Overview

overview

10

Static

static

10

2024-03-29...ye.exe

windows7-x64

9

2024-03-29...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 04:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-29_589e86406f4d525daf65af854d5851b8_goldeneye.exe

  • Size

    180KB

  • MD5

    589e86406f4d525daf65af854d5851b8

  • SHA1

    e4b004b5d6c9875c796da7974192a7201522c048

  • SHA256

    6014c5a45508c5bc9db8ab5735bc17e70d90b01f295b1ccd62e39be6d308200c

  • SHA512

    329ea11c5a902f60cce68574373edd5fb82d6fc49c4b52a7c05bc35220e009cf895b3c728b4a340477141451598a02546e82ac62fabf40900cde543d6d7ca6a2

  • SSDEEP

    3072:jEGh0o0lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGGl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-29_589e86406f4d525daf65af854d5851b8_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-29_589e86406f4d525daf65af854d5851b8_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\{B9CB09A6-F95D-41b8-BE01-B76D6FDB5A0A}.exe
      C:\Windows\{B9CB09A6-F95D-41b8-BE01-B76D6FDB5A0A}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2212
      • C:\Windows\{70EB22D7-F728-4de3-B208-E52C64446C40}.exe
        C:\Windows\{70EB22D7-F728-4de3-B208-E52C64446C40}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2544
        • C:\Windows\{321A6959-A0E5-4cbc-A2D4-5C7C7C1481B2}.exe
          C:\Windows\{321A6959-A0E5-4cbc-A2D4-5C7C7C1481B2}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2560
          • C:\Windows\{7F3DCDFF-400B-456e-B900-6ADC5D42C915}.exe
            C:\Windows\{7F3DCDFF-400B-456e-B900-6ADC5D42C915}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2448
            • C:\Windows\{BC0DD400-49BB-4653-9F8F-2A100D757D20}.exe
              C:\Windows\{BC0DD400-49BB-4653-9F8F-2A100D757D20}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1316
              • C:\Windows\{018E01BB-3980-4584-8A16-CDCB20FADFB1}.exe
                C:\Windows\{018E01BB-3980-4584-8A16-CDCB20FADFB1}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:628
                • C:\Windows\{50B1F287-B613-497c-B11F-C8ECA95BA244}.exe
                  C:\Windows\{50B1F287-B613-497c-B11F-C8ECA95BA244}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1560
                  • C:\Windows\{3ACAE4BE-8647-408b-9CE7-8FC13BCBFE06}.exe
                    C:\Windows\{3ACAE4BE-8647-408b-9CE7-8FC13BCBFE06}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2744
                    • C:\Windows\{D152597E-1657-42ed-B106-E53ADAE8E0A8}.exe
                      C:\Windows\{D152597E-1657-42ed-B106-E53ADAE8E0A8}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1396
                      • C:\Windows\{00347FB0-68E5-4e42-B059-258F9A267A92}.exe
                        C:\Windows\{00347FB0-68E5-4e42-B059-258F9A267A92}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1820
                        • C:\Windows\{4F837242-8F12-40b0-8E4B-182AD1DBE5C9}.exe
                          C:\Windows\{4F837242-8F12-40b0-8E4B-182AD1DBE5C9}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1616
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{00347~1.EXE > nul
                          12⤵
                            PID:592
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D1525~1.EXE > nul
                          11⤵
                            PID:2092
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3ACAE~1.EXE > nul
                          10⤵
                            PID:2956
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{50B1F~1.EXE > nul
                          9⤵
                            PID:308
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{018E0~1.EXE > nul
                          8⤵
                            PID:1808
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BC0DD~1.EXE > nul
                          7⤵
                            PID:1192
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7F3DC~1.EXE > nul
                          6⤵
                            PID:2820
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{321A6~1.EXE > nul
                          5⤵
                            PID:2556
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{70EB2~1.EXE > nul
                          4⤵
                            PID:2568
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B9CB0~1.EXE > nul
                          3⤵
                            PID:2636
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2340

