Overview

overview

10

Static

static

10

2024-03-14...ye.exe

windows7-x64

9

2024-03-14...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    168s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-14_aa5b4e69f65f4c40bb82eb38fbfa2884_goldeneye.exe

  • Size

    380KB

  • MD5

    aa5b4e69f65f4c40bb82eb38fbfa2884

  • SHA1

    9281fa547640478410faf17ce58776d6f0dcf915

  • SHA256

    cffbbea26e94db4d5db9a26d676f25d725268e6d4fe3c7a689aa297ac13f657d

  • SHA512

    cbd9752cbd41ca4b0843a47d081f91b98cbc43049a48e5cd430f8882536e261723ee58acefbcefc23211111170628958c10c2adac6aaa2843cef6ea3a6d2cce3

  • SSDEEP

    3072:mEGh0oclPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGil7Oe2MUVg3v2IneKcAEcARy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-14_aa5b4e69f65f4c40bb82eb38fbfa2884_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-14_aa5b4e69f65f4c40bb82eb38fbfa2884_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\{7A256BDF-D187-4e70-9C52-DA74B6678D67}.exe
      C:\Windows\{7A256BDF-D187-4e70-9C52-DA74B6678D67}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3772
      • C:\Windows\{C2651621-97E7-4c67-94DD-3CC20190005E}.exe
        C:\Windows\{C2651621-97E7-4c67-94DD-3CC20190005E}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1492
        • C:\Windows\{9B063D45-5E37-4320-BF0E-D4330E1AAD00}.exe
          C:\Windows\{9B063D45-5E37-4320-BF0E-D4330E1AAD00}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4744
          • C:\Windows\{E4540CD0-636D-4f25-AC26-D73B79B89DC7}.exe
            C:\Windows\{E4540CD0-636D-4f25-AC26-D73B79B89DC7}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:5108
            • C:\Windows\{EFB2B7CB-BEEF-4cec-B415-FCB0532AF943}.exe
              C:\Windows\{EFB2B7CB-BEEF-4cec-B415-FCB0532AF943}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1832
              • C:\Windows\{C1366475-159A-434f-A276-E341323F4C3D}.exe
                C:\Windows\{C1366475-159A-434f-A276-E341323F4C3D}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3248
                • C:\Windows\{09BB3B2D-09A9-45a1-96B8-8F94B3EE34C3}.exe
                  C:\Windows\{09BB3B2D-09A9-45a1-96B8-8F94B3EE34C3}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:628
                  • C:\Windows\{887F9FF8-6079-4ef9-BD46-D4B00F0C40FE}.exe
                    C:\Windows\{887F9FF8-6079-4ef9-BD46-D4B00F0C40FE}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4128
                    • C:\Windows\{30F7F16F-04D7-4bed-8236-7C489FD1AE75}.exe
                      C:\Windows\{30F7F16F-04D7-4bed-8236-7C489FD1AE75}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4888
                      • C:\Windows\{A2A9AB17-0FA1-435a-8F6B-864D1F7FD246}.exe
                        C:\Windows\{A2A9AB17-0FA1-435a-8F6B-864D1F7FD246}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:2352
                        • C:\Windows\{8BCC95C1-A5FF-4f4e-9D69-F5494E929789}.exe
                          C:\Windows\{8BCC95C1-A5FF-4f4e-9D69-F5494E929789}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:4052
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A2A9A~1.EXE > nul
                          12⤵
                            PID:3088
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{30F7F~1.EXE > nul
                          11⤵
                            PID:3804
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{887F9~1.EXE > nul
                          10⤵
                            PID:2416
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{09BB3~1.EXE > nul
                          9⤵
                            PID:4484
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C1366~1.EXE > nul
                          8⤵
                            PID:2236
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{EFB2B~1.EXE > nul
                          7⤵
                            PID:3372
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E4540~1.EXE > nul
                          6⤵
                            PID:4220
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9B063~1.EXE > nul
                          5⤵
                            PID:4484
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C2651~1.EXE > nul
                          4⤵
                            PID:4084
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7A256~1.EXE > nul
                          3⤵
                            PID:1940
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:5060

