Overview

overview

10

Static

static

10

2024-04-10...ye.exe

windows7-x64

9

2024-04-10...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-10_13bed01937f6077efe719bb067ae2937_goldeneye.exe

  • Size

    168KB

  • MD5

    13bed01937f6077efe719bb067ae2937

  • SHA1

    76f1b484f3094688db3fd19cccab478d8b32e06d

  • SHA256

    a7b8235b73441af0ee300f44a9c2b08a654bbb7f21f6ef62d95c128af4aa6c7f

  • SHA512

    e7b33645e6878d4f0724c89098f4c977a295c3bd72f7fa79a365d6ee8564c5a563c60df21a2656117455bd51e341a833edd2fac7628c6187659de3f851262a57

  • SSDEEP

    1536:1EGh0oQlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oQlqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-10_13bed01937f6077efe719bb067ae2937_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-10_13bed01937f6077efe719bb067ae2937_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\{61787A3B-EDB0-464b-AD63-364DF0A5F037}.exe
      C:\Windows\{61787A3B-EDB0-464b-AD63-364DF0A5F037}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Windows\{2048A37A-A8B0-4188-88D9-150F5F3D9BEA}.exe
        C:\Windows\{2048A37A-A8B0-4188-88D9-150F5F3D9BEA}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2576
        • C:\Windows\{7FAC3F2E-38A4-499e-8E0A-DDAD2531947B}.exe
          C:\Windows\{7FAC3F2E-38A4-499e-8E0A-DDAD2531947B}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:916
          • C:\Windows\{55757647-7D54-4c46-9F53-032422240198}.exe
            C:\Windows\{55757647-7D54-4c46-9F53-032422240198}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2100
            • C:\Windows\{66B2F15F-6076-4727-B3AD-49027E62B699}.exe
              C:\Windows\{66B2F15F-6076-4727-B3AD-49027E62B699}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1556
              • C:\Windows\{7882DCEB-8415-46c6-83E1-20ECF6B970E7}.exe
                C:\Windows\{7882DCEB-8415-46c6-83E1-20ECF6B970E7}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3464
                • C:\Windows\{7A4DA220-4B4C-49a6-B8AD-6BAB31EB01F3}.exe
                  C:\Windows\{7A4DA220-4B4C-49a6-B8AD-6BAB31EB01F3}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4772
                  • C:\Windows\{11DEAC95-65E3-4bad-A381-E4CA7DA3BCD2}.exe
                    C:\Windows\{11DEAC95-65E3-4bad-A381-E4CA7DA3BCD2}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:228
                    • C:\Windows\{279600E5-5E64-46f0-B5A6-B9134FB4E15F}.exe
                      C:\Windows\{279600E5-5E64-46f0-B5A6-B9134FB4E15F}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:5020
                      • C:\Windows\{73CC77F6-3FC8-45f9-B253-821D772BCA4F}.exe
                        C:\Windows\{73CC77F6-3FC8-45f9-B253-821D772BCA4F}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:3300
                        • C:\Windows\{FED9D205-D19A-4b28-8A12-1CBF95353984}.exe
                          C:\Windows\{FED9D205-D19A-4b28-8A12-1CBF95353984}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1828
                          • C:\Windows\{6A247870-84F2-433c-960F-BD6901601B5B}.exe
                            C:\Windows\{6A247870-84F2-433c-960F-BD6901601B5B}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:4360
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FED9D~1.EXE > nul
                            13⤵
                              PID:1504
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{73CC7~1.EXE > nul
                            12⤵
                              PID:3108
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{27960~1.EXE > nul
                            11⤵
                              PID:4556
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{11DEA~1.EXE > nul
                            10⤵
                              PID:3252
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7A4DA~1.EXE > nul
                            9⤵
                              PID:3304
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7882D~1.EXE > nul
                            8⤵
                              PID:3896
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{66B2F~1.EXE > nul
                            7⤵
                              PID:4000
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{55757~1.EXE > nul
                            6⤵
                              PID:2400
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7FAC3~1.EXE > nul
                            5⤵
                              PID:744
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2048A~1.EXE > nul
                            4⤵
                              PID:2024
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{61787~1.EXE > nul
                            3⤵
                              PID:2932
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2536

