Overview

overview

10

Static

static

10

2024-03-06...ye.exe

windows7-x64

9

2024-03-06...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-06_024f5dff68cd3587af2612fee8d46afd_goldeneye.exe

  • Size

    197KB

  • MD5

    024f5dff68cd3587af2612fee8d46afd

  • SHA1

    4a0e84b57eb52d5747a4cf909ea56503284d3938

  • SHA256

    266e05ad58b2cf8d76ff3edb087ad86942333f1656c2b8a7bbbfdab15e89fdf3

  • SHA512

    cbd198b5053887351f744170b0011338c3c7715d900b6d6b8c1df53fa0fd2a506ee353553a630f25b0f0b0a654046ecde9b78c91bf9a0f4e563725e49d72d6c4

  • SSDEEP

    3072:jEGh0oOl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-06_024f5dff68cd3587af2612fee8d46afd_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-06_024f5dff68cd3587af2612fee8d46afd_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Windows\{D095E714-C4C3-4454-939A-E1A96A95C4C2}.exe
      C:\Windows\{D095E714-C4C3-4454-939A-E1A96A95C4C2}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Windows\{0EEFCADA-6F7C-4e97-B8C2-36F062E31897}.exe
        C:\Windows\{0EEFCADA-6F7C-4e97-B8C2-36F062E31897}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3192
        • C:\Windows\{5E00B91A-142F-4917-B491-414EE5AAE614}.exe
          C:\Windows\{5E00B91A-142F-4917-B491-414EE5AAE614}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4340
          • C:\Windows\{7C16A3D8-CDE2-4f40-971D-3121DE5AB66B}.exe
            C:\Windows\{7C16A3D8-CDE2-4f40-971D-3121DE5AB66B}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1304
            • C:\Windows\{7870BC8D-8BF5-4757-8132-87EAE1280CF4}.exe
              C:\Windows\{7870BC8D-8BF5-4757-8132-87EAE1280CF4}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2804
              • C:\Windows\{CA2FB8AB-94C8-43ba-9824-D8CEA6D50440}.exe
                C:\Windows\{CA2FB8AB-94C8-43ba-9824-D8CEA6D50440}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:732
                • C:\Windows\{E34F0749-CDE9-46ce-8913-998690742CA9}.exe
                  C:\Windows\{E34F0749-CDE9-46ce-8913-998690742CA9}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2464
                  • C:\Windows\{189FF1A9-69B2-455c-A6EB-D5CC98A21D35}.exe
                    C:\Windows\{189FF1A9-69B2-455c-A6EB-D5CC98A21D35}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:5040
                    • C:\Windows\{D9D143D0-6241-4554-9901-AE4C9F835BF2}.exe
                      C:\Windows\{D9D143D0-6241-4554-9901-AE4C9F835BF2}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4472
                      • C:\Windows\{C076838F-CAEA-405e-8313-DC586F7434AC}.exe
                        C:\Windows\{C076838F-CAEA-405e-8313-DC586F7434AC}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:3420
                        • C:\Windows\{DB758B95-362E-43e6-A0FC-7D286A786328}.exe
                          C:\Windows\{DB758B95-362E-43e6-A0FC-7D286A786328}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4700
                          • C:\Windows\{6DA31E41-3C5F-48a7-8647-F76BA0671BF7}.exe
                            C:\Windows\{6DA31E41-3C5F-48a7-8647-F76BA0671BF7}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:3648
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DB758~1.EXE > nul
                            13⤵
                              PID:4808
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C0768~1.EXE > nul
                            12⤵
                              PID:1264
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D9D14~1.EXE > nul
                            11⤵
                              PID:4316
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{189FF~1.EXE > nul
                            10⤵
                              PID:2524
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E34F0~1.EXE > nul
                            9⤵
                              PID:5108
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{CA2FB~1.EXE > nul
                            8⤵
                              PID:3204
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7870B~1.EXE > nul
                            7⤵
                              PID:1072
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7C16A~1.EXE > nul
                            6⤵
                              PID:4700
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{5E00B~1.EXE > nul
                            5⤵
                              PID:1736
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0EEFC~1.EXE > nul
                            4⤵
                              PID:4860
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D095E~1.EXE > nul
                            3⤵
                              PID:2344
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2760

