Overview

overview

10

Static

static

10

2024-04-09...ye.exe

windows7-x64

9

2024-04-09...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 18:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-09_7478eb763f5c87a16fba32f6ed9ad9be_goldeneye.exe

  • Size

    168KB

  • MD5

    7478eb763f5c87a16fba32f6ed9ad9be

  • SHA1

    27d64b0b5c1e535351e3e7b5fd8142745beba822

  • SHA256

    37b934bb8e6e02b62ea439dbbe7e4ac90c947fe3ca22cb55a3382e35d75cf1fa

  • SHA512

    bbd3c6fc1a94f79e21b02ddd0e06c0df4cfa3c5ba4a8a74bf60fb2e2851b3f6fd1d71f8b928855368ca26c2be999857533864965805fe1752352b8d1a1dfdf5f

  • SSDEEP

    1536:1EGh0onli5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0onliOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-09_7478eb763f5c87a16fba32f6ed9ad9be_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-09_7478eb763f5c87a16fba32f6ed9ad9be_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Windows\{D9E14607-D898-4078-AC83-223C470E15F5}.exe
      C:\Windows\{D9E14607-D898-4078-AC83-223C470E15F5}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4516
      • C:\Windows\{0ADEAC05-BB0D-4f9b-9172-83D06503CAD9}.exe
        C:\Windows\{0ADEAC05-BB0D-4f9b-9172-83D06503CAD9}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3924
        • C:\Windows\{DC23C051-C1A5-4497-8EBA-F25055BF9055}.exe
          C:\Windows\{DC23C051-C1A5-4497-8EBA-F25055BF9055}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2092
          • C:\Windows\{74BFE9B2-EA31-423f-8642-A57069584BCE}.exe
            C:\Windows\{74BFE9B2-EA31-423f-8642-A57069584BCE}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3544
            • C:\Windows\{82AA1B1E-2FE0-4bf5-9AF7-8D63EFB170BC}.exe
              C:\Windows\{82AA1B1E-2FE0-4bf5-9AF7-8D63EFB170BC}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4856
              • C:\Windows\{1D1ECBE4-4853-42bb-9AAA-07C84D0FABD0}.exe
                C:\Windows\{1D1ECBE4-4853-42bb-9AAA-07C84D0FABD0}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1052
                • C:\Windows\{9B581772-2F32-49fc-BE02-9706DC60CE6C}.exe
                  C:\Windows\{9B581772-2F32-49fc-BE02-9706DC60CE6C}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4288
                  • C:\Windows\{2B9E3966-A7CC-41fe-81B2-BA441EBF4D6E}.exe
                    C:\Windows\{2B9E3966-A7CC-41fe-81B2-BA441EBF4D6E}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4456
                    • C:\Windows\{4AE9E4A7-821F-439b-AA4A-86876ABA967B}.exe
                      C:\Windows\{4AE9E4A7-821F-439b-AA4A-86876ABA967B}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2076
                      • C:\Windows\{DAA05EB5-741C-4715-884B-7029B6EB7A8E}.exe
                        C:\Windows\{DAA05EB5-741C-4715-884B-7029B6EB7A8E}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:1744
                        • C:\Windows\{001DFFBF-FD79-4530-BF55-9B754BA44B10}.exe
                          C:\Windows\{001DFFBF-FD79-4530-BF55-9B754BA44B10}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3204
                          • C:\Windows\{FC05BB14-6AC7-4d63-95EC-B905255D6FD8}.exe
                            C:\Windows\{FC05BB14-6AC7-4d63-95EC-B905255D6FD8}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:336
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{001DF~1.EXE > nul
                            13⤵
                              PID:2556
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DAA05~1.EXE > nul
                            12⤵
                              PID:2488
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4AE9E~1.EXE > nul
                            11⤵
                              PID:3900
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2B9E3~1.EXE > nul
                            10⤵
                              PID:4572
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{9B581~1.EXE > nul
                            9⤵
                              PID:2784
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{1D1EC~1.EXE > nul
                            8⤵
                              PID:4408
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{82AA1~1.EXE > nul
                            7⤵
                              PID:780
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{74BFE~1.EXE > nul
                            6⤵
                              PID:4036
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DC23C~1.EXE > nul
                            5⤵
                              PID:1656
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0ADEA~1.EXE > nul
                            4⤵
                              PID:4608
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D9E14~1.EXE > nul
                            3⤵
                              PID:1576
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:1904

