Overview

overview

10

Static

static

10

2024-04-15...ye.exe

windows7-x64

9

2024-04-15...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 20:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-15_7b0faeb819c6603a689e99255dfc5f59_goldeneye.exe

  • Size

    216KB

  • MD5

    7b0faeb819c6603a689e99255dfc5f59

  • SHA1

    a7df8e6747cebd19e14c4ae115653b1738f96932

  • SHA256

    ecb1a0f7b625253d9a0f6f6515650b3766585a377d2eb557366aefb9043d70fd

  • SHA512

    3dc3456913154c0d8da337292cd9072d91b053f81eb4985866b77164622690bee73974168a9a4b9d20ee01f74c40407f4d070c3bad08d0336b0f85abac4f5aec

  • SSDEEP

    3072:jEGh0orl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGJlEeKcAEcGy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-15_7b0faeb819c6603a689e99255dfc5f59_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-15_7b0faeb819c6603a689e99255dfc5f59_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4728
    • C:\Windows\{E694909A-E2CF-4a48-8906-CA930D619A2F}.exe
      C:\Windows\{E694909A-E2CF-4a48-8906-CA930D619A2F}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1200
      • C:\Windows\{3016A23C-9117-4690-99FB-CCA84FA0BE88}.exe
        C:\Windows\{3016A23C-9117-4690-99FB-CCA84FA0BE88}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3740
        • C:\Windows\{7443C1F4-4FB3-481b-9C5A-7712252DDB7C}.exe
          C:\Windows\{7443C1F4-4FB3-481b-9C5A-7712252DDB7C}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5000
          • C:\Windows\{C51C710B-E549-438c-9704-9D68FC3865C7}.exe
            C:\Windows\{C51C710B-E549-438c-9704-9D68FC3865C7}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:404
            • C:\Windows\{AC48C794-98AE-4beb-AFBC-B58DB68C9360}.exe
              C:\Windows\{AC48C794-98AE-4beb-AFBC-B58DB68C9360}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4452
              • C:\Windows\{D3E49B9D-2E92-4e73-9BA9-8C6263EE5C33}.exe
                C:\Windows\{D3E49B9D-2E92-4e73-9BA9-8C6263EE5C33}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2752
                • C:\Windows\{47D77050-87C9-40b7-9233-6BBF15314283}.exe
                  C:\Windows\{47D77050-87C9-40b7-9233-6BBF15314283}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1588
                  • C:\Windows\{AA3645E5-DB6E-4c0e-ACC4-F8C2EBFA67CF}.exe
                    C:\Windows\{AA3645E5-DB6E-4c0e-ACC4-F8C2EBFA67CF}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1600
                    • C:\Windows\{B3AC2612-5F53-4cce-8DB1-8EF377AF1A4F}.exe
                      C:\Windows\{B3AC2612-5F53-4cce-8DB1-8EF377AF1A4F}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4124
                      • C:\Windows\{66427B85-F0B3-40e2-9045-5DBE233D7E87}.exe
                        C:\Windows\{66427B85-F0B3-40e2-9045-5DBE233D7E87}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:608
                        • C:\Windows\{17AEEC9C-6AB6-4b59-B89D-6EA9BCDC9426}.exe
                          C:\Windows\{17AEEC9C-6AB6-4b59-B89D-6EA9BCDC9426}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3740
                          • C:\Windows\{1D5BD0B8-7C8A-4a2e-B4CC-774B52985726}.exe
                            C:\Windows\{1D5BD0B8-7C8A-4a2e-B4CC-774B52985726}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:4808
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{17AEE~1.EXE > nul
                            13⤵
                              PID:1864
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{66427~1.EXE > nul
                            12⤵
                              PID:452
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B3AC2~1.EXE > nul
                            11⤵
                              PID:3664
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{AA364~1.EXE > nul
                            10⤵
                              PID:1532
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{47D77~1.EXE > nul
                            9⤵
                              PID:3648
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D3E49~1.EXE > nul
                            8⤵
                              PID:4536
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{AC48C~1.EXE > nul
                            7⤵
                              PID:1964
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C51C7~1.EXE > nul
                            6⤵
                              PID:2532
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{7443C~1.EXE > nul
                            5⤵
                              PID:2080
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3016A~1.EXE > nul
                            4⤵
                              PID:1516
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E6949~1.EXE > nul
                            3⤵
                              PID:4480
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:1576
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
                            1⤵
                              PID:5092

