Overview

overview

10

Static

static

10

2024-04-17...ye.exe

windows7-x64

9

2024-04-17...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_bf34fe5653620d819c36d8021645042f_goldeneye.exe

  • Size

    168KB

  • MD5

    bf34fe5653620d819c36d8021645042f

  • SHA1

    f9c76764c6de4d234ccd5c0a473640946e214b0f

  • SHA256

    c9f4efee4e8425e0a6f6196c7cb3a1069dceb985dd9fa46009ccd31419380f6c

  • SHA512

    7ac69d7bec02dfb6df0192c678148c038c709493736fec3f718beec4b0be7d3c3e253217ee71d64f87c7395109d87b9416cee96ac245b2818e786032d9a0dcac

  • SSDEEP

    1536:1EGh0oQli5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oQliOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_bf34fe5653620d819c36d8021645042f_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_bf34fe5653620d819c36d8021645042f_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3736
    • C:\Windows\{5123591D-6FE0-4b6c-8CA4-0190EF0B2511}.exe
      C:\Windows\{5123591D-6FE0-4b6c-8CA4-0190EF0B2511}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:512
      • C:\Windows\{B2B7E813-B830-4830-98FF-303671539B5C}.exe
        C:\Windows\{B2B7E813-B830-4830-98FF-303671539B5C}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:404
        • C:\Windows\{9AF7EE16-BD7F-475a-BBBB-D48F74A5BC5C}.exe
          C:\Windows\{9AF7EE16-BD7F-475a-BBBB-D48F74A5BC5C}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4904
          • C:\Windows\{06490F41-D9F4-499b-88D4-CD25AC567E31}.exe
            C:\Windows\{06490F41-D9F4-499b-88D4-CD25AC567E31}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1948
            • C:\Windows\{8FBB2294-7F2A-42b1-8EE7-0BE727530C44}.exe
              C:\Windows\{8FBB2294-7F2A-42b1-8EE7-0BE727530C44}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1844
              • C:\Windows\{662F9D5F-1EAB-4719-AC17-8D8DF39205E0}.exe
                C:\Windows\{662F9D5F-1EAB-4719-AC17-8D8DF39205E0}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1860
                • C:\Windows\{7C5D9EBF-83BF-4704-BFF3-A81A2BA48FCB}.exe
                  C:\Windows\{7C5D9EBF-83BF-4704-BFF3-A81A2BA48FCB}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:3540
                  • C:\Windows\{9B8B5FFC-9559-4b88-A2A2-D6F318363B57}.exe
                    C:\Windows\{9B8B5FFC-9559-4b88-A2A2-D6F318363B57}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4912
                    • C:\Windows\{9604F947-9BD9-494a-AAC5-89EC49D0207A}.exe
                      C:\Windows\{9604F947-9BD9-494a-AAC5-89EC49D0207A}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4456
                      • C:\Windows\{06B11888-DDE3-499a-AE86-31C50BF67700}.exe
                        C:\Windows\{06B11888-DDE3-499a-AE86-31C50BF67700}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4868
                        • C:\Windows\{676768EA-F725-44bd-A84C-C31AAFCA849D}.exe
                          C:\Windows\{676768EA-F725-44bd-A84C-C31AAFCA849D}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:3104
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{06B11~1.EXE > nul
                          12⤵
                            PID:4768
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9604F~1.EXE > nul
                          11⤵
                            PID:4372
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9B8B5~1.EXE > nul
                          10⤵
                            PID:2492
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7C5D9~1.EXE > nul
                          9⤵
                            PID:1476
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{662F9~1.EXE > nul
                          8⤵
                            PID:3804
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8FBB2~1.EXE > nul
                          7⤵
                            PID:3184
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{06490~1.EXE > nul
                          6⤵
                            PID:2816
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9AF7E~1.EXE > nul
                          5⤵
                            PID:3180
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B2B7E~1.EXE > nul
                          4⤵
                            PID:320
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{51235~1.EXE > nul
                          3⤵
                            PID:4992
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:4296

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Windows\{06490F41-D9F4-499b-88D4-CD25AC567E31}.exe
                          Filesize

                          168KB

                          MD5

                          86cdd270d1d71baf2af85b8f9c50a69b

                          SHA1

                          275725b2eae4212d533f3ad0c895b118a3c8b6bc

                          SHA256

                          4e8493fe2e258aebc9d5abf9d3d1c1b6e4086a77a6fcd18a3e5926c507f57466

                          SHA512

                          ff7a7ee75205b272c727f85d2a2e154e2855a95e4fedf5212d3bdda7a225795b481a65e237004d98982826de9667c017c1d5291ef645ea836e3968a2e13da163

                          Download Submit

                        • C:\Windows\{06B11888-DDE3-499a-AE86-31C50BF67700}.exe
                          Filesize

                          168KB

                          MD5

                          8d115c66f67ef1993f4acf017d1c75b2

                          SHA1

                          4aa7451814b0990710c2d9e20ba258558dcd82a3

                          SHA256

                          7f6b01730331446eb6977d31b36cdf65ce02c012944f9be8f48903885775f484

                          SHA512

                          3b154a7b154ef915b275ee547873494920c9b39d442d2d6507130a165f6ff1852e7e6e941f2869e4b4d2f00f606044d6b9c6fcd37b9af45a4e5969dbe089a3c9

                          Download Submit

                        • C:\Windows\{5123591D-6FE0-4b6c-8CA4-0190EF0B2511}.exe
                          Filesize

                          168KB

                          MD5

                          bb8f703f993d29c38751e942ce29c570

                          SHA1

                          370d04b5421b0a501b25ef77332b3dc7f34bcd0a

                          SHA256

                          5ed7004bda6393018cc3630e80d986677cc491c52c4f1fbf7775249d6ad404f6

                          SHA512

                          14a21c8e23303cb8fae3e691e97d4ce438fd59cea24edd8956452333edcd6ac1b157101338c8344921321203cff725a5c20c3926c061a9f157e373a16d3e120e

