Overview

overview

10

Static

static

10

2024-04-10...ye.exe

windows7-x64

9

2024-04-10...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-10_6229cb26bbd088e6796c364e03b807c6_goldeneye.exe

  • Size

    216KB

  • MD5

    6229cb26bbd088e6796c364e03b807c6

  • SHA1

    5d31372d2439df50ddf15b9a9d1c7f6e9d7674f0

  • SHA256

    ae76db1319fe94de8c4ede1c4f671c7be99a7f65a114ae2515b853d19a7db8cb

  • SHA512

    69ddfba2f087e58f2c733a6635889025677f27c98293a5b6f9bf82fcdac1251f34a0dc96717e159cb1492722f5fe471951b10fd4c7fd009ba7c1cd75255d0cf1

  • SSDEEP

    3072:jEGh0okl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGSlEeKcAEcGy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-10_6229cb26bbd088e6796c364e03b807c6_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-10_6229cb26bbd088e6796c364e03b807c6_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5004
    • C:\Windows\{9D4CCDBE-62E1-46df-9ED5-D8C3EB0FFE9D}.exe
      C:\Windows\{9D4CCDBE-62E1-46df-9ED5-D8C3EB0FFE9D}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5892
      • C:\Windows\{444CBCFE-4E25-4e13-822A-EC3BD43BB52E}.exe
        C:\Windows\{444CBCFE-4E25-4e13-822A-EC3BD43BB52E}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4004
        • C:\Windows\{90C2FD2B-8774-4478-93F8-E43E8CC6B6A8}.exe
          C:\Windows\{90C2FD2B-8774-4478-93F8-E43E8CC6B6A8}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4012
          • C:\Windows\{BCA49CBD-BCA1-4f1a-9D95-2F07A3B125BC}.exe
            C:\Windows\{BCA49CBD-BCA1-4f1a-9D95-2F07A3B125BC}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3520
            • C:\Windows\{B295CFF5-62E5-497c-B133-5C52687766DA}.exe
              C:\Windows\{B295CFF5-62E5-497c-B133-5C52687766DA}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:5132
              • C:\Windows\{9B0A4253-EAFF-45a7-97B8-2B2A693E3910}.exe
                C:\Windows\{9B0A4253-EAFF-45a7-97B8-2B2A693E3910}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4288
                • C:\Windows\{4C5D0C1C-8DC2-4a30-AE2D-FA3578A499D0}.exe
                  C:\Windows\{4C5D0C1C-8DC2-4a30-AE2D-FA3578A499D0}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2588
                  • C:\Windows\{922E49C2-8071-45c7-B34B-68B8BD976488}.exe
                    C:\Windows\{922E49C2-8071-45c7-B34B-68B8BD976488}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:5124
                    • C:\Windows\{3B085696-9538-4ac5-8ECA-3960DDAE9ACB}.exe
                      C:\Windows\{3B085696-9538-4ac5-8ECA-3960DDAE9ACB}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1704
                      • C:\Windows\{05185F87-1B1B-4d15-941E-1DBE8E342BE1}.exe
                        C:\Windows\{05185F87-1B1B-4d15-941E-1DBE8E342BE1}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4164
                        • C:\Windows\{D4051ECC-96CD-400d-B9C1-0F5B90485738}.exe
                          C:\Windows\{D4051ECC-96CD-400d-B9C1-0F5B90485738}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4372
                          • C:\Windows\{11C2A6BB-A5F3-4040-9604-0EB5FDE1F95A}.exe
                            C:\Windows\{11C2A6BB-A5F3-4040-9604-0EB5FDE1F95A}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:5432
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D4051~1.EXE > nul
                            13⤵
                              PID:5388
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{05185~1.EXE > nul
                            12⤵
                              PID:4968
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3B085~1.EXE > nul
                            11⤵
                              PID:2624
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{922E4~1.EXE > nul
                            10⤵
                              PID:2952
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4C5D0~1.EXE > nul
                            9⤵
                              PID:3516
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{9B0A4~1.EXE > nul
                            8⤵
                              PID:4388
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B295C~1.EXE > nul
                            7⤵
                              PID:4496
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{BCA49~1.EXE > nul
                            6⤵
                              PID:5032
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{90C2F~1.EXE > nul
                            5⤵
                              PID:6024
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{444CB~1.EXE > nul
                            4⤵
                              PID:2168
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{9D4CC~1.EXE > nul
                            3⤵
                              PID:4508
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:5880
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1324 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
                            1⤵
                              PID:220