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{17AEEC9C-6AB6-4b59-B89D-6EA9BCDC9426}.exe
                              Filesize

                              216KB

                              MD5

                              2a0dbb14b3cbfcd28671ceaba0b6fde4

                              SHA1

                              692f36c0eaef5f9a4912f2de1dd3d5792cf3157e

                              SHA256

                              279f721589500b0f5a407e8d5b0a34ae5063b75e3f609472e3d867e93d910fd2

                              SHA512

                              00627c88e5978efd621299caa963139eaf789d9c2127a1a3163b705a6591a551ec3430584035bfec3ab294bfa48223925f986e0c9414d1431ebbeecfcdce4488

                              Download Submit

                            • C:\Windows\{1D5BD0B8-7C8A-4a2e-B4CC-774B52985726}.exe
                              Filesize

                              216KB

                              MD5

                              de25d153f0afa6c759cd1cc4a531ae26

                              SHA1

                              b5810ad541eea43b3944809547fef9f6ec57986f

                              SHA256

                              8278f0724cb5fd88c1791466e871f784bb82da4b57a4b2cb5a1e396dc9b24edc

                              SHA512

                              0fe6bae3fd0dd995f14b8333269584d2209bd54eedbdb9e22837b8ea66c2e19e157da7e5fab16f473ae94a55cf7f33368574b66d3201197dc53c16009e814b31

                              Download Submit

                            • C:\Windows\{3016A23C-9117-4690-99FB-CCA84FA0BE88}.exe
                              Filesize

                              216KB

                              MD5

                              d32795fff3425c54a89d02faca45be4f

                              SHA1

                              079c178e855525626f947a2e3cb80c237da5c724

                              SHA256

                              7b4dd0b5e05730ca275a314719fcb47e825a0f7162f20f89a05a55184135fb27

                              SHA512

                              3cc9583dc5b2a7ea13bcdae8d0cdc45d55cd9b40117c112dcc108a2a9853c19c8d6ae6023ef64993a51036d81a28730df8d7574535a1be371e26fc303ad475ff

                              Download Submit

                            • C:\Windows\{47D77050-87C9-40b7-9233-6BBF15314283}.exe
                              Filesize

                              216KB

                              MD5

                              ebb98d4d72c3710f0f3551299501ef26

                              SHA1

                              802fda41665c2b960f652523c85b9910615ed208

                              SHA256

                              1043c33b81c7b279285e5c13d212800d31aa58a0d36aafd9e53d3c21602d63a6

                              SHA512

                              b88883dc3a9558447bfe4cb8624d4c90a695c86e9c304f4d54a9b88a6ff2598455b6f3b1018079f9b65530bf18077263bf84ddb9008c617e3900c025edff48e3

                              Download Submit

                            • C:\Windows\{66427B85-F0B3-40e2-9045-5DBE233D7E87}.exe
                              Filesize

                              216KB

                              MD5

                              da6b03d292255466bbb13f05d99b57c6

                              SHA1

                              1e2ebb503bff720261f9db73aa167dad52cf7f05

                              SHA256

                              27375ea2cd5d0ec36dc41dfe2dded2952b74e59b7bc9559d13c259e687f819cb

                              SHA512

                              1b6271a3844f2d27f48f27a992f7e9b133ef895ac80224858b6ed52e27f70bc3f4bbc4b829fee0f6e7b3f4368914e67492589415257a55b3a37bf98252157434

                              Download Submit

                            • C:\Windows\{7443C1F4-4FB3-481b-9C5A-7712252DDB7C}.exe
                              Filesize

                              216KB

                              MD5

                              f5540cb823f58f56a0a26dfabec9f4d9

                              SHA1

                              873be7a97aba250f8b9b22fedef69ef634024d04

                              SHA256

                              dd3787a418b03c842ab9ed2879085a75e9d978e44beec33ed0751d8d1637107f

                              SHA512

                              d1d98a7398eff9af73dc890485c14fe267d93d1f40d003a98b5296b5e050a1eade678624235456006c492a3de6b53d1be0b451760f63c5ea5dd6e67d97f86d95

