Overview

overview

10

Static

static

10

2024-03-06...ye.exe

windows7-x64

9

2024-03-06...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 06:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-06_ef5175dae48b2d844e19da082ae65980_goldeneye.exe

  • Size

    408KB

  • MD5

    ef5175dae48b2d844e19da082ae65980

  • SHA1

    3a0f186b58fe79478cb3c9d3753ee7cf97d25fd2

  • SHA256

    d50a6a7f742cec3861fdfd0f55ff62c0327050e441dc34768ab2e452912789e6

  • SHA512

    01c1e656e11e5ebba9da934b0dc9fb6728739993fe189ab70b697f684239068db89f927814f558f599fcf0845120d681ee0cb72a149bb45bff27dcf875c0eee8

  • SSDEEP

    3072:CEGh0okl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGOldOe2MUVg3vTeKcAEciTBqr3jy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-06_ef5175dae48b2d844e19da082ae65980_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-06_ef5175dae48b2d844e19da082ae65980_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\{9D8AFF88-1D4B-47c6-9841-975A9200DD64}.exe
      C:\Windows\{9D8AFF88-1D4B-47c6-9841-975A9200DD64}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Windows\{6410935F-C2BD-4497-B0E0-CE5516886C1A}.exe
        C:\Windows\{6410935F-C2BD-4497-B0E0-CE5516886C1A}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2636
        • C:\Windows\{24B68AA5-8D8F-4dce-99E5-A2B9A7ED0C45}.exe
          C:\Windows\{24B68AA5-8D8F-4dce-99E5-A2B9A7ED0C45}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2440
          • C:\Windows\{0988DD22-EFE2-479b-AEC8-B76DB234E0BC}.exe
            C:\Windows\{0988DD22-EFE2-479b-AEC8-B76DB234E0BC}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2584
            • C:\Windows\{6B82A44B-1EF2-4672-92BD-1524A32E3D23}.exe
              C:\Windows\{6B82A44B-1EF2-4672-92BD-1524A32E3D23}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1640
              • C:\Windows\{A28D42FF-FC4B-4eba-A6DE-10CB78331452}.exe
                C:\Windows\{A28D42FF-FC4B-4eba-A6DE-10CB78331452}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1820
                • C:\Windows\{696BF9C9-5520-4138-BCD4-A81B2F4FDCB1}.exe
                  C:\Windows\{696BF9C9-5520-4138-BCD4-A81B2F4FDCB1}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:812
                  • C:\Windows\{6F95C682-60C3-4848-9D8F-9C150367BD11}.exe
                    C:\Windows\{6F95C682-60C3-4848-9D8F-9C150367BD11}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1660
                    • C:\Windows\{26A83170-77AD-4006-8AF5-CA2C29FF9408}.exe
                      C:\Windows\{26A83170-77AD-4006-8AF5-CA2C29FF9408}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2812
                      • C:\Windows\{0F3EE1EA-7124-40bc-BB74-C18C17265608}.exe
                        C:\Windows\{0F3EE1EA-7124-40bc-BB74-C18C17265608}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2768
                        • C:\Windows\{2BA0CB4F-FCAA-44cc-92F4-48148804E91F}.exe
                          C:\Windows\{2BA0CB4F-FCAA-44cc-92F4-48148804E91F}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1108
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0F3EE~1.EXE > nul
                          12⤵
                            PID:948
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{26A83~1.EXE > nul
                          11⤵
                            PID:1988
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6F95C~1.EXE > nul
                          10⤵
                            PID:2756
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{696BF~1.EXE > nul
                          9⤵
                            PID:1404
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A28D4~1.EXE > nul
                          8⤵
                            PID:1928
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6B82A~1.EXE > nul
                          7⤵
                            PID:2100
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0988D~1.EXE > nul
                          6⤵
                            PID:1436
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{24B68~1.EXE > nul
                          5⤵
                            PID:2340
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{64109~1.EXE > nul
                          4⤵
                            PID:2452
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9D8AF~1.EXE > nul
                          3⤵
                            PID:2540
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:3060

