Overview

overview

10

Static

static

10

2024-03-05...ye.exe

windows7-x64

9

2024-03-05...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 20:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-05_d8c14787c5d2c4ccb8e4a9a3598dfb47_goldeneye.exe

  • Size

    408KB

  • MD5

    d8c14787c5d2c4ccb8e4a9a3598dfb47

  • SHA1

    816f90f8e1bdf251c7d84eb6a6eaab2dfa6512b7

  • SHA256

    67346c7d08447c9f8805b473b027385d3c57b9a6c6dc14a35e9451c0b9aae0d1

  • SHA512

    386e2faba6378b590026ecfd31da6321fe219437fe2777dad3158a297d7a025b210a5e5e3d5e62338672a6f4ac1f11800f131d1bebac4cf3a4ff26d0184b2975

  • SSDEEP

    3072:CEGh0orl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGVldOe2MUVg3vTeKcAEciTBqr3jy9

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-05_d8c14787c5d2c4ccb8e4a9a3598dfb47_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-05_d8c14787c5d2c4ccb8e4a9a3598dfb47_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\{10A30768-611E-439a-8978-7843DA8255CC}.exe
      C:\Windows\{10A30768-611E-439a-8978-7843DA8255CC}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Windows\{5ACC8C57-9DA4-48a4-B91B-373847C47481}.exe
        C:\Windows\{5ACC8C57-9DA4-48a4-B91B-373847C47481}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2596
        • C:\Windows\{60D75888-F03D-4131-9171-F9E4C67866A4}.exe
          C:\Windows\{60D75888-F03D-4131-9171-F9E4C67866A4}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2480
          • C:\Windows\{44BB33AE-6847-404f-914D-267A5C9F0863}.exe
            C:\Windows\{44BB33AE-6847-404f-914D-267A5C9F0863}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2232
            • C:\Windows\{74D73A78-1D01-465a-86C0-1C95A5EEB718}.exe
              C:\Windows\{74D73A78-1D01-465a-86C0-1C95A5EEB718}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1512
              • C:\Windows\{F59C7E25-6CD0-47a2-8AFE-B134EA672F88}.exe
                C:\Windows\{F59C7E25-6CD0-47a2-8AFE-B134EA672F88}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2768
                • C:\Windows\{BE503E71-91DC-4252-88E6-3AB1E174E9F9}.exe
                  C:\Windows\{BE503E71-91DC-4252-88E6-3AB1E174E9F9}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2148
                  • C:\Windows\{2A1915F3-DE75-4a12-9E3C-FC0705998216}.exe
                    C:\Windows\{2A1915F3-DE75-4a12-9E3C-FC0705998216}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:976
                    • C:\Windows\{87845A07-25AA-49b3-B6D0-CE70B7371BBA}.exe
                      C:\Windows\{87845A07-25AA-49b3-B6D0-CE70B7371BBA}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:760
                      • C:\Windows\{028846F9-CD24-4fb4-95BE-D38FE96FDCD5}.exe
                        C:\Windows\{028846F9-CD24-4fb4-95BE-D38FE96FDCD5}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2504
                        • C:\Windows\{1AD7EFD8-E586-47dd-B773-066FE1803E4B}.exe
                          C:\Windows\{1AD7EFD8-E586-47dd-B773-066FE1803E4B}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:3036
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{02884~1.EXE > nul
                          12⤵
                            PID:844
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{87845~1.EXE > nul
                          11⤵
                            PID:2992
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2A191~1.EXE > nul
                          10⤵
                            PID:1744
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BE503~1.EXE > nul
                          9⤵
                            PID:2464
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F59C7~1.EXE > nul
                          8⤵
                            PID:888
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{74D73~1.EXE > nul
                          7⤵
                            PID:1652
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{44BB3~1.EXE > nul
                          6⤵
                            PID:2584
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{60D75~1.EXE > nul
                          5⤵
                            PID:336
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5ACC8~1.EXE > nul
                          4⤵
                            PID:2936
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{10A30~1.EXE > nul
                          3⤵
                            PID:2540
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2556