                              Download Submit

                            • C:\Windows\{AA3645E5-DB6E-4c0e-ACC4-F8C2EBFA67CF}.exe
                              Filesize

                              216KB

                              MD5

                              96f6202358c7af574eb68f56be257877

                              SHA1

                              667579f37dfaa8b53ebb84cdbbd0633ec9427889

                              SHA256

                              8a4a6cbda841f9f9ad33f39e3b849098c28f790d12eb2ac0de65a438c860a718

                              SHA512

                              15450128bec0f94121750c94c247b2ac71d1573cd065a91d841db5d901d36d9dbfa4290c6a8aae6979ea9f277923bb3a222653a9181130fbf54184fda327fddb

                              Download Submit

                            • C:\Windows\{AC48C794-98AE-4beb-AFBC-B58DB68C9360}.exe
                              Filesize

                              216KB

                              MD5

                              5e9fde28929b71af3fc209f5601d71e6

                              SHA1

                              5b68e43c97196e19016a1a8e14942ca835e566ea

                              SHA256

                              5284122c3580199156ffb112830d3372a40b236ffe68c73dcad51426d6363284

                              SHA512

                              c5ebbcaa8c3c8fb83768c482bd8546c73a0b6ebac192ffdbef56e78703b2cf5b8e1c52433b32b378dcff3d1c9708b3a8e6ebd48a79222071bdea1c6425d91329

                              Download Submit

                            • C:\Windows\{B3AC2612-5F53-4cce-8DB1-8EF377AF1A4F}.exe
                              Filesize

                              216KB

                              MD5

                              023429262f8dad6a618321a8db568352

                              SHA1

                              ec2ac7855851d6d9d2e3c64dc44e36e9cd9a4fb7

                              SHA256

                              409104ffe124ebdb56bfdc536cb5a223123d627f5b4a34893dd58c7a5d1d1789

                              SHA512

                              176949b6c892977bbc482030f1426c2a1649559069de3e1505d82589c389a0f8ff1c19d5042462e3b3013357c0fc3d199896d6d2bcc90934b1c52b9987d681b5

                              Download Submit

                            • C:\Windows\{C51C710B-E549-438c-9704-9D68FC3865C7}.exe
                              Filesize

                              216KB

                              MD5

                              3aaa6d2263d1ed4606861189495287cf

                              SHA1

                              13051a91ab2ea61a4e1d0399bee0c0b5d71d9e8a

                              SHA256

                              874e200dfc01f8bde19c7c6844728393e97764553adcac110b741c482d5d11f3

                              SHA512

                              08f649c300c3945fad14c7b007610b0e9838512a1b3a8d2d3386cbcfb37c9ff4ec1830ec6760b29df14cc43dbccada698f7a49c1dbde753ac65ab0cdf12fc496

                              Download Submit

                            • C:\Windows\{D3E49B9D-2E92-4e73-9BA9-8C6263EE5C33}.exe
                              Filesize

                              216KB

                              MD5

                              e421b12da606a2dc86a469f1bb2582c7

                              SHA1

                              7f69f752cc8378278032169c9ea52342768e1782

                              SHA256

                              0924eb32c055da805061d71bbcc2915886314e1f6bd741e0304cf8245837fb4a

                              SHA512

                              cf741500ae3a69c79971ffd84ff7490564b786ab9879999049d95a9baf0df312de1def1b7dd8c7b16e13333a0a373d4a0fa9a42d234bbe2a4146f8b0537af6ca

                              Download Submit

                            • C:\Windows\{E694909A-E2CF-4a48-8906-CA930D619A2F}.exe
                              Filesize

                              216KB

                              MD5

                              4122e193dd2bf36b2d74745989f6ea7a

                              SHA1

                              43a3352f8fdbaa9f5a5b64d5965465eb0a64b915

                              SHA256

                              abdf8e3441b5a3d9f0b418e4947b6778b9ad97eb6c324366f4cdec3c8624de69

                              SHA512

                              7eb45ac72ffcfb1270ce9c0828c390ab3a97d5e678a672bcd7e9c3ab9d6730c82cd0bd032b65fee6ad1db62a47ec88ed7cac9c8bc8030b5363479d619fea269c

                              Download Submit