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{0988DD22-EFE2-479b-AEC8-B76DB234E0BC}.exe
                              Filesize

                              408KB

                              MD5

                              1fc0d6b42467607fcc76668ab78a2837

                              SHA1

                              5724c63c34a4e9cb677aca7927dcc3a8d12944ca

                              SHA256

                              d2903cb654c40c02ffb8773bd4dd92822677644219569ac0a00c9f681c7c345e

                              SHA512

                              c8340e82435ed0287e75f8c4ab9cfd204b83834af5d46aba8aab1a1a5f46fb8eb348452a3fe4f7d7a3bd062778317ad87ffed6beee8960d88376a12042c184f7

                              Download Submit

                            • C:\Windows\{0F3EE1EA-7124-40bc-BB74-C18C17265608}.exe
                              Filesize

                              408KB

                              MD5

                              522ca6c6ecc6226e58f64ba397851884

                              SHA1

                              bc8e604c5c79ab789c551cb2da2e2b759a31328f

                              SHA256

                              2364dccd47435e1d21bce7ef41dd9973b8da948865f28a6358273e7df2a32925

                              SHA512

                              da694178a04cf8ff54f864c0a499ac962c0598fa85511787389afa21b0a7c74fcecb9715ba4a1150ed5a538d08cc098296e78f02af5c64faf7cfd835149801d5

                              Download Submit

                            • C:\Windows\{24B68AA5-8D8F-4dce-99E5-A2B9A7ED0C45}.exe
                              Filesize

                              408KB

                              MD5

                              6572c28bc63f37a4092916f92690cdbf

                              SHA1

                              7a6af1774a9a554396d524b804aec1c54ad4bf1d

                              SHA256

                              549844be940e6db411f34ab91be2501c7849d1592bd2f1808c5e85cd2ccfbd47

                              SHA512

                              007a728579a9ceb862a27a18da69a3b5cea35ab101a8d26feb51f03c566d05394aeee3349fb1872d6982e33a7b337159e646a00b5bde6d06b3d3fdba4ef05a91

                              Download Submit

                            • C:\Windows\{26A83170-77AD-4006-8AF5-CA2C29FF9408}.exe
                              Filesize

                              408KB

                              MD5

                              e1284f5b408a357a956485cdeb669f62

                              SHA1

                              7332c9fffa001f9728e9cc09c3e8761c9bf8ba55

                              SHA256

                              4169832de3ce0e00915565cda958ee3ec25efb922891de9fa30e867c346ccdb0

                              SHA512

                              e777c7d438650693707d1a3a1e3a2a08899872cb4921f72c6dd6e45013d9f96d4f7bf34529b00f99f261c8cbbcf80d380e285f34cddeb0275e9e4072d0bc718e

                              Download Submit

                            • C:\Windows\{2BA0CB4F-FCAA-44cc-92F4-48148804E91F}.exe
                              Filesize

                              408KB

                              MD5

                              5d4e9015cfb6df5b6625c4ef5d458a4a

                              SHA1

                              65ec84da16103efc084006fb706354836c8f2979

                              SHA256

                              d5b65572cc8109f4ad2cbf88dd213f5ab6227cdae57db1e43aa3d3ca3c8370e2

                              SHA512

                              d37ed712fffd40c15ed0862e9672dc3105dfd057792b8ad498f7e2da275f1e59311d69ca6f4ce41e51e16c6aae431560931b6d38c590f03fdd246ccb33a56115

                              Download Submit

                            • C:\Windows\{6410935F-C2BD-4497-B0E0-CE5516886C1A}.exe
                              Filesize