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{11DEAC95-65E3-4bad-A381-E4CA7DA3BCD2}.exe
                            Filesize

                            168KB

                            MD5

                            84a77681d6f93cca4b5b5ec3825644b3

                            SHA1

                            6dafa6ea30009067498d0063546de390c614eec7

                            SHA256

                            75af5f216d188413d51adef80e5a581da6f142012eafb501b88839177a707cdb

                            SHA512

                            820fb25afc7726b3353cd8f9a8d00a8ce94be2dd110e690f310e67671fc9fe2148fc4d8053f1e76f923d0a15b99f8e137928b2f4c365639ddefa972c336439c8

                            Download Submit

                          • C:\Windows\{2048A37A-A8B0-4188-88D9-150F5F3D9BEA}.exe
                            Filesize

                            168KB

                            MD5

                            a7f4d62a6a675a73d7340b464c587c9b

                            SHA1

                            c60909d0bbe5ac9d9db354a64c3f7a8ba42137d6

                            SHA256

                            79579bc5e9cac9e22b4d38e9e1d144057c26294aef9478735d403cd7e12b605c

                            SHA512

                            220e5532ab6853569fa795112ead67845f3f2c4887b3b8a02b3906d170574af4f4993ac1e1610ad4666c4d9c9c08829f6b54e6ae6cb0ac3280fdd9df82cb6ed6

                            Download Submit

                          • C:\Windows\{279600E5-5E64-46f0-B5A6-B9134FB4E15F}.exe
                            Filesize

                            168KB

                            MD5

                            d3df013235664b575799b47c33465380

                            SHA1

                            58d3bc912280b500e09cc749384825d6803f964b

                            SHA256

                            09f84882d87817374e8360009cc01ff149e462166925442f3272b06d2a67a389

                            SHA512

                            fd7f6c8b47e428dc49498c245fe8977a9fe1cbd0cae6af7c59685fd2cc039268d3e01b7e331a4a675354e9e86aace5abac3e9feb3df7d67444441e15912b9d30

                            Download Submit

                          • C:\Windows\{55757647-7D54-4c46-9F53-032422240198}.exe
                            Filesize

                            168KB

                            MD5

                            81d8bfdef934462c94abbfe8d9b9f764

                            SHA1

                            3c4c67a3b68b7ab578f28b2bde80ea3ec27dbca5

                            SHA256

                            63976b71b40990542527910da37fe1e866d27f9c2f146fc02c427790c48e0e15

                            SHA512

                            b66877bd00b67a3c49c92c98550d0fdae7136a30124c2eca3d8b4f3305b1f1c4318d56b5b73e4f785893bd2c3f0ab9cc7db41d7ded0ed05d2db69a44b4d72c44

                            Download Submit

                          • C:\Windows\{61787A3B-EDB0-464b-AD63-364DF0A5F037}.exe
                            Filesize

                            168KB

                            MD5

                            d6c185633935f790113961bbe10eb714

                            SHA1

                            489ba2d7a0daa0ba28ab34d3441286d48f641e8b

                            SHA256

                            1a07db3800b686e01a1e041018403f6ce486df46ce73a68ff195dd06f9916a77

                            SHA512

                            ed0b07b6a5efffcd0d177cd3d569bf2781bdf9733e4e1d71a246e5ae734c9b03b5004c856944bffd9e85f4b58c4d285dfefd670b5af05d18ed2ca1f576dd87e2

                            Download Submit

                          • C:\Windows\{66B2F15F-6076-4727-B3AD-49027E62B699}.exe
                            Filesize

                            168KB

                            MD5

                            77fa0301df3ac4e265c688d091f2a81d

                            SHA1

                            72faa770fa4c88eb90a30093cd9c45077ffc9d20

                            SHA256

                            3b6b954e9ff33ec82834245b7a3799948633fddde534c65447fdc2e7dda95828

                            SHA512

                            805c82958423050ff773ecc456cee314d9f82d1a626afd4ef0959f55e66297695a657997f8b90d2b52b17305856665e04fb23f81fa81a6561bb4bb83a8b5b857

