Overview

overview

10

Static

static

10

2024-03-06...ye.exe

windows7-x64

9

2024-03-06...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-06_024f5dff68cd3587af2612fee8d46afd_goldeneye.exe

  • Size

    197KB

  • MD5

    024f5dff68cd3587af2612fee8d46afd

  • SHA1

    4a0e84b57eb52d5747a4cf909ea56503284d3938

  • SHA256

    266e05ad58b2cf8d76ff3edb087ad86942333f1656c2b8a7bbbfdab15e89fdf3

  • SHA512

    cbd198b5053887351f744170b0011338c3c7715d900b6d6b8c1df53fa0fd2a506ee353553a630f25b0f0b0a654046ecde9b78c91bf9a0f4e563725e49d72d6c4

  • SSDEEP

    3072:jEGh0oOl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-06_024f5dff68cd3587af2612fee8d46afd_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-06_024f5dff68cd3587af2612fee8d46afd_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\{9D3C8BE7-FE02-4225-87FE-56BD99E64DF6}.exe
      C:\Windows\{9D3C8BE7-FE02-4225-87FE-56BD99E64DF6}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2204
      • C:\Windows\{51D2091B-BBBB-4897-9674-69A7B2BFECFE}.exe
        C:\Windows\{51D2091B-BBBB-4897-9674-69A7B2BFECFE}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Windows\{900A5A6D-2A0F-48f0-864A-5BDD9E9796E9}.exe
          C:\Windows\{900A5A6D-2A0F-48f0-864A-5BDD9E9796E9}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2408
          • C:\Windows\{F5AA771B-9499-4ad6-B7C1-8D75C62DCE1F}.exe
            C:\Windows\{F5AA771B-9499-4ad6-B7C1-8D75C62DCE1F}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2956
            • C:\Windows\{11208ED9-D663-4817-982A-FCFB98ECA0AD}.exe
              C:\Windows\{11208ED9-D663-4817-982A-FCFB98ECA0AD}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2768
              • C:\Windows\{D84947E0-997E-47c4-8261-A91E3F32840D}.exe
                C:\Windows\{D84947E0-997E-47c4-8261-A91E3F32840D}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1592
                • C:\Windows\{8A780DA7-A53F-4fe8-BB03-50878B50AE6A}.exe
                  C:\Windows\{8A780DA7-A53F-4fe8-BB03-50878B50AE6A}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1960
                  • C:\Windows\{68EA2EF2-DF44-4a10-A1A5-D3135FEC3ADA}.exe
                    C:\Windows\{68EA2EF2-DF44-4a10-A1A5-D3135FEC3ADA}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1296
                    • C:\Windows\{A6D6175A-6CE7-4e63-9EEB-3E2B40B15D50}.exe
                      C:\Windows\{A6D6175A-6CE7-4e63-9EEB-3E2B40B15D50}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1924
                      • C:\Windows\{30175717-260E-46b4-AF88-8FE04AB8FD63}.exe
                        C:\Windows\{30175717-260E-46b4-AF88-8FE04AB8FD63}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1236
                        • C:\Windows\{DD97F433-7F3D-48a0-BB7F-4274D6D4A6EE}.exe
                          C:\Windows\{DD97F433-7F3D-48a0-BB7F-4274D6D4A6EE}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1480
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{30175~1.EXE > nul
                          12⤵
                            PID:1752
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A6D61~1.EXE > nul
                          11⤵
                            PID:780
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{68EA2~1.EXE > nul
                          10⤵
                            PID:2276
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8A780~1.EXE > nul
                          9⤵
                            PID:1516
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D8494~1.EXE > nul
                          8⤵
                            PID:2740
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{11208~1.EXE > nul
                          7⤵
                            PID:1528
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F5AA7~1.EXE > nul
                          6⤵
                            PID:2936
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{900A5~1.EXE > nul
                          5⤵
                            PID:2124
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{51D20~1.EXE > nul
                          4⤵
                            PID:2824
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9D3C8~1.EXE > nul
                          3⤵
                            PID:2604
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2056