                              408KB

                              MD5

                              d751e9acf1341fff949a48c869e3fc49

                              SHA1

                              c5ee269fb00294c42e11409a8fd1defab5011f52

                              SHA256

                              974b978e8710b3ed5f7accfd98a90d26811c037b7c1855593c1e7861a6a0daf2

                              SHA512

                              e63e81136ddca916d00d9b3ddfa387d11e7f69761d7a0e99daf658309ed278d354134dc6d5c4de38f1f68a07c0e9a9b6f256e4bdc1f1545a188b9d3280c1f41d

                              Download Submit

                            • C:\Windows\{696BF9C9-5520-4138-BCD4-A81B2F4FDCB1}.exe
                              Filesize

                              408KB

                              MD5

                              dd9af1cc045ac5b770a5b3ba1212394d

                              SHA1

                              ca4f44c161c4143432b94f60221407fb264e8eef

                              SHA256

                              e2af470429241b7a4007afb6aaa524e92b9dd378f83702e40ea7267f56eec58c

                              SHA512

                              b59d67200c44b1140b848f12a944b883fe5cd0492cb71c3e9fb698fb531a977b7b293a858790bff071d73fb481cfb2c6cf400aefa80ceef48a8ba8df0fb5830f

                              Download Submit

                            • C:\Windows\{6B82A44B-1EF2-4672-92BD-1524A32E3D23}.exe
                              Filesize

                              408KB

                              MD5

                              cc5b9d8d7d36be5c8e5e5fd3a486728e

                              SHA1

                              37495189636b098a1d8ecc261801a2d92e86937f

                              SHA256

                              434de6b8581c5179faa8278f00eb8fecc18253dddb8535b9cacded7ea46a3964

                              SHA512

                              a7d736eb7f5a1d29291391d4964826722a28de172694bd289a8949d201639e19e3cb976f7f5a5985b960c4a8adfef7ceff277815f031efe3f1a7ab25c703490a

                              Download Submit

                            • C:\Windows\{6F95C682-60C3-4848-9D8F-9C150367BD11}.exe
                              Filesize

                              408KB

                              MD5

                              6336f07924b19a754173e8fdf688c689

                              SHA1

                              97a9753d4323ba7ad008c8901d3779601d969ddc

                              SHA256

                              6ced9445bb983ebbddc5033257089f0bf31a53cc4d718e8276928bd79180b394

                              SHA512

                              498386e8a11fdda82ed96b1a55ab5e7160e71fc5fa75bb5a88e3b7c57ed1e83b83287f994ef122125e7b5a2dbe0c075be00efeb88f47b45e19a5f1295bebe704

                              Download Submit

                            • C:\Windows\{9D8AFF88-1D4B-47c6-9841-975A9200DD64}.exe
                              Filesize

                              408KB

                              MD5

                              b587714b8254f66bfb795178b03bea0e

                              SHA1

                              c8dff1f63bdb26b9e1a9b901a9b07335db9830f9

                              SHA256

                              609e652d433ed79374c6bf3f269805f7505af57fb92d758863fc6f763646dc77

                              SHA512

                              e21e2137067b2617e335911c7e45b8c55aeade32beb8e6add1ac230cc525543693a886d5f9826771cbd464e09710b1e370e1a1a3de88c6cf35b90f24bd71553e

                              Download Submit

                            • C:\Windows\{A28D42FF-FC4B-4eba-A6DE-10CB78331452}.exe
                              Filesize

                              408KB

                              MD5

                              7e8ba3db66b2cb30fba7ec19ad1fb67b

                              SHA1

                              42d021fb9c3fe6a4475f7432e868f9d5f92e65ec

                              SHA256

                              eceddf0bab19060fc08a85ee909e2d1cfe86f3e4a2b23c6b0f944d78ddc31584

                              SHA512

                              9074dd559978572d6062a91e957eabe23d8e27f359ea5dba9e461ee55f9fbaffd367a803c303015e8f72d073ba1a847d10450202cb5f3121ac72b335c4b0191a

                              Download Submit