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{09BB3B2D-09A9-45a1-96B8-8F94B3EE34C3}.exe
                          Filesize

                          380KB

                          MD5

                          590d06baa2cdd38227e1e8649a793be5

                          SHA1

                          dabf6fa2885e926a60240b7d91e8c01e683ffbde

                          SHA256

                          39891afb6c72be781bf080e3262eda3f5311100be9d61a2624ae31f805949eae

                          SHA512

                          a18bb40f3cc1f99a68ec042ae7485b9db7f11e8bdb3d2e982efc38fdcf1e5965b5eb3903e93c3a71dbdb633b056436f5715aa8f8a9de3bd836536d29c2ade0d2

                          Download Submit

                        • C:\Windows\{30F7F16F-04D7-4bed-8236-7C489FD1AE75}.exe
                          Filesize

                          380KB

                          MD5

                          7def4d7ad16854ac2778bfe5ffb50881

                          SHA1

                          600b40c137de1d48e747c7b6f476c374dfa461d7

                          SHA256

                          0593486380935bd2d5cfab4ffc2cc4d8a0e4643279aa57ae81c776485aa56353

                          SHA512

                          87a9a829b619ac0dc22c7cdbe9001b89f8f2d2b5059bdac91cc8b5f614ad23cd9057f7b524653788d1e9a6f11c5dbb1003618b39a8c474aa26436697aa37c129

                          Download Submit

                        • C:\Windows\{7A256BDF-D187-4e70-9C52-DA74B6678D67}.exe
                          Filesize

                          380KB

                          MD5

                          73d154f6546f4bc907b6ccf6394c84c2

                          SHA1

                          c7f097e879b14b7f93bb791bb0d9747e574f08ce

                          SHA256

                          02bae316be497f3e156f71ddbc138d26192b37927e25181d624e0bbc778c1b72

                          SHA512

                          2a42f4b5c28c99d22c34500bc1337a9674bf1c73e85115287616d030afbf6a452896d71a0988891c426836aabe6ab6a5c11b138b14561cb63bb6fe5af5d1a05a

                          Download Submit

                        • C:\Windows\{887F9FF8-6079-4ef9-BD46-D4B00F0C40FE}.exe
                          Filesize

                          380KB

                          MD5

                          f658760dc02c600009ec72011cedd04a

                          SHA1

                          dcbd2ccda0822789e8ffd88bb378ebff9c7c1b1c

                          SHA256

                          43ef84873e17772d465c3eef1f1efbe5e47481125a6651e8f0b548978b61c114

                          SHA512

                          636042c9360480a95527914f0aab80f520b90d63b179223400cfd39019532465fa335c6644332c723636769acf20fdda0acfd1f00712dc33deaeadc165db8639

                          Download Submit

                        • C:\Windows\{8BCC95C1-A5FF-4f4e-9D69-F5494E929789}.exe
                          Filesize

                          380KB

                          MD5

                          d13c2012deb657921963f7bfb30a5596

                          SHA1

                          7f533cb46f48bdad681e3d5b48d0556bacdc8ffc

                          SHA256

                          2f158509dd009e61c9e061910e5730e784e428bf81d3eb7b5eed5b4676562095

                          SHA512

                          16b7f9d1a474cf86fab6954b574808b09396e657d031f904a8b8a10e85d32ef838bff8297b72b4fb8988d341d1f8d9abce1281373a2500076223bdeab5724c44

                          Download Submit

                        • C:\Windows\{9B063D45-5E37-4320-BF0E-D4330E1AAD00}.exe
                          Filesize

