Overview

overview

10

Static

static

10

2024-03-11...ye.exe

windows7-x64

9

2024-03-11...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-03-2024 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-11_415348c803d65dc7122c9d0d8a5e7939_goldeneye.exe

  • Size

    168KB

  • MD5

    415348c803d65dc7122c9d0d8a5e7939

  • SHA1

    0c0a8346560e6e83767229c07551af77e626deba

  • SHA256

    5fd9d10f207a56c1b22d90ab8f51ff5d47f72675eabdd79ff66d751ecf9fa524

  • SHA512

    dea35bf970ff8e0fcc817da68a45c17388b993895cb3e486e6e3f321c9c0cd721daac9bce565c68aad21b4e99767a0540260c50814e294b326ed234388659843

  • SSDEEP

    1536:1EGh0omlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0omlqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 13 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-11_415348c803d65dc7122c9d0d8a5e7939_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-11_415348c803d65dc7122c9d0d8a5e7939_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\{0E9596AA-B8EB-4a75-89F2-DEB033E6169B}.exe
      C:\Windows\{0E9596AA-B8EB-4a75-89F2-DEB033E6169B}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:988
      • C:\Windows\{CD36F6F9-1D7D-43f3-9C90-01227878B2FE}.exe
        C:\Windows\{CD36F6F9-1D7D-43f3-9C90-01227878B2FE}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1176
        • C:\Windows\{FBDE2692-FE1A-4bad-80C7-8F95BA06BD14}.exe
          C:\Windows\{FBDE2692-FE1A-4bad-80C7-8F95BA06BD14}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:212
          • C:\Windows\{27DF855F-7805-46f4-B84F-498719DA2C8E}.exe
            C:\Windows\{27DF855F-7805-46f4-B84F-498719DA2C8E}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3636
            • C:\Windows\{446026A6-7F87-41c7-90CA-48F01CC98917}.exe
              C:\Windows\{446026A6-7F87-41c7-90CA-48F01CC98917}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4688
              • C:\Windows\{F7D6CCD1-7A67-491e-98ED-A6ECFB7D8E2D}.exe
                C:\Windows\{F7D6CCD1-7A67-491e-98ED-A6ECFB7D8E2D}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4068
                • C:\Windows\{40A3FE16-D3E3-4ad5-9B72-ACD5ABDF7CDF}.exe
                  C:\Windows\{40A3FE16-D3E3-4ad5-9B72-ACD5ABDF7CDF}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1128
                  • C:\Windows\{D14F0934-6B8E-4b85-9960-B15B7ED88DC7}.exe
                    C:\Windows\{D14F0934-6B8E-4b85-9960-B15B7ED88DC7}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4944
                    • C:\Windows\{303BAF41-C726-44a9-ABBC-B0FE88F0F64C}.exe
                      C:\Windows\{303BAF41-C726-44a9-ABBC-B0FE88F0F64C}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4084
                      • C:\Windows\{47FC9C9F-C00E-4782-A9D5-E8C45F12DE89}.exe
                        C:\Windows\{47FC9C9F-C00E-4782-A9D5-E8C45F12DE89}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4832
                        • C:\Windows\{80582241-C158-46e8-839E-2AE4FF0469F8}.exe
                          C:\Windows\{80582241-C158-46e8-839E-2AE4FF0469F8}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1176
                          • C:\Windows\{C101C9C7-E770-4941-BB24-A0DFDE97F3EF}.exe
                            C:\Windows\{C101C9C7-E770-4941-BB24-A0DFDE97F3EF}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:436
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{80582~1.EXE > nul
                            13⤵
                              PID:5100
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{47FC9~1.EXE > nul
                            12⤵
                              PID:2272
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{303BA~1.EXE > nul
                            11⤵
                              PID:1968
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D14F0~1.EXE > nul
                            10⤵
                              PID:832
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{40A3F~1.EXE > nul
                            9⤵
                              PID:4664
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F7D6C~1.EXE > nul
                            8⤵
                              PID:4004
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{44602~1.EXE > nul
                            7⤵
                              PID:2152
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{27DF8~1.EXE > nul
                            6⤵
                              PID:1888
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FBDE2~1.EXE > nul
                            5⤵
                              PID:2592
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{CD36F~1.EXE > nul
                            4⤵
                              PID:2152
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0E959~1.EXE > nul
                            3⤵
                              PID:1160
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:3624
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
                            1⤵
                              PID:928

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{0E9596AA-B8EB-4a75-89F2-DEB033E6169B}.exe
                              Filesize

