1f3c675d854111728bc39d1577b7f47b682c8b5c2b9

                            SHA512

                            cbe91b7e5cbd0afa36faf33aad8ce0120e3a098cc9a16944006e3b0ac3dea13fce624b98267759245d67018544fcb3436dc12056cd22e92409e83a88bcc7e623

                            Download Submit