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Windows\{001DFFBF-FD79-4530-BF55-9B754BA44B10}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  2840cb4a80c2ea5e1736a3fa45f2d07d

                                  SHA1

                                  6464c513c8e29d7fc05eba9a13034b1798ab97f4

                                  SHA256

                                  1b3dc5221880a9ac5e403ab670a8f59a71b1e58a4b5305b6f768f0df5678867d

                                  SHA512

                                  7edd11ef2f445620bc9c6edeb1e0b233fbbc7870d3445bf6fcbc5c0e968c9ea9fefdae31216a9f3d369ee0c037bac5ece5ad3005e6ee3f55845e3f5d862a9a45

                                  Download Submit

                                • C:\Windows\{0ADEAC05-BB0D-4f9b-9172-83D06503CAD9}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  cd99d286a49ceebfbc545bb36c11534e

                                  SHA1

                                  48219470cf028d73e57933165f5d39edd259fc13

                                  SHA256

                                  a6874b84a2d44f93e293e5cc3638e91c2ffc62cdbc1b288d9bf33171b27ba925

                                  SHA512

                                  67edd3fd7c5c88e9b791a58aea94a7e07a2ca4d9edb79f4bb97a36e82f6589a3eaecb0df69da0b1eb5915be4b6b3ec847dfce28dc22bad2ec2db2740773f5c23

                                  Download Submit

                                • C:\Windows\{1D1ECBE4-4853-42bb-9AAA-07C84D0FABD0}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  948a56ce8548db2942367ff2843e11a8

                                  SHA1

                                  7a0d2046d1fb8b85aaf9e9a5a0ebea896f79db1a

                                  SHA256

                                  aa4455a1c4823dadca8031241c8060e0b6648b5e6a107161f6b56ea6dae3434a

                                  SHA512

                                  83ac598266e92714cdfa6d577667ee21b6d37c951e199c25a82d371a316df472ea54a721572fdd17538dfd0f423c5bf830cfd20699d67c1c9096d8e7824d6612

                                  Download Submit

                                • C:\Windows\{2B9E3966-A7CC-41fe-81B2-BA441EBF4D6E}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  8862c6d074c871c29878a57749936f52

                                  SHA1

                                  a456cbdbc09acd3398d7b6b9a8c087e0d0b00e9a

                                  SHA256

                                  56ce2766b88e26c9f2809b21fd9c9fddc19b0f4026d0aa14c37f7ff5fcc6bda3

                                  SHA512

                                  bfb8a668117f107ddf71ac2ccca6705795a4ddb9c5ec32e8ad03d6310dff8ba80de5291a52b386dde352c6aa87b2242847eeaede133f778aa309f20d0653e6c3

                                  Download Submit

                                • C:\Windows\{4AE9E4A7-821F-439b-AA4A-86876ABA967B}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  e866060773d7849f6b5e5922626407b7

                                  SHA1

                                  25127a6f0c0680f5a30da03ab8ce801312a41578

                                  SHA256

                                  e71b11199a5e5d8b3bd17865ece450ade0ba87e1c3478d1e515925be818e3134

                                  SHA512

                                  c870a4ca4000042e452a3f8dd22e7b071768626f7191b8c22865735c11a8cc7efd636de572682b2578550cde0fd79e58811c1ba8178a773b3374b74c07aa9df2

                                  Download Submit

                                • C:\Windows\{74BFE9B2-EA31-423f-8642-A57069584BCE}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  8bcc7f793d27329be8737a7cfb2d974f

                                  SHA1

                                  628fbf17d7610d03670e4f48500a5ca1e15cd46d

                                  SHA256

                                  d63b47a37f55d8bfc8846ac51f2d251baee5fa3b7a4e9ea94a9a8db0e662435a

                                  SHA512

                                  3f749023cdbbc7e9ca10fcf886394edcc1c70009df78c5049c7d7ca9622746acee625f560d3bd587c48882d966a717e35d438067488f078354d12ca2ecec913a