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{028846F9-CD24-4fb4-95BE-D38FE96FDCD5}.exe
                        Filesize

                        408KB

                        MD5

                        3d58d2bbbe149e9455c9ffaaaaffa499

                        SHA1

                        8b6de6675fb44d4c76d8edbb0b02391b393b37bc

                        SHA256

                        4b6195c67262cd816583917155f5cd882246c27f037cc6fce1cde662e7e3c618

                        SHA512

                        51bb7aa4accaf2a8032b3472b0f6e20f6e904793ecf86f4b4d647bfbed1b7b5ff03fe5167916abe6dea04e692e767b717cb246c2f81557b79b19a73dfc4766a3

                        Download Submit

                      • C:\Windows\{10A30768-611E-439a-8978-7843DA8255CC}.exe
                        Filesize

                        408KB

                        MD5

                        98f4500d46b67c19830b18052c0b4ee1

                        SHA1

                        0597bf678396a305fed9dfe78efa93b5b8b1c866

                        SHA256

                        07d854b5f39e6da2f441d17db28af7cdb833b91924f6230652f359aa587be8e7

                        SHA512

                        df1d519be65a4cd910c9789fdc9cf38187e014f23e922d3b273cd257f2e9e96d2c069b4c44486c85cfd87cf50f41722a0b43051edce47ebfa7f9e07761162602

                        Download Submit

                      • C:\Windows\{1AD7EFD8-E586-47dd-B773-066FE1803E4B}.exe
                        Filesize

                        408KB

                        MD5

                        890cf712e8cb6661aaf841401d17bd06

                        SHA1

                        4b63bd2197341cde30a6f6e9db4a62d0b979dc25

                        SHA256

                        9669980e9987c530604a0561f5573fbe077462a23e7b211bd4db1a96fa521625

                        SHA512

                        b2aad146d00d9ef878ef548ed45315d9500aa7196a91d58175d40620dd2f1d02e15efd5edb3166234b87a2ed60ee95de7fb0b0f9d212479ebd0ff19cb5265e7d

                        Download Submit

                      • C:\Windows\{2A1915F3-DE75-4a12-9E3C-FC0705998216}.exe
                        Filesize

                        408KB

                        MD5

                        b9299fbfefd42d56592cda95164c6e35

                        SHA1

                        e287821636ea9137d32ef2b5d0ff2351be52c901

                        SHA256

                        ff26db94f49de8fd0c30ef54b23fa66ce3c3034170f82dc036acaebe4dad4b23

                        SHA512

                        fedf4b1961e2fb111137b30dc3c36bbcc53a2f0a5cb2c3adbcd1356fe5e281af45c31dc42e490d561a60393cb87c7d3b60edccff32e927c7836a7ff5c85a3cd0

                        Download Submit

                      • C:\Windows\{44BB33AE-6847-404f-914D-267A5C9F0863}.exe
                        Filesize

                        408KB

                        MD5

                        fdb146787d9db6d4a0ec316ab49ff719

                        SHA1

                        fbf5927b4b56f16202115b7a8cd3f55d53cade0b

                        SHA256

                        dffa4ab46cf8fc03b6ed104370e9d6eef1fcd3cd0ce1f87af5d5f5596dfe9d34

                        SHA512

                        ee97e41091d7aee594a80a139121c6de233b6b9d7fdab0d42bc6b4faa8a372dd095301cbe14c46edd2f4091e305f25663635493f6a2f8c354ef83bd472330b2f

                        Download Submit

                      • C:\Windows\{5ACC8C57-9DA4-48a4-B91B-373847C47481}.exe
                        Filesize