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{00347FB0-68E5-4e42-B059-258F9A267A92}.exe
                        Filesize

                        180KB

                        MD5

                        e8267dace8d05872b3a9f42850639a8a

                        SHA1

                        010a58c64b49cba89b9f1902fc5b36cc29bc29e3

                        SHA256

                        0cb2b3a1c8f54545635f77ffc91da02527352065cfce0af93cf226070d436a49

                        SHA512

                        2f2d2528ae99b2ed052275ab65e8d2c82afdf1fdf69eddc7ce50ccebd0f831b11d66a129e227914d4e0f40aecb72d182853b758fc73ff24065104ff61e405ea5

                        Download Submit

                      • C:\Windows\{018E01BB-3980-4584-8A16-CDCB20FADFB1}.exe
                        Filesize

                        180KB

                        MD5

                        a6647955cb2c15a04ca607724e2cea78

                        SHA1

                        9abb57e41a00ad9b2aa7552165e107dbae7f18a4

                        SHA256

                        7cbf9bb1701e45a26bb331f54444283c6432c088198fe2b17f824c8e3e77b4e4

                        SHA512

                        dc0b333e814465c7220932ec0e77fd429f7c2d895f467364831e06b4617d69c7437adfbcb015b8f14cda631280645ad0c8333f1ccd24e736cd12e29d2a265adf

                        Download Submit

                      • C:\Windows\{321A6959-A0E5-4cbc-A2D4-5C7C7C1481B2}.exe
                        Filesize

                        180KB

                        MD5

                        03bb5366856822df1fba6cdd7a360096

                        SHA1

                        5eb4f1f2e683006a78e76366f20e3378dd185fc7

                        SHA256

                        c1f7674aa58fe622d2913ec4b733dbc7eabcc1a7ffea01a5f221a7c727aa824b

                        SHA512

                        1c0c25fffdd1cbfb85c84eef9c7127e40ce1b860bec15dc0181158df9078ecd3b397dbfcad091fe23def43f181fc2f4514b6148b1104a77b08e7f90f99ba3b8b

                        Download Submit

                      • C:\Windows\{3ACAE4BE-8647-408b-9CE7-8FC13BCBFE06}.exe
                        Filesize

                        180KB

                        MD5

                        a17f8dd44b44020835b91f32c1959c7f

                        SHA1

                        968229b21ec20310f2f4eeab1bef7d303be9832e

                        SHA256

                        bbea9d04738ec1012b41a2afada98bf776af2719b24089919348775dece05d8f

                        SHA512

                        a990532acc75ad73f730080736dd10e81af85c7d1b93cfe713861a18797868569425077e196cc989c60f3d4ee21f8362a9dcf9658959d94e58c8f2c01bc845cc

                        Download Submit

                      • C:\Windows\{4F837242-8F12-40b0-8E4B-182AD1DBE5C9}.exe
                        Filesize

                        180KB

                        MD5

                        f0dd0578639d357d1bf65a84287e3193

                        SHA1

                        00561aec4fd3d929acd21a99cd62cc6e56d942fe

                        SHA256

                        ae8bfb763f4d92eafa5114692ed5fbd901c370ce33e1d40a4ca46116db398353

                        SHA512

                        aa4283c7850e9e4b8ed200ad065ca014fda5abb4a0b60b5376ccd9d1cc12adda15671b349516648a3a119136f400ef2c926f26b6792b3f128dca6f73680f81bb

                        Download Submit

                      • C:\Windows\{50B1F287-B613-497c-B11F-C8ECA95BA244}.exe
                        Filesize