                              168KB

                              MD5

                              9a376f2e4b9b8dd0e1371bed612d00ea

                              SHA1

                              214ebff891bc9785ff938785de7416ed36a25fd4

                              SHA256

                              0f328ddcbc4460e5c41c9e36943f9c4b0af03013375e7343fd6382ac932f3bf2

                              SHA512

                              81f8251e3028cd1d383da55d9a0176b4067294a6c39107c4840f5e81e730662639a0e2b4401d0dc06c7dce852db068375f63cf182a08df5ef6dea7475358bdc8

                              Download Submit

                            • C:\Windows\{27DF855F-7805-46f4-B84F-498719DA2C8E}.exe
                              Filesize

                              168KB

                              MD5

                              9449eb8e58740f5307f80725be6fb055

                              SHA1

                              aeef6698e3a0ded3c6f8e6340fe316a1228fb497

                              SHA256

                              ac55b43ad5a956fb0af75de82f899a4297a53fa84ee3fe0ab77a63b159dbe6f8

                              SHA512

                              8bc8d4847d43ef83f294d572f7c2e3a4f4391bf656fa423ea3a42a0d4f497639b67fd65c297c4e0ca9be6c0b4c9fe2a1b4d461f85d46515a0a078291b924b4e6

                              Download Submit

                            • C:\Windows\{303BAF41-C726-44a9-ABBC-B0FE88F0F64C}.exe
                              Filesize

                              168KB

                              MD5

                              7a1f4f24108bd30c1e8a8cd18042a05f

                              SHA1

                              1a943ffdd3b4c12d7a328ab85126ec47ead8ed0b

                              SHA256

                              935f3d420ee6ed2ce8b2f9f2798027fd43116505d6d09dc0863fdb781debb0dd

                              SHA512

                              df365ba46d298a93d94fe20765fe90913a8267ac11581e138202b6465df535fbbbd16373d987b41b2c639d9a74b393917503f4b0ee847134b216a759d0f7e6e6

                              Download Submit

                            • C:\Windows\{40A3FE16-D3E3-4ad5-9B72-ACD5ABDF7CDF}.exe
                              Filesize

                              168KB

                              MD5

                              4a947ad28a1c6f72850f1b8753b5701f

                              SHA1

                              b23daf34a8376fb9b6675b8e07fee4073a1befdc

                              SHA256

                              1da0902d5c79565758ed7f855996cd68a00d9f3a8a3c916d441d41e0d518a08a

                              SHA512

                              5bce80da6231e891d5f4164e443d2db044b2e11df2092d8128d021067bb91c46cae46d4f4ebd03feba82a4477be848a2aa6b144b7c9a7a896fd0db60223f6d40

                              Download Submit

                            • C:\Windows\{446026A6-7F87-41c7-90CA-48F01CC98917}.exe
                              Filesize

                              168KB

                              MD5

                              143b89d591ed3df3223355e60cbe13d0

                              SHA1

                              9e14963383e84f3d5354afbe5be33d93f26c7b9b

                              SHA256

                              bb439752065cdc3bfae9e3428446f6ff33f56cbc1f8838ba5bfc2beb7fac0249

                              SHA512

                              0c6d6b5fb53ad6e79f127c9a2d7211a67721ad97fc88ef5cfa3dc380e914cfd3b672778faa315eb795f35ab319ea9afb9a256db570c25c676d8b8998c76c3b39

                              Download Submit

                            • C:\Windows\{47FC9C9F-C00E-4782-A9D5-E8C45F12DE89}.exe
                              Filesize

                              168KB

                              MD5

                              ce4cc0d2e6041ec5a88d7db38a379e9e

                              SHA1

                              670d708fb30d38e5e1e6e27d8de0d3b35ebcd9e8

                              SHA256

                              8c9230f0507328affcd72ed63e62dce21f2ead00b47070743c0c889a2753168e

                              SHA512

                              8ceb6947e9db443838c502db2c79907ae862abbef36f4f13985a6aed65d619e4f628b11e651d5271bc51d73e5cfff0ad11bbca6b83a5d247637888a8bb3da197

                              Download Submit

                            • C:\Windows\{80582241-C158-46e8-839E-2AE4FF0469F8}.exe
                              Filesize