                        408KB

                        MD5

                        ac7937ee691af03017aeb4bf87b26d25

                        SHA1

                        0cd164a33ff534c1297b075e672eedf708d55355

                        SHA256

                        52c9bfc94da1ca979ab3563495c25da7fa537e4703810722ad857d72e1ab87e7

                        SHA512

                        97ac301638285b2658e35e5e7f109116e530f282b71f691efd336f8b617e460e1072a77358db45aefc0dfb1ff1e7a88e4945be3b95c03b6fe50f52b6b9827a60

                        Download Submit

                      • C:\Windows\{60D75888-F03D-4131-9171-F9E4C67866A4}.exe
                        Filesize

                        408KB

                        MD5

                        206813c4a72543df12da169a1c1f6659

                        SHA1

                        3deb11b66ce78a820022ed12c3f13c79f5528013

                        SHA256

                        734f00f26767bad78aedd73b82b0f513e2f9852c8c24c850aad09092620c5cb7

                        SHA512

                        16cd3ebe344e8d0c109d55fe192cc63a8bfcac08d17d27673e34e91a5a430d649af17c03c1aad1fc3c1555bdd2cfa417c0f1cfaa4564952a4b0beb4cf44b98d6

                        Download Submit

                      • C:\Windows\{74D73A78-1D01-465a-86C0-1C95A5EEB718}.exe
                        Filesize

                        408KB

                        MD5

                        ca3f6b4fb098e10479437e988a546353

                        SHA1

                        770849931f42218631cef38890447077d0a3ddcd

                        SHA256

                        96ce7ee6f7f07af1cf8e1b9a226f7c1668369177101d22d2116a98fdd47a40d4

                        SHA512

                        ff463ceb7259d2b0fc0f074c47e27cae84c4ebd4f053ce0265981d5fbbad22906805f7423cfc90f4b491651b329e709d8194353c99cf3bd28110167deac4131b

                        Download Submit

                      • C:\Windows\{87845A07-25AA-49b3-B6D0-CE70B7371BBA}.exe
                        Filesize

                        408KB

                        MD5

                        1e02e45ca8ba31de2f3840354eb6e197

                        SHA1

                        2bab18efed2b13ad8e46bf18aff1041ae6dd917a

                        SHA256

                        aac83e897b817a3136873c64e370b7fa03f58849a6980327e093abe5e7bbfc7e

                        SHA512

                        e515a8bac7c6766c12de9c8f84354e3116b3e78260574ab61e3a7578709151aca83a7d898cab744dd02df8f121fd0462787f9e5ce436763099965208b9098af2

                        Download Submit

                      • C:\Windows\{BE503E71-91DC-4252-88E6-3AB1E174E9F9}.exe
                        Filesize

                        408KB

                        MD5

                        c6845b6433dae587a097e49222e06e43

                        SHA1

                        f2a490367bba408e5a8ca38e80f61c38e1c6b3b7

                        SHA256

                        a47eb2a5d88eb8bd6306e20f8cfc45df91f4d74318a290d9821b5e0ee593ddfe

                        SHA512

                        acc406763d34415943034b31ee63e036c3cd78154c8639e6c8ab5cb504f4b86ae00ff75cca9fbe87869b3f2ea2ca0c93660ab309dbcb8789d11cc11ca7b588b3

                        Download Submit

                      • C:\Windows\{F59C7E25-6CD0-47a2-8AFE-B134EA672F88}.exe
                        Filesize

                        408KB

                        MD5

                        6682490521d068a38a6e2b2da1ba0fe0

                        SHA1

                        57d888f1e7a247b53fa208cc29e690387d4bae19

                        SHA256

                        2ec9690d1668da095a037f7fe4f7c3cd68e81b9f4ed7ec14db4777ec57c25cce

                        SHA512

                        524f3ff62207fd900f8121d0a5ac009002624ed38d18bde44c1409ae073c5e35cd023f4d3ce37043eb283cc9b11c3138372082845bfa8f2e853894bf6e9ebd90

                        Download Submit