                                  Download Submit

                                • C:\Windows\{82AA1B1E-2FE0-4bf5-9AF7-8D63EFB170BC}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  fd018827e26895e81c91cb33c971bfba

                                  SHA1

                                  cd854a560f604468b3d1bef3b03e222448bde775

                                  SHA256

                                  388cc851937f032ef321754786018c6fe3907807d6b75918b314131d5092373a

                                  SHA512

                                  1638e420e1bb6b1c7373bebec916ebccca7e890a9c348a9f667e8bb62b8b4857f21dc9c6688b45ec1f71a29647b732b18a43bc4eadd576da2d9e26df015be675

                                  Download Submit

                                • C:\Windows\{9B581772-2F32-49fc-BE02-9706DC60CE6C}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  fdd9f7495f49a1e01ec0952af3caf18f

                                  SHA1

                                  8e5b4eaa4c0daaeb04ef6b3e605992f14a3f9ad2

                                  SHA256

                                  19f199ae351f08a0420d6ce509fce376ba64764ef981e98fe9292cfbdcfc4e1c

                                  SHA512

                                  01c8effed760ac0c38eb0fa60446087e3fb7e6e7e3687db6dee16ec8056dc234c66ce03139ed375174618378ecc6984ecf200604274911879a02374e7f56b54d

                                  Download Submit

                                • C:\Windows\{D9E14607-D898-4078-AC83-223C470E15F5}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  5529b8eca32b18a663683a37818e479d

                                  SHA1

                                  df053f93a782f0b2909f4650aaf11dec42ef94bf

                                  SHA256

                                  f5ed8c358c2deed9bcc4133de88b82e4856fccf0fe945aa9655f3510a7f8ad9e

                                  SHA512

                                  cdae3bc342a9d8c42a7edcb1ecfa4a2641392205d7d7b82dd3b2375831891bf4047509b30417e90a61c2ed0f0fbc9a0826f854a05c78f3a066811cf923eb918e

                                  Download Submit

                                • C:\Windows\{DAA05EB5-741C-4715-884B-7029B6EB7A8E}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  1e0c0841bfa411b9e0dbcb5d84a31d60

                                  SHA1

                                  0cf5a63990ebc77c381b9b01555c1f9db5e1d73c

                                  SHA256

                                  1af60c1c6773c90fc7ecf76bce458373429227c2af8597894c320ac7a09d7371

                                  SHA512

                                  5575ab479157b076c84ac9b533b60701e25ab771530f33b8e2a3090ad3f5fbcdbb44c43e858fc13386fe7313329672654e26f6261f03ebe65514cfe2af45e321

                                  Download Submit

                                • C:\Windows\{DC23C051-C1A5-4497-8EBA-F25055BF9055}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  58d16deff81f2759e4044f61c0382c16

                                  SHA1

                                  552737de6e6fdcd4a2b406846356357e7ec873f8

                                  SHA256

                                  6869773837ac1518466b9431ca15914e3c04115e9da7640912509cb443094201

                                  SHA512

                                  ed31a6a73af390921e598c6e8e4b439747a9f36f8dc055f21e09d189e482ee7b2ff628a00a24397bffbf20f2bb17440e30330d816567afbae851ccff59fa9864

                                  Download Submit

                                • C:\Windows\{FC05BB14-6AC7-4d63-95EC-B905255D6FD8}.exe
                                  Filesize

                                  168KB

                                  MD5

                                  fd831b7be0881bac624405058e84036c

                                  SHA1

                                  3d945db65dd6fecb02e20ce3caf09bf92ec61bf1

                                  SHA256

                                  0f17e6773a01ed7d672dfd4b978c364674f41d1c0e7c1462bda2140b2c21818a

                                  SHA512

                                  92a81cf5da57a0340cc9a64d6294c4c1656a8bddab129551d78ee98b30896e97793be78d02745c9041f1ee1e3cb127e607e434475448b9fc909e1c37633cd3ec

                                  Download Submit