                              168KB

                              MD5

                              cc75781ead7a72cb9609bf772ba293af

                              SHA1

                              93078a97464aec70ce75c3762a7f4db25d64367b

                              SHA256

                              e3e4f2ca42d9900bda0350da2512b27a57747538f8574974139157e1a9a2c079

                              SHA512

                              0359f27a6b092b37cdfad9f9d96819ee30512664ac7897f7be8ef9822ab6f34358e0f42726715ee75d0f6f52be6c0ddfd73fde8c80ae4df835a9d04ba66eccdb

                              Download Submit

                            • C:\Windows\{C101C9C7-E770-4941-BB24-A0DFDE97F3EF}.exe
                              Filesize

                              168KB

                              MD5

                              3bed9bb854521697ef1bf1f5fc0d34d8

                              SHA1

                              689093220c59b6c411c399ed772e44d8d28f98a0

                              SHA256

                              7dba81565172c2dac7ad33b1b544d23b15965df61692be65f9fa5e1245cb7bc0

                              SHA512

                              77232e0cb1669487acd7aaf1cdb741c29448997625199f6b99b08610e7a668bbd1388750bc962f74e9a649c25ced23b73c1083c53633a67daca733b770295f9e

                              Download Submit

                            • C:\Windows\{CD36F6F9-1D7D-43f3-9C90-01227878B2FE}.exe
                              Filesize

                              168KB

                              MD5

                              d0a2129686b01f34282956c34c0d1f27

                              SHA1

                              fb0497ea4019168cae96e65e836cbf90a711f82c

                              SHA256

                              145af6ec3a65c5362f5b76d5a372d5c178947891cabddb1a8bed106d65614ada

                              SHA512

                              c55e441dd5bdee7ef3a9f731321b28209d6b7067b6218e119d12ccff471886de2b543a78f4e23f774437aaa7037521834e59bc03ebee9c5a61be28991db9b229

                              Download Submit

                            • C:\Windows\{D14F0934-6B8E-4b85-9960-B15B7ED88DC7}.exe
                              Filesize

                              57KB

                              MD5

                              443ef5e2414e5c5e065c45aae23eb78b

                              SHA1

                              bacb1f7fe8328b425bf3a149265076e3620b2001

                              SHA256

                              003979a4009d3f7e52ad874d99977c77d2a6eb51400305e06116f6604a32c928

                              SHA512

                              b886076c2387c59afdb90c1072c45091201db3a09aa65014af272058910ab17b1732f40210d730dc820b380e8cb63d2a091210cf2d6c99e98a6aa233c97a9e31

                              Download Submit

                            • C:\Windows\{D14F0934-6B8E-4b85-9960-B15B7ED88DC7}.exe
                              Filesize

                              31KB

                              MD5

                              3ea518bbe85434c6af5e4d5f8234e7f3

                              SHA1

                              ce24e0494ece3c78cccaee6ca5443802259f36f7

                              SHA256

                              3d5606a0e29536eb1e74471b2ea1763731eb310ccb056f904421670ba95af648

                              SHA512

                              c223b0bf743f526bd0d318c80ba3455d937ec3c29643b0a35627eb0aeacd484372a283c24ce787bc41c2191c0d7f13850b5b11f45f0efb0d1a9bac7cfe8ce6e2

                              Download Submit

                            • C:\Windows\{F7D6CCD1-7A67-491e-98ED-A6ECFB7D8E2D}.exe
                              Filesize

                              168KB

                              MD5

                              0c92ac4d3d68383e3da8c3800771dd47

                              SHA1

                              9c5ccd2b9a6a847904a30c81b28329e876f03ea4

                              SHA256

                              b40ffc611c24f8734ed20869c96cec37a06f09297ec379729e2188c518507858

                              SHA512

                              035bb69aafc0cdeca4497876f8b4c2dd7229694c9bdfe1e2e103858bb4917a08c7059c038d679653428b045c57b8dac686235092953162d4d17941a5bc3eb165

                              Download Submit

                            • C:\Windows\{FBDE2692-FE1A-4bad-80C7-8F95BA06BD14}.exe
                              Filesize

                              168KB

                              MD5

                              69720bd876e2cf747068af7686098141

                              SHA1

                              45d2c6b3fb1a4b3d68a0e6ea9ce45a2042833bb5

                              SHA256

                              f9968764ef3f95430829ba034f0118aa19916ffeb50a57fa8d83a2aaae411fd1

                              SHA512

                              8bb1bb4e12302b6c2bf896204129bb66c6b18a369b36d7689a6f4148c34febb24729b7db06291ad6fe7f7e744d7f56dc18d4da6bf9c68b06be0642aecd63d2ad

                              Download Submit