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{11208ED9-D663-4817-982A-FCFB98ECA0AD}.exe
                        Filesize

                        197KB

                        MD5

                        089d2baba8bd88a4bf27fae114574a12

                        SHA1

                        330ed0e46f5025fa9f794f98529a27ae3c04bef1

                        SHA256

                        2e38d220cc807585b16da5e26fbe3b06e4b7e073722de9a56b5837754ab59f46

                        SHA512

                        00972ed41690a46568a3c9d558e11e0f47984adae5b5ae40660fc07d587dee2995fc8e668990d5980fbb9ede7f9b7cc2cd796375139c87f7f1c3768bc2202975

                        Download Submit

                      • C:\Windows\{30175717-260E-46b4-AF88-8FE04AB8FD63}.exe
                        Filesize

                        197KB

                        MD5

                        62fffc16aecff661628c17652b9f02f6

                        SHA1

                        37873bc357a2086bba1e018c37668fd7872fc722

                        SHA256

                        cce2ca4f48b889675d9fe4f4bcac6ffd86ee1dd36cfceb2039a75369536d05ee

                        SHA512

                        680e91e21bf06f5bd4139f3bcced989557158bf4b8c7b94902a14a3afcffc1885529746d939f8de25c9f10b4f557eb5595e6dcb310984027519d031169dbce0a

                        Download Submit

                      • C:\Windows\{51D2091B-BBBB-4897-9674-69A7B2BFECFE}.exe
                        Filesize

                        197KB

                        MD5

                        c5464cb047563842092f78e2616f3d73

                        SHA1

                        a67c15d31f18ee8b6696eae14a3286249cf9fd59

                        SHA256

                        0e50384d409dedd05e70b972cb461ef60476e1596f67bec7666de756db53d415

                        SHA512

                        d9f9bd0100212d2fe365a596475e23f429aa395d56de58f9eb25a80e884e2f169d7d78ace41b9bc0504a3552d73dd94fe03f847c370f63058567ef9509afd017

                        Download Submit

                      • C:\Windows\{68EA2EF2-DF44-4a10-A1A5-D3135FEC3ADA}.exe
                        Filesize

                        197KB

                        MD5

                        4890332d7858d16bbe1c03332257ceab

                        SHA1

                        755bc09bcc762b4cdc5c9afc3e7d9db4ec22ab76

                        SHA256

                        a42eaa7c591310f7a71dc7f66f5217899742e3b45bc58286889a8d716e92ccd8

                        SHA512

                        03ccbe2feac6bb18d19d0b1fe2864f0f53318e6721fc36cbab62b3184be16d7cdcb0db0a5562fe26dabc4259b48e7349338db36e2229da25527ffe407ab207b1

                        Download Submit

                      • C:\Windows\{8A780DA7-A53F-4fe8-BB03-50878B50AE6A}.exe
                        Filesize

                        197KB

                        MD5

                        79bcc7280b568ac9b38f3ac62409eb5c

                        SHA1

                        c6c6bc4351c30ee43a62f8985c4ce41d233c89ea

                        SHA256

                        503532c94f6b87427709141dcc4fbb79288918c581a4f3b6a21dba9d2b9e8102

                        SHA512

                        de437afdc9e51fc4139288d40b6c32b5dddf602661c898ee126d09e73fe64af2b772232e978040960d42eaad838e8f0655a89140cccdeaa7c69106c7f37c96d8

                        Download Submit

                      • C:\Windows\{900A5A6D-2A0F-48f0-864A-5BDD9E9796E9}.exe
                        Filesize