                        180KB

                        MD5

                        3d3dda863b8c8b0ed7069df20c4418e0

                        SHA1

                        2b08e208f7ad7ba68a8fd179a643398908578577

                        SHA256

                        609b22775643a987db46ec9029252c265afe494beeeee1eba439eea3349ed134

                        SHA512

                        b5dc1fbc91a918f5a84c473d7ed45b871ff41a93d3a3c7efc8bfaa1f3e400772b8eea071b87901b3f8253311ab5f93063e9fa9d14ce524a79e08b5cafa0eb0f2

                        Download Submit

                      • C:\Windows\{70EB22D7-F728-4de3-B208-E52C64446C40}.exe
                        Filesize

                        180KB

                        MD5

                        7fdb19064045da6ac924013fa9b739bc

                        SHA1

                        7ecba11f3555c66053ce5355eb14a02f9ba611c5

                        SHA256

                        60c0119c923635e34d932868342bbee7a0628591a785d8f5bc8a4f6d016b043a

                        SHA512

                        4b4ddcaccfc7f55e4f523bf2357630f233c97695bd366e5b5fd095afd44a38f1328b4e6e7ef75147bd00b47f9da400e61e643060917c32f507f8e4a452593c14

                        Download Submit

                      • C:\Windows\{7F3DCDFF-400B-456e-B900-6ADC5D42C915}.exe
                        Filesize

                        180KB

                        MD5

                        e7058e8090197418a88d8dadaca562ce

                        SHA1

                        8b9495e32306b9e3f780c837e4e17853ea1fdb73

                        SHA256

                        db4dbcf1f9934c240861801feb997ccd925fb0dbd5b7552da6c1b94c267dbfd4

                        SHA512

                        84f9f4ec3384aca133802d35844c216d0f06ba8a0ad041a031b9b822cebe29790c3eb5b9ad1462280bf8f8fa724daab29fab1cc052c8bb04800a0f781945b1aa

                        Download Submit

                      • C:\Windows\{B9CB09A6-F95D-41b8-BE01-B76D6FDB5A0A}.exe
                        Filesize

                        180KB

                        MD5

                        ce287991044eee1fc4a813048aa86f4d

                        SHA1

                        25e044fbc216bf8dce1d2b1569ec5658fc0a6d09

                        SHA256

                        84647f5f2a9fdad9e0f294c6f0f9270d61f14fd32339bf3c7e9719c149b25b69

                        SHA512

                        f7002cc097e60c833b9cd4e2e7e3e63a55940c71c599a24a3ecdbd68ecdd16177f145bddbf4a1589b4c7b1750a7703c8ecf6d4735e665f3eb8b7114565a5c592

                        Download Submit

                      • C:\Windows\{BC0DD400-49BB-4653-9F8F-2A100D757D20}.exe
                        Filesize

                        180KB

                        MD5

                        d80baa3d46c4301cf9a4c6337d02577f

                        SHA1

                        aef41129cd7c7d5e60d7340b36200249b16342e2

                        SHA256

                        e13c1591ae3c157ec452dc28d071bd4ae86cfd1484e11207f8e168945ec4fe9b

                        SHA512

                        be1ed025f9e2ff9fe519b9f9962121af4827240a2043033daa5c21144f28bf548f3bcd9705c2108ee65a7171b0d4d7c1e75d04e92ffa3b7040d9f314104e793d

                        Download Submit

                      • C:\Windows\{D152597E-1657-42ed-B106-E53ADAE8E0A8}.exe
                        Filesize

                        180KB

                        MD5

                        287c6e922018d9231dc80058c8234b64

                        SHA1

                        1741315cd99a288698824ac93a979eba91fa6385

                        SHA256

                        86e97d6ba8e8e57716f1893dbcd18c45f5e49b1a520be4c976271f05b54f7e47

                        SHA512

                        ac819c53755fc3ccca0dd7f0629c0b41e65c6138b3459e4bfd532eaffb7ea0e87638afbe7230843f2f0afb866fc6c0633593867215ad3c03ebe1395aba3a3b87

                        Download Submit