Overview

overview

10

Static

static

10

2024-04-05...ye.exe

windows7-x64

9

2024-04-05...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-05_c640cad00d33bdb80c5825847634a27b_goldeneye.exe

  • Size

    408KB

  • MD5

    c640cad00d33bdb80c5825847634a27b

  • SHA1

    adce47bf433e76ec23d9471e87ed369a80eb51f2

  • SHA256

    626379c00f64a824f5b680eb0a1359efc2659dabce4c63edd0c2928b2854c63d

  • SHA512

    a2975b539fd3237a476b86cc8e08a441a7fef349a0c1dc5445d4b5ee78ce33e5eecdde1ff6f510e5ac6843dbadb8a6358a00d4c603dbffd8f7f01ed70750a487

  • SSDEEP

    3072:CEGh0oLl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGJldOe2MUVg3vTeKcAEciTBqr3jy9

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-05_c640cad00d33bdb80c5825847634a27b_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-05_c640cad00d33bdb80c5825847634a27b_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4344
    • C:\Windows\{01108F4E-08E6-4233-8135-C28F548811BF}.exe
      C:\Windows\{01108F4E-08E6-4233-8135-C28F548811BF}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3784
      • C:\Windows\{ADE1286A-633D-4d70-8FF8-D97A1EDAFC9B}.exe
        C:\Windows\{ADE1286A-633D-4d70-8FF8-D97A1EDAFC9B}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3536
        • C:\Windows\{EE18770B-E5DC-4591-870F-50D3FFCBE9C0}.exe
          C:\Windows\{EE18770B-E5DC-4591-870F-50D3FFCBE9C0}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2384
          • C:\Windows\{1ACAAB9B-CCCA-412e-AF9A-1EE00E2D1809}.exe
            C:\Windows\{1ACAAB9B-CCCA-412e-AF9A-1EE00E2D1809}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2456
            • C:\Windows\{79F1170E-7513-487a-9D65-30BF6552081B}.exe
              C:\Windows\{79F1170E-7513-487a-9D65-30BF6552081B}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2516
              • C:\Windows\{DC94567B-FFC7-46df-BCD3-DBC9F2A49FD4}.exe
                C:\Windows\{DC94567B-FFC7-46df-BCD3-DBC9F2A49FD4}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3392
                • C:\Windows\{FBD5573A-ABCB-4f44-A8A0-425C123FC6F6}.exe
                  C:\Windows\{FBD5573A-ABCB-4f44-A8A0-425C123FC6F6}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:3052
                  • C:\Windows\{00F30146-A913-4ab4-B2AF-7838FB8E23D4}.exe
                    C:\Windows\{00F30146-A913-4ab4-B2AF-7838FB8E23D4}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:528
                    • C:\Windows\{6458604F-6DCB-495d-9A71-ABF1D1D3CE7C}.exe
                      C:\Windows\{6458604F-6DCB-495d-9A71-ABF1D1D3CE7C}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4180
                      • C:\Windows\{7E4B71E5-4FA3-4882-BEB8-DFCC4C0F986D}.exe
                        C:\Windows\{7E4B71E5-4FA3-4882-BEB8-DFCC4C0F986D}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4748
                        • C:\Windows\{A76805A6-B69E-4b18-957D-45A758B2750F}.exe
                          C:\Windows\{A76805A6-B69E-4b18-957D-45A758B2750F}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2664
                          • C:\Windows\{4E549B19-FCCF-49fb-8C29-669434030227}.exe
                            C:\Windows\{4E549B19-FCCF-49fb-8C29-669434030227}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:2980
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A7680~1.EXE > nul
                            13⤵
                              PID:8
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7E4B7~1.EXE > nul
                            12⤵
                              PID:4344
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{64586~1.EXE > nul
                            11⤵
                              PID:4968
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{00F30~1.EXE > nul
                            10⤵
                              PID:4624
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FBD55~1.EXE > nul
                            9⤵
                              PID:4808
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DC945~1.EXE > nul
                            8⤵
                              PID:2280
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{79F11~1.EXE > nul
                            7⤵
                              PID:3920
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{1ACAA~1.EXE > nul
                            6⤵
                              PID:4284
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{EE187~1.EXE > nul
                            5⤵
                              PID:4140
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{ADE12~1.EXE > nul
                            4⤵
                              PID:3704
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{01108~1.EXE > nul
                            3⤵
                              PID:4032
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2788