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{05185F87-1B1B-4d15-941E-1DBE8E342BE1}.exe
                              Filesize

                              216KB

                              MD5

                              67d255615c70a824f6935cf38323c947

                              SHA1

                              f20269dee4d5cf125ae27b7db6e5c2de2cc5836d

                              SHA256

                              6a2286cf30d409715e79967c8622d24061cf8f03f87f6ced685bc74494607d60

                              SHA512

                              3be4e657f1ea20b9e03f71b64a2089852ded6e5d8535f973829da96ade5c8ef465183869d680028936d9052ec9748380ddd35a555a5d749aaef1f014117f517c

                              Download Submit

                            • C:\Windows\{11C2A6BB-A5F3-4040-9604-0EB5FDE1F95A}.exe
                              Filesize

                              216KB

                              MD5

                              2e071b4c40346c6d2721216ea6bb9d3c

                              SHA1

                              7d8533179c950d2692fb8b009bff559dd4b3e8f1

                              SHA256

                              33d6299ac664a8e386591cfb6045c6e0dd014c56215b8b097a192867b347abea

                              SHA512

                              e0b446d2a1de258e4a275e88dbb0d1232a25a83a6ed2f446c35ee69cb3b97937ccdc12e4c6a5ab2c36146b139f6192e011e7ea3f8b31128a882abc5b723d64c5

                              Download Submit

                            • C:\Windows\{3B085696-9538-4ac5-8ECA-3960DDAE9ACB}.exe
                              Filesize

                              216KB

                              MD5

                              4ce35dda2707cb2fa680fba90532a69f

                              SHA1

                              a1d60d904e3b9bfbb5f74d2a419244b8f54ef784

                              SHA256

                              f699d273e308db0be4ade65fdeddef8a2010407ad2918a64e118802c1c295a81

                              SHA512

                              3919cdfce79585bc2340f972a561a280f72a5e5bf5496fed8743a95d00edadd1613698a7b484b9a385c7a91c06cd169cbdba432a0c7a419d52be6d294a783825

                              Download Submit

                            • C:\Windows\{444CBCFE-4E25-4e13-822A-EC3BD43BB52E}.exe
                              Filesize

                              216KB

                              MD5

                              74202e2bdb8e42e39a1bed5e6b4e379b

                              SHA1

                              7efb4f69ae8c1607eb27a8f07f19aa1663e4a1a0

                              SHA256

                              5f9e4df13fc76b53f48a3a487047e2c1601ff93a8c0a84a73a31ba7dd9725a81

                              SHA512

                              001558b7b235eca5dc504357a3fc5ec7cca1db01f70bde7abb415c51c088b9f2fe8abbf8c7a12af19aebbb363395af5c0bb40b604ac889b8c569f8bcb08cda92

                              Download Submit

                            • C:\Windows\{4C5D0C1C-8DC2-4a30-AE2D-FA3578A499D0}.exe
                              Filesize

                              216KB

                              MD5

                              5c90a3fa876e06fed3c121dd2a6067e4

                              SHA1

                              a8b00400c172348363cffff8afde8d01058e7c94

                              SHA256

                              e2a8a976a008b04c2033d00beb0a2013ae7aead49331c8e0b9c05583cfb39876

                              SHA512

                              065c27ae067a1e0e00cd8b1a95f0d97514c5b06c70cb93eec909bd71fd1c45b71f5b69e1b2b06f45c879ebe7e999b09cc35b892b833edbe60e0bd5db3b041bec

                              Download Submit

                            • C:\Windows\{90C2FD2B-8774-4478-93F8-E43E8CC6B6A8}.exe
                              Filesize

                              216KB

                              MD5

                              4e42c0fa0216ab247a0a1f5cb7c44e86

                              SHA1

                              07364c45d328f14a4985efe5438223448774e38c

                              SHA256

                              ec09bb59556d06d3ab57dd8aad2d3655dfcad06a961fda28ba526280de2661fe

                              SHA512

                              4a9fc6aae4ec70d5479f779970e9d266bbf67f7531f30eed087e8c06e53c1804f4ed1d8d071593e9f20165e483c1e82a6e4b46d7ec8564530a437d2aaa8b05ee