                            Download Submit

                          • C:\Windows\{6A247870-84F2-433c-960F-BD6901601B5B}.exe
                            Filesize

                            168KB

                            MD5

                            2235e19e30046e78248421b61e290cc4

                            SHA1

                            64c4ea1eb835a3ec49fa536a41a9bf467620e8a6

                            SHA256

                            4c4c5c949e3b5c4d679589391eb11c6f1688fc492a9df4337a9e54858ca7a5b4

                            SHA512

                            2c08dd3c8ad8138aa5325bcf1e99c38db49f12ff214a8cd0ba5acc58d2e02b4c087718906d4e0468e5028c74439d21663c5e9cf65519f1fb5874019bc6f61a1e

                            Download Submit

                          • C:\Windows\{73CC77F6-3FC8-45f9-B253-821D772BCA4F}.exe
                            Filesize

                            168KB

                            MD5

                            53d8312b4a35dc3e32e2687918cd44ce

                            SHA1

                            844435baeea9d6035343de03077888e5645a1701

                            SHA256

                            19a560e472da5fb529edfc629a1451bb03d007e5a9038c578e70e5d6eea52a7d

                            SHA512

                            d7f8084bb536250a13e5dd7036cf30d12cb0fc3a22905b0ccdc1ba69331096b43e5d8349c53d512c806bd277b2ad43c16b8d4c9d3ac47bc259a1785017d1102f

                            Download Submit

                          • C:\Windows\{7882DCEB-8415-46c6-83E1-20ECF6B970E7}.exe
                            Filesize

                            168KB

                            MD5

                            182ee4fd255bd64a40fba4ede8feab5a

                            SHA1

                            6935767882d4308cc2af172889c1e724dd4bbd78

                            SHA256

                            526a926625ee51841ae491d779f157b4f1267ffe0129acb6c3b6c8ae7975124e

                            SHA512

                            cf5027b7ca9dcb33c8db62d1ea170cb752bb184157b265b74cd7bcb976fda3f208c8c7d4680bb07e16824b9e59fc56eb5cd9a4d5fa34da7288ec4a1da60d870f

                            Download Submit

                          • C:\Windows\{7A4DA220-4B4C-49a6-B8AD-6BAB31EB01F3}.exe
                            Filesize

                            168KB

                            MD5

                            d31efb0c7d521bda15283bd8e32d32db

                            SHA1

                            5cd96d35f656c2a58dac5ddaec74a77f8d21f40b

                            SHA256

                            37001925a85f8d6c91ef39dcb881b0faa70a552acb029d5c94af3ca3dee5ea44

                            SHA512

                            f98830ebba638bd41c3661be7061f32a745d9f6fdce3d7377de91946c98615230ad1ef089ddcb7d36f9ccafc650b0d61342a28a69c5baa707cd9f2113a88cc48

                            Download Submit

                          • C:\Windows\{7FAC3F2E-38A4-499e-8E0A-DDAD2531947B}.exe
                            Filesize

                            168KB

                            MD5

                            8caa0917b23414f84fa9118191d958c4

                            SHA1

                            553f0699aa699bd115182cb8609152c971daf385

                            SHA256

                            ee80aa68970628157cb3283628d49818f95eb65d92e862677197eef01db39fb3

                            SHA512

                            53eb31c92905669df260c7db7a9228cb0ca5078822cfca31c705d19ed8f470f30febccbdd1af33132eddab3c53d481d3084d9abb720d92e13b47db427c60f62c

                            Download Submit

                          • C:\Windows\{FED9D205-D19A-4b28-8A12-1CBF95353984}.exe
                            Filesize

                            168KB

                            MD5

                            967fdd0546e11fab6bc663134b5e884d

                            SHA1

                            473db7d5ff188e864819ae50b3da945321877192

                            SHA256

                            c1421f3c56290a2cfcbac8993fcdf0e3d23522846ca0c8245573a3dd52d5449a

                            SHA512

                            a9874783f2a21f9d065e63aab50dbadd72bdb09025f609525bdee415dfa2d3a29b3e35b028e77864960c818e0846a93967aa1e1dc76766b5bd734403c7f7c1e8

                            Download Submit