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{00F30146-A913-4ab4-B2AF-7838FB8E23D4}.exe
                            Filesize

                            408KB

                            MD5

                            ff7e8d07c2316ce73535cc6ec67a8309

                            SHA1

                            9616defbb8a4e5acf2164e96dcaa7b9f794686ca

                            SHA256

                            f225598880ccfa4689dd18a7b6214026b131617ed9f90edcd549500355ae0bde

                            SHA512

                            9309e237930d4eaf6d633c8b28db298ab0adf9747b6c1b2b823bfde0d47685f046ce75e33a0dee7ed272edcb18096cb86e1e9b105656f9192bf748472943db23

                            Download Submit

                          • C:\Windows\{01108F4E-08E6-4233-8135-C28F548811BF}.exe
                            Filesize

                            408KB

                            MD5

                            94200d7dbfbaae82e49afdd3872e75aa

                            SHA1

                            576fd239072f3a7a61f290c3f1339f7e7a1e5bad

                            SHA256

                            89c41a1547f0efc46c8ab3340fa535a9dcd2e6666127515b34031bf4fea2d888

                            SHA512

                            dd629d0c486e3b80aec747938ef62b2c40ab81d95d3708d25558f78558061f439117af0f880d660a1bc77cb13908ea82baf9e3221eb73812efac847a8a3b75cf

                            Download Submit

                          • C:\Windows\{1ACAAB9B-CCCA-412e-AF9A-1EE00E2D1809}.exe
                            Filesize

                            408KB

                            MD5

                            5e40bbad783f688f0f6c43a6d1e15ffb

                            SHA1

                            eabb40e0672f50faa169cd3158aaac4cdb6fadfd

                            SHA256

                            8b24981f9cfe5444d23e0d40c4f2d62af794cc007bd63f5b356373b96eae050d

                            SHA512

                            8d04734c3e5d5841186aaf39677136d86b0b1ad219b771a413aa81e5387aa07226035a15f8eba2451e706eeb6bf3affb3b7ce0562b7203fdaeaf93584b0c80c8

                            Download Submit

                          • C:\Windows\{4E549B19-FCCF-49fb-8C29-669434030227}.exe
                            Filesize

                            408KB

                            MD5

                            920e58c6d9d9e1b226824163e08faa00

                            SHA1

                            02a28b824fa33b8c92d72657e00ac8f06300da9c

                            SHA256

                            3a3e43886304896749aa693116e28793ed14fa0f5b7bcef0231a03d6b1add2c9

                            SHA512

                            5102d71861c70a833865ed4dea30bf9037ba8aadcfd7cf2d4dc3b7ba6b2eff636b68e0e988a2114673f0772a36dc7e3ca91dede0c6f386b1a35a86ec31a7fa5c

                            Download Submit

                          • C:\Windows\{6458604F-6DCB-495d-9A71-ABF1D1D3CE7C}.exe
                            Filesize

                            408KB

                            MD5

                            85d6afea112b3f26bdada9fb9b6d9a3a

                            SHA1

                            245e78e444f61eb5f87b4bea24310027c982f838

                            SHA256

                            b6f9a32c7bb4137f746e96bf248de97ba564fb6d038a62f2af550f7d1cf14cfc

                            SHA512

                            aca96f4efd4eec6760d06bfd219510ae3d9ef4930b507774274393c11f450adf3a833de05847ee0cffab6eec244602b8b774d2cab58ae0156ced032c80738005

                            Download Submit

                          • C:\Windows\{79F1170E-7513-487a-9D65-30BF6552081B}.exe
                            Filesize

                            408KB

                            MD5

                            2b8435eb3a4598e8787832fb6ca2eb1a

                            SHA1

                            71cd44064130bc73d6dd08f5eddf7fa0af357596

                            SHA256

                            deada0febf34b7a4549c40895d509a9b132da4108bd94eb357f44c6be36f849a

                            SHA512

                            b10a8010836dbb8d4655f4ea620673853e44c6341b01f0bb3a39e3eb0addd2608dfdfa66033073d98cb3b1a39f72e69f3678d99511f7f31563e165ef88933e36