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0EEFCADA-6F7C-4e97-B8C2-36F062E31897}.exe
                            Filesize

                            197KB

                            MD5

                            3df8322ff3a31c47eeee4c75a0c612df

                            SHA1

                            34ffcda2d20b8001af8e4fe7029a026b36dbaafd

                            SHA256

                            f254fddfebb885403657e1af77e2d4cfa395c32e2151a9d16afe946408411363

                            SHA512

                            429b7e4a8463d1d25e1f27576fbfdea726464f12237142dabfa1af36f3a6c3de7aceadc7726935ddf3648ab8f0baa7a085dbf5f052dd14984a98ff09b6ea8657

                            Download Submit

                          • C:\Windows\{189FF1A9-69B2-455c-A6EB-D5CC98A21D35}.exe
                            Filesize

                            197KB

                            MD5

                            2c6163f580db1e37db69b726af83b984

                            SHA1

                            4cff8694f84d0e7574b5a11727b89f148a5700f4

                            SHA256

                            370284755cce7f859f878002e8affd7733e84e5c745eeec4f0a44712429159d2

                            SHA512

                            06bfde878326b8c47bd7e169191ab2708b9a911f48b3a85c59b8bd2fd25b62ca9a43cf167f932d192c2c368f0456bd6ef5a2f0d50dbac0bccc4210992612be34

                            Download Submit

                          • C:\Windows\{5E00B91A-142F-4917-B491-414EE5AAE614}.exe
                            Filesize

                            197KB

                            MD5

                            5d0f696f28539de885f8ddc00f277ef3

                            SHA1

                            6c8a06fea358d165c827ec6c48afc70978d9e99b

                            SHA256

                            7fcdeea879d0bb74a0fcaf67c0ced2f9f7763a35334f4602c2c63b6e2f1189b1

                            SHA512

                            e31019689a328a2cede919b40670e3cc6c9d19a00513addf2651550a5f0d2c57d007bc458a2b5b2ac73165543e33139039c2e2bbdc47bb9933e4d26ba079694f

                            Download Submit

                          • C:\Windows\{6DA31E41-3C5F-48a7-8647-F76BA0671BF7}.exe
                            Filesize

                            197KB

                            MD5

                            43fe275cfb1e1f5b318f4d623ce1be7f

                            SHA1

                            2d36d257640e5b6a01859a826c751e96cbcda934

                            SHA256

                            e6a1bb72fafe70e946b2796d8b8d33310c883b1611e432b932a033a2bb943a49

                            SHA512

                            9b65b2f6b81c7b46e1e6e07482e3cabdb647c7c654286cd32f1f6c43c306b7115d11ee23b366ca610fe52c6fe25c45bc4a37a366c639d6a6ef2eb56da62e8866

                            Download Submit

                          • C:\Windows\{7870BC8D-8BF5-4757-8132-87EAE1280CF4}.exe
                            Filesize

                            197KB

                            MD5

                            d9a8027bc06d52ee09ff07e3b9f4d2ed

                            SHA1

                            3b23079bcbe57314d1f62e1999d5c04727a16c15

                            SHA256

                            ff0257415adac212046248c55725125e68ebfe2a995833aaad13074055195db2

                            SHA512

                            6dc0e557d0c37cef0adee763aa2003caf0f8d69096b5fc56b6729e19a7d198db810b8faf7c3d29a39b6126e4250b5bb4574a9fe881d6ce1086ababcbca13bd4c

                            Download Submit

                          • C:\Windows\{7C16A3D8-CDE2-4f40-971D-3121DE5AB66B}.exe
                            Filesize

                            197KB

                            MD5

                            26a9d2bc0f74b50920bb0804266a5b2d

                            SHA1

                            78838ce06eef00adcfda53be779c11f62afd2965

                            SHA256

                            ad512d723a4f7b831d9f5673df42a765e1cd363928841c39eb64d6da6ebf2722

                            SHA512

                            262e232eb57d6eb66560e810aa225d9a5bd64c4f85e197ccddd57032a748e03051fc64a1c48dadbfcf6b9a586552bd83836a1d2f0719bec4af7612699b7a8991