                          Download Submit

                        • C:\Windows\{662F9D5F-1EAB-4719-AC17-8D8DF39205E0}.exe
                          Filesize

                          168KB

                          MD5

                          6087766bb01799949629a4f0f34b2d74

                          SHA1

                          e9b48038d1126fb163c60a9b8c3e380a9346f6fc

                          SHA256

                          c72292d983f2463ebef64f8f243b97af362edc7ed3660f3cb718983a7fc10c73

                          SHA512

                          222b4e223f84cb27de57d53cc6bb3d17725d5ea2c0303136fb42d263ec3642c310b2bd16137b96d24a70f0a987b45dbe52205e113df5d9fc1704462d16453c92

                          Download Submit

                        • C:\Windows\{676768EA-F725-44bd-A84C-C31AAFCA849D}.exe
                          Filesize

                          168KB

                          MD5

                          8c64c2a7f64d94a1e6a522ae3a543d5e

                          SHA1

                          97de36d6a11619d5f8ff7e3e61e74d3c0541d875

                          SHA256

                          bf690ea967b5490bacc87866667451d51bbe27eebfb4472f35369853d534dbc8

                          SHA512

                          0a2f359713806b587bd0ed2f6f184b76af6ce9400e8d1da61ecb511f5f1ec911eb303b99a6b3143f376b289bd2d4290bf07519435c835efacabfa52ef91b57c6

                          Download Submit

                        • C:\Windows\{7C5D9EBF-83BF-4704-BFF3-A81A2BA48FCB}.exe
                          Filesize

                          168KB

                          MD5

                          e408c5da58b631ddc4584d36ee5cf6b3

                          SHA1

                          271e8c57ca2eeca4013a8a49a6b7506b6543fcf9

                          SHA256

                          861c0832d168d178e89a2ac0aae58d50abb526214852a19a25bcd4c9a868b9ef

                          SHA512

                          85a79a3642b866632b70acab16c99c5380e0567aff3e41def1264dfb5d4b343b196cf21dbc55803673a92e5b08376981a022b34e2d54bf26d3e768ba0b675092

                          Download Submit

                        • C:\Windows\{8FBB2294-7F2A-42b1-8EE7-0BE727530C44}.exe
                          Filesize

                          168KB

                          MD5

                          d29d11bb099b9aede471ba6fe6a29192

                          SHA1

                          e45e226907346a44e0e0e9f3226043073a5c42f5

                          SHA256

                          a741217d14991289d99b38ae0c6c489b02328fdefa0f0076282966b00f25e373

                          SHA512

                          f89ab7534537b00e73da07b806d7dd5d73683354f922db85b39a7983cdb8e693305dcacddfcd8a33c8f27a7b8287eb85b578453dc356f9eec3bd76a7def2bdd4

                          Download Submit

                        • C:\Windows\{9604F947-9BD9-494a-AAC5-89EC49D0207A}.exe
                          Filesize

                          168KB

                          MD5

                          ad4d632f0039a4c40c1f0ea8487f8fd6

                          SHA1

                          32aa4d0ad64856bad2337d51fed471baee55a3d3

                          SHA256

                          569aeb38ce890edd42dfac3a760f61a8f86a7a45eeffdd71917833776441c9df

                          SHA512

                          48fe70adf62b8a342d64151249911b29505c5f97cda75957789843c469d4b91aeeefd1022570fafbf3512b32d2963d79646fa41d5d4c58dff99644906ccd7a41

                          Download Submit

                        • C:\Windows\{9AF7EE16-BD7F-475a-BBBB-D48F74A5BC5C}.exe
                          Filesize

                          168KB

                          MD5

                          c3ec167ffa45e8dac967ca8e53bbb58d

                          SHA1

                          d5a3bfcc45bcf54f7875e3794135b44abd705cc1

                          SHA256

                          5a8818abdca5b6a85faa1373be1e0ca4c3c5023a8777eb8a584b7e84f434cdbe

                          SHA512

                          d71b1a0f0cf21fcfd914cecb97c9c45be7d6756fd0564e574fa991548d4fdf345387fa25883667c6866e18a595ac9a4994e23b423996569487f91e688750254e

                          Download Submit

                        • C:\Windows\{9B8B5FFC-9559-4b88-A2A2-D6F318363B57}.exe
                          Filesize

                          168KB

                          MD5

                          aa5e3ae10736e2139296561ebc9e270d

                          SHA1

                          a37f627d1acb09f17f941ebd15441e264cdc72c9

                          SHA256

                          1c72bda0b6c16107a591aaf9f130bf0ebad5c2aea4e8835697683b6901ec15de

                          SHA512

                          038abb101eb694771bf721ad0cc65decd1e2170895fff100eea24bb639a48edc3d1a2f48dd9f4a94fb82d0e450c92946f2c3e01e1135b19473c1cb12b0ac36ac

                          Download Submit

                        • C:\Windows\{B2B7E813-B830-4830-98FF-303671539B5C}.exe
                          Filesize

                          168KB

                          MD5

                          0c24f1a1de17ff8978200875f4779ea9

                          SHA1

                          76fa7aca89157c2e7d6c62a7e4192b08f56bf718

                          SHA256

                          e3cad99cb75e8fa089b6740ab9436d5859ef20a6de17e143ffbe471a9bb10a26

                          SHA512

                          95059de0c121bb9d963a88177a864a2463c3dcb6dc305f3fb1c632e5572180422a1a7436e95884a30ff29d37439057eb4f778bfdf65db2f396c43c2aa36558bf

                          Download Submit