                          380KB

                          MD5

                          b4623bd669d7e6be19f85a100290bc39

                          SHA1

                          cc91783c91540acd1b0f0a9128c7633b30119607

                          SHA256

                          8ae56f474b6fae54c0ca42cf8342397efdd4ef6cbe4e5d4fe98678ad185c96a3

                          SHA512

                          3fbd0250f085b65d134d4599351b8a1ceb104f3e0e053db291b467ae0709bd01b17dee2cdc9393e00e0b3c4b60d0289e838e38a24f1f3d57fb51fd61c9579194

                          Download Submit

                        • C:\Windows\{A2A9AB17-0FA1-435a-8F6B-864D1F7FD246}.exe
                          Filesize

                          380KB

                          MD5

                          5e0e1b9b04bc98ccd5c3ca1f24f018fa

                          SHA1

                          680ccb2c71b846f8b22fbd5ddb26cc47ee90969e

                          SHA256

                          000b221bdff1175f4c34e775eedfa5ffab58dbc19f4bb11fa9df2b4cf16a002c

                          SHA512

                          8c2e5ded8515e52324132218d94454253fbaf13c2bb2558eea332c4b6d232bccccd84927eb0bd70d89fe5c9a9e525128e69598bdb0e0c95994e3e72e666b0558

                          Download Submit

                        • C:\Windows\{C1366475-159A-434f-A276-E341323F4C3D}.exe
                          Filesize

                          380KB

                          MD5

                          8648e513271fc9179f75e66eb2aeabfe

                          SHA1

                          deb428c6541587d0ef9f919777a5ee71c8419dab

                          SHA256

                          37f3119a3f9a50c2501c819274beac5aeb813ce53e4556d32943fe6939282150

                          SHA512

                          4edacf9651616944cf5ccb050fedda87c4d77bc50f41431db7f287aee04b0d0dba082035f123c44445968c0f4e8e880f388d4946c99572439cec57075dd8f7f3

                          Download Submit

                        • C:\Windows\{C2651621-97E7-4c67-94DD-3CC20190005E}.exe
                          Filesize

                          380KB

                          MD5

                          3b0b17e0a74bd51fe2acc02382bbd7f2

                          SHA1

                          27d6c615f61fc208fa110673fb4bdd294f0c0699

                          SHA256

                          14f3613ede07e7a9160489c377a752b599732c990e039aad2b88b0ea3231e864

                          SHA512

                          cce4d0097130756f1d4ebf77e8b88ca61a4486c49d1bbc4e0a4a3d3203929e053b52882d876e0e94a7e511f71cc9df4cd83048a1c2923913da5c1ec712691515

                          Download Submit

                        • C:\Windows\{E4540CD0-636D-4f25-AC26-D73B79B89DC7}.exe
                          Filesize

                          380KB

                          MD5

                          c11b3e116d50ce45c3c58e8e88f2a4f7

                          SHA1

                          fd73ebce730a39c1bd425a99b0d6ca9fc0722d11

                          SHA256

                          3bffb81821722269663c10ba53b6b0ea32542c7266f1bef919ec7076df193d88

                          SHA512

                          33fdb9542e56037be315676f5833f02a57b401ad653e612f5839ca686c57d562d2453df7754ce39a5e9a1009c4034bbd63308c37e890d015488fb17611bc8029

                          Download Submit

                        • C:\Windows\{EFB2B7CB-BEEF-4cec-B415-FCB0532AF943}.exe
                          Filesize

                          380KB

                          MD5

                          8dcde8c9748b7df32623f87a0fcf6193

                          SHA1

                          f97143b4134cc6f57d29ca3842afd3b1ef08cadc

                          SHA256

                          781abdc5e1a33d68a2fefba061e636cdc18144762181f6ef96f79bc79e9a16f4

                          SHA512

                          bfda59e5e0ef06ae220f8951e03e10c53c9c22a8706ddfc9f53e2e7a4ccfcb24c77acb627e3f9de32629edd826ac1ea240481844bb503777133da785ccb342cd

                          Download Submit