                            Download Submit

                          • C:\Windows\{C076838F-CAEA-405e-8313-DC586F7434AC}.exe
                            Filesize

                            197KB

                            MD5

                            b576b09cf76bf121e27c1ea8f238452c

                            SHA1

                            de2b873e79cec694b3191fd839051da2cd773145

                            SHA256

                            ef9aa22f126f62aa0617a3d46da528a4bc5891dec7c35c330b0da378f6e2d75f

                            SHA512

                            3a05d50b91612c3a783b336d3966b4b38c5ce1660a0eed81c40d35596d5466b93a353f73acf0cb425a7ee9e2a623dd6e72d1029904a81a9c1188cfbae66c1fc7

                            Download Submit

                          • C:\Windows\{CA2FB8AB-94C8-43ba-9824-D8CEA6D50440}.exe
                            Filesize

                            197KB

                            MD5

                            14e202da3af3b6c55e016ba152fc45b8

                            SHA1

                            6a78ad4ecaaef91d985e4d7adee5ed1b6d6cf69c

                            SHA256

                            bd7164284fe0dbf89fe05b9740e326c51d49a62997e096937ee7db4b5d6475ce

                            SHA512

                            a4afecc876d194ab551f1596a65f94290bc225c1441694b31308375e70929d9a88d88f6274b57f712daa88fd35b7b22c977b617068ca432f96e15bfaa041b48e

                            Download Submit

                          • C:\Windows\{D095E714-C4C3-4454-939A-E1A96A95C4C2}.exe
                            Filesize

                            197KB

                            MD5

                            0326312001f65c813fbb1ba48c54118c

                            SHA1

                            128df7ecb9aab867869ca59aeabc484c5ed10e93

                            SHA256

                            df774dc3f169d54f8d872093bb40ca62ad4d5cc0b39153dd250647f3da8ba71b

                            SHA512

                            477ad4a74d8c5c57930b58d2e09741770262b99308c1fdd9f20413a7cd08ad23442f14a714e1e7f6c36d5aede970d4e97f30e05d57edc2519d6dbe7081af90ab

                            Download Submit

                          • C:\Windows\{D9D143D0-6241-4554-9901-AE4C9F835BF2}.exe
                            Filesize

                            197KB

                            MD5

                            688f74dc00f8f302e2864aea35b249c6

                            SHA1

                            8b49c293f76e4574bf07e695e8c8ba0e604312af

                            SHA256

                            36cb3cb582c721bd2c127a347885699e547ed838e9bca15ef0f6909a059f5866

                            SHA512

                            e676c36e8827928eab891e39486b42c10b820c89a880cc604df528557a826924bc649c0c0162176dea1e300749e1ace32188530fcbad937d37dea7467da9ee67

                            Download Submit

                          • C:\Windows\{DB758B95-362E-43e6-A0FC-7D286A786328}.exe
                            Filesize

                            197KB

                            MD5

                            3556d175f030b89638ba0fe7908b0947

                            SHA1

                            e58be57af4dc00a509193cecc771b751685aaac4

                            SHA256

                            558bc2d95361e9fe4a07ef55117a958862537fc1efc5d3a6dc2bd9af7f006d20

                            SHA512

                            9ed23ec33779bb99cfb2c3dd3d9eeecd706187233174b88ba3825970d3adbc3f3ecc84125e2e18eae177131f9fafad88b39607a13616326ffd8122b8348f4181

                            Download Submit

                          • C:\Windows\{E34F0749-CDE9-46ce-8913-998690742CA9}.exe
                            Filesize

                            197KB

                            MD5

                            6268e185a26a92d73df232af5c0d76f0

                            SHA1

                            4565af2e3203bacde772cb4b9976a83f779cb229

                            SHA256

                            ee91f582e46ca97b0c6e42e43b73f553040ae31e25241b2ea57b327064e005e6

                            SHA512

                            fcb61f1af6685e0c7edb967f4b420f1fdf48cbb84754830e331d62ad0750c408b44f439baac3e97e11e53e6c554b0b1d4f849b09ad390fd022d5a295ea0cd70b

                            Download Submit