                              Download Submit

                            • C:\Windows\{922E49C2-8071-45c7-B34B-68B8BD976488}.exe
                              Filesize

                              216KB

                              MD5

                              290a57a0be532efcb14030a57a5c21ba

                              SHA1

                              e1fb8c180a5da3b11de6f3d3bb228efffbd71f1b

                              SHA256

                              c24eb57beae1edc1c3d2701ab35c78cb2cbdde8007c18f2eaf7e33a106b51f42

                              SHA512

                              1d09f35ca7a9db464f4c25f8194645f482ae5669df6e8079ed352d6a17c93d751c909c97935398f80c41eb6b5a12209653d758082f6055ec437fcc7dc55bea6e

                              Download Submit

                            • C:\Windows\{9B0A4253-EAFF-45a7-97B8-2B2A693E3910}.exe
                              Filesize

                              216KB

                              MD5

                              89dd83d8aa5e3163b874347fbf8eed69

                              SHA1

                              1906d2aba5453cac39c3af7ad7639d6978802d39

                              SHA256

                              544fff3fd3efe9fffdfb7374dae17c350834b89dd41e0668705df781a7b735f2

                              SHA512

                              c470c99554e7d9903331ef90a8134fc0bfcf3ed9b36067e830ed0269bd0d6d7185f0165e920116e703a5c7d3378b61faa37f79c082d217fd17b29d3cc0521961

                              Download Submit

                            • C:\Windows\{9D4CCDBE-62E1-46df-9ED5-D8C3EB0FFE9D}.exe
                              Filesize

                              216KB

                              MD5

                              87efcce58d3ccf9c849e34133bd7f8eb

                              SHA1

                              11c24c9db922d87db8f1b5e0c74a6895e0fe8826

                              SHA256

                              b73860d85d5f74ed4e9f8cbdc0baea75b89475d5e7491b10a9f104ebbb31d49c

                              SHA512

                              6faf5c0a02c17092106b0276a6eec4a7834c30f4b81bea36b6424da35ec80b500d9752cd49d8c179edabc2e8096c339af7c0f89d0df98d71f0824071b41e20db

                              Download Submit

                            • C:\Windows\{B295CFF5-62E5-497c-B133-5C52687766DA}.exe
                              Filesize

                              216KB

                              MD5

                              7995cf0fe71a72fe1736cdd5539525c6

                              SHA1

                              f4856ae664f4d8afde4912c979cbf63ff21ce22c

                              SHA256

                              0f6e5d01fbe709c2f137e4936a7dfe5ad6e1141d73c347184e7d00c14942221d

                              SHA512

                              cd179f0967e6806adce57a94fefbb10b982916faf64654c449b55e0e025ac31af9860cc665bc7c70e00c68911acd58a2cfba7fc6bead67956395b88f4fdf0045

                              Download Submit

                            • C:\Windows\{BCA49CBD-BCA1-4f1a-9D95-2F07A3B125BC}.exe
                              Filesize

                              216KB

                              MD5

                              90c633a421e2155a8ee8c62e6d5a233e

                              SHA1

                              8e6c1b10c31424de361d6571dfea6e607a86fe25

                              SHA256

                              b97cdd82a0cc2c1c6392ba6a3142797c595243431cc0f46a8f6ac9471e2034e2

                              SHA512

                              d052bddd1ed78d8d640338999796a1bff032cd9b263b7313a5380a86be43066059452192c7bfd720cede931758bd09031596887e62805bcb6cc48856d883c337

                              Download Submit

                            • C:\Windows\{D4051ECC-96CD-400d-B9C1-0F5B90485738}.exe
                              Filesize

                              216KB

                              MD5

                              2e8d7af1bb467d3a01b83c970f90a1a4

                              SHA1

                              90f8001a8796a5c3d633de9542958270b2773e41

                              SHA256

                              334768597db264994adbac29c6e18334caefec7b0b92fb6a898451fc62c82502

                              SHA512

                              69c2140886ddc78f959c89f09ed5f1af7ee868bb9f4e7155245ab9415259cf4067ff5994aded04747952da82a3749db6f7549e13df70f033fada3af30f84e911

                              Download Submit