                        197KB

                        MD5

                        3b81cb4980172ac46840aab185fdd0c9

                        SHA1

                        41b85cc4450b9cd3da94e154c20040585c749d69

                        SHA256

                        50d963d750641c1614680cdae39c4cca107646aaa612be7aa400675703069efb

                        SHA512

                        5cd42029751650fb8d0e3d2dd973c253a4276ac24bbfa663aa0089d100538566c42348005f6ffa6e7ce5f065ed9b12fb72278e5a0dfa2576e2084481ac993cb3

                        Download Submit

                      • C:\Windows\{9D3C8BE7-FE02-4225-87FE-56BD99E64DF6}.exe
                        Filesize

                        197KB

                        MD5

                        91065bc5917635583c5eae1f80de4e7e

                        SHA1

                        e9b1e4af8c2c285042e93ffc32a47716aa5dc866

                        SHA256

                        5e794815ce812881bd14acb57ec0e4c554031bdedba69d1f7a90de724c05076a

                        SHA512

                        1ef356b899bc8ffd98c958eee3ac329cf072263cfdc304056a4dd3cbe361082b2bcf2429161c3cdae89fb7545165a601dfd09cd15801dd83e1d3ea12be06202f

                        Download Submit

                      • C:\Windows\{A6D6175A-6CE7-4e63-9EEB-3E2B40B15D50}.exe
                        Filesize

                        197KB

                        MD5

                        ff6aded8e17cb3d494bf675cda364302

                        SHA1

                        b5a02aeccad331759a13b5854fb5e5c876404855

                        SHA256

                        1b0a3f22243c1f6da9d0f48fe9392741bb970812ec844b6e8a80ed6a27ccae87

                        SHA512

                        7d4cfff0f1c0268fb41843616e83c6fcfbce0bd54a1de17a54c610a0f01d33e5cf866441666386e95bfd57987b129cf1d4fb4039a848f6901b3f5902a655370e

                        Download Submit

                      • C:\Windows\{D84947E0-997E-47c4-8261-A91E3F32840D}.exe
                        Filesize

                        197KB

                        MD5

                        3ab0982ebc3a2b6d44f3fea19d124b9b

                        SHA1

                        814c0afc64effd4782ef9e635c9cbac954cc7cb2

                        SHA256

                        16a08587396a0ca283754ebcbd5b9588e881428b1ed035b64ea6b036e33f49c6

                        SHA512

                        e61e5130640a3d9d98e2c2a711bcb1683a9ad2191c202abe91f242911c3ea9ce200f31d5e782a4b728d9748950f97fc0ded5b73d3ea87658d67ae7743f2d3aec

                        Download Submit

                      • C:\Windows\{DD97F433-7F3D-48a0-BB7F-4274D6D4A6EE}.exe
                        Filesize

                        197KB

                        MD5

                        360d5ffb56055f8214643d903dbb81ff

                        SHA1

                        189abdc8b18991482dbfeeb81b1baecf1445cf23

                        SHA256

                        e9c27a6d6a16b3a73066e8cfe74effdac21dea7cf27597ae8309b64c465e8562

                        SHA512

                        5a1e4022b4b87e3fe686e731525b117d851a88fd7800b949f6603e90d97638ce698291a911d86d77a4189776249ba77d3ac7ee0585940737be7b75a3823a7cd4

                        Download Submit

                      • C:\Windows\{F5AA771B-9499-4ad6-B7C1-8D75C62DCE1F}.exe
                        Filesize

                        197KB

                        MD5

                        a32dc532cad46799bd391c34d7fc4d2c

                        SHA1

                        01acfb8ea6449a1a71f578a168bb845726b8de53

                        SHA256

                        0c83d68c926c17c99d28da2194896e132855e9c29d1940e29192015442d89cf7

                        SHA512

                        a9abb95185c481050c256b30c50cbd9ddd29dc673a9b61ae4aabe12faafdd9bc3a0905e7907a76626d3a762164f1a62f5e9a815af2769bd66f86d23f9a9a16df

                        Download Submit