                            Download Submit

                          • C:\Windows\{7E4B71E5-4FA3-4882-BEB8-DFCC4C0F986D}.exe
                            Filesize

                            408KB

                            MD5

                            bd22d63ab630df04b204b70ed8112420

                            SHA1

                            2cbaaa36ad9db4177d6c213b0d2db769d7a71714

                            SHA256

                            e457083283dd16f078fef49cc644a5e980d567ef3f960367272326597c82a2c5

                            SHA512

                            a7ab9556f2a52d3bc471029ce4d8ef8871c03e0ff5928d1db439ff8cba653b06aa3d5d6043df98a82da1253d58c939c50cc913a8ac59f7d37250afe6f8f0fcc7

                            Download Submit

                          • C:\Windows\{A76805A6-B69E-4b18-957D-45A758B2750F}.exe
                            Filesize

                            408KB

                            MD5

                            2da0cec187fadab9e451d391594b4ba4

                            SHA1

                            55398bcfed5d020d05fb407978f82854d39d5b54

                            SHA256

                            454027b0ae47bcc180dce2c38f1bf26921e93054d0f56916e1037a2615f3c40b

                            SHA512

                            410ae69f09678ac6f890750b4a0f84b2a20ac51624345df7fe0f3c81e5a40ead49a2fc9d0092e7e470f4f103e897797a71e904d8c3a3dd5fc49ca6e826c0a42f

                            Download Submit

                          • C:\Windows\{ADE1286A-633D-4d70-8FF8-D97A1EDAFC9B}.exe
                            Filesize

                            408KB

                            MD5

                            a1f18b79f21e6db1ffd1a932511120e1

                            SHA1

                            487332ed9b0ebab48cf115c8324d5005ca997953

                            SHA256

                            6d293908b74d4e02c3b367c7da867d4f1053a6a8e9ef3c10178047dfc3104a85

                            SHA512

                            cbca171a46c7009d4a77259333efaad19924174750010b8b0abe68738e23954281ed352fb18fb716a9e8f4e6797b88f031822ad49b0e14474a3573bb55a1faae

                            Download Submit

                          • C:\Windows\{DC94567B-FFC7-46df-BCD3-DBC9F2A49FD4}.exe
                            Filesize

                            408KB

                            MD5

                            b09164a16d2201b2325dbdeb423956eb

                            SHA1

                            ab8e732fe0452a2ae822c953e48fe3f26445ca73

                            SHA256

                            342a482162f7a75dc1fe776070ff8d71080008c073ea567123f535444c6305f3

                            SHA512

                            8b89e27c7d9e0562f1823bcc14d8f492a893d51cc675e9408160052aababd09f3f667ce0914cc027fc9dfcfaee9ea8c58803baece500571917e6e3abc840ed8a

                            Download Submit

                          • C:\Windows\{EE18770B-E5DC-4591-870F-50D3FFCBE9C0}.exe
                            Filesize

                            408KB

                            MD5

                            02ea8fac3c3a7743ababd1064298c080

                            SHA1

                            d2ae3e767c2765fa3b4443ada393eae64b96f167

                            SHA256

                            2eab14b41b2608a15e18fe035553ed43ab275fce9fc4bc9c3bdec7a99ac604e4

                            SHA512

                            8f3b15ff8b164408393060b6d169059298856622f380a3bd0c7cf0f79c25fa7535382cf9e3784dae8437fb1b88285338b4368aa805e6e79b83f1965a237e6b57

                            Download Submit

                          • C:\Windows\{FBD5573A-ABCB-4f44-A8A0-425C123FC6F6}.exe
                            Filesize

                            408KB

                            MD5

                            3849a061e14dbeedac522f78cd13bdd1

                            SHA1

                            6ccd3a329902170774a2cee6a6e55cad52c5ad9d

                            SHA256

                            f223e0604abf8c257ce47e1b0fb63e52bc77689696f928d508e1148c0395c986

                            SHA512

                            b1e1a733627d6dcd45356ac6785aee136889a84c7ace286edc57f2b4484e871e862b6e19f34aad07bdfdf9c98edac711a3ce84de72e0334219617c6493fefadd

                            Download Submit