Overview

overview

10

Static

static

10

2024-04-20...ye.exe

windows7-x64

9

2024-04-20...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    157s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-20_22ae0262479564b3aa7853c3116e3cb6_goldeneye.exe

  • Size

    180KB

  • MD5

    22ae0262479564b3aa7853c3116e3cb6

  • SHA1

    27f5e58de2f28ee0092e0ef6abdb1a794c1f6d3c

  • SHA256

    a5b5d0a3070703147b2324226ace02f4828a8d39db78c9659c6e914ecde014d2

  • SHA512

    12f380284051359c217f7e7dd9f6005a621e470ea50a05c5d2105796d5a155f93b06994388979fa56a31024f2f7a9691b8725ce955204ebebbbb6da90fc520cf

  • SSDEEP

    3072:jEGh0oJlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGjl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-20_22ae0262479564b3aa7853c3116e3cb6_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-20_22ae0262479564b3aa7853c3116e3cb6_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:452
    • C:\Windows\{C0648872-A980-427e-86EE-EDFBB74E5326}.exe
      C:\Windows\{C0648872-A980-427e-86EE-EDFBB74E5326}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4420
      • C:\Windows\{F1E9B885-33B7-402a-87A0-5D5FC24FC4DC}.exe
        C:\Windows\{F1E9B885-33B7-402a-87A0-5D5FC24FC4DC}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2400
        • C:\Windows\{C3A9DC4D-DF20-441e-B486-052437B96E92}.exe
          C:\Windows\{C3A9DC4D-DF20-441e-B486-052437B96E92}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4620
          • C:\Windows\{A37F4A7B-CAD3-4d48-A222-C97E5D6435DA}.exe
            C:\Windows\{A37F4A7B-CAD3-4d48-A222-C97E5D6435DA}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4876
            • C:\Windows\{67742FCA-5064-4b11-9340-7818BA5641A9}.exe
              C:\Windows\{67742FCA-5064-4b11-9340-7818BA5641A9}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4296
              • C:\Windows\{36CDABFB-5F14-426c-B799-BA3D7C5FEC63}.exe
                C:\Windows\{36CDABFB-5F14-426c-B799-BA3D7C5FEC63}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2236
                • C:\Windows\{D11C0415-D193-4ad9-98E0-5390E63580B4}.exe
                  C:\Windows\{D11C0415-D193-4ad9-98E0-5390E63580B4}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:732
                  • C:\Windows\{E2CCD4D7-ED04-4a97-BCB3-68944CBEA775}.exe
                    C:\Windows\{E2CCD4D7-ED04-4a97-BCB3-68944CBEA775}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:3960
                    • C:\Windows\{B4D67837-9B2D-4eba-9341-2DF0A549976E}.exe
                      C:\Windows\{B4D67837-9B2D-4eba-9341-2DF0A549976E}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1076
                      • C:\Windows\{70D3EE8C-4FF5-4e98-9EB9-252466197041}.exe
                        C:\Windows\{70D3EE8C-4FF5-4e98-9EB9-252466197041}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4844
                        • C:\Windows\{011FD78F-D37C-4721-BB5B-B573D3E79766}.exe
                          C:\Windows\{011FD78F-D37C-4721-BB5B-B573D3E79766}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:572
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{70D3E~1.EXE > nul
                          12⤵
                            PID:2304
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B4D67~1.EXE > nul
                          11⤵
                            PID:3160
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E2CCD~1.EXE > nul
                          10⤵
                            PID:2380
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{D11C0~1.EXE > nul
                          9⤵
                            PID:4068
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{36CDA~1.EXE > nul
                          8⤵
                            PID:3080
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{67742~1.EXE > nul
                          7⤵
                            PID:2500
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A37F4~1.EXE > nul
                          6⤵
                            PID:2168
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C3A9D~1.EXE > nul
                          5⤵
                            PID:5008
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F1E9B~1.EXE > nul
                          4⤵
                            PID:2492
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C0648~1.EXE > nul
                          3⤵
                            PID:3960
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:732
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
                          1⤵
                            PID:1416

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{011FD78F-D37C-4721-BB5B-B573D3E79766}.exe
                            Filesize

                            180KB

                            MD5

                            096734d53dbefe1101a44b311f744aa5

                            SHA1

                            3b241a7cc4486da026d54c9e04bf0e02053781a1

                            SHA256

                            f5d050a0a08446f3f12e8c1aa1d2a408d28e2c444edf007df3f192329a446541

                            SHA512

                            4d5908e6d159650fa61a93cb96eca1b6cb2f8cb6ae316cb82b7627c97470fd97b29a810ed023a1f558763968501568f143e0425a73ca29e54061ad1b2d928b26

                            Download Submit

                          • C:\Windows\{36CDABFB-5F14-426c-B799-BA3D7C5FEC63}.exe
                            Filesize

                            180KB

                            MD5

                            b63b014b25708d64f6342af3f8a21249

                            SHA1

                            5d22bbe2bda13bd65fbcc3d23b8507799baf5ec4

                            SHA256

                            eca7fee64857ac88b4b1e96e35efa1db0b675c64aa411e045ca227716ab2f7ec

                            SHA512

                            bb8b7da2c93c414cd0135983b95065b2457df4d5a4050eb9f6b477708c917863796c3c2690f80da12f29a5edda971ddddb8dfe56fc577e31d975e95d9f2b306b

                            Download Submit

                          • C:\Windows\{67742FCA-5064-4b11-9340-7818BA5641A9}.exe
                            Filesize

                            180KB

                            MD5

                            12f0351f17d64f22ac039c13ff9c13ea

                            SHA1

                            19b79c045657445b8852b807b358140dac26b278

                            SHA256

                            d8ccbeb467d2da682fa55305e93e8d9a88b7612262c724ca6e3baf89fffe0072

                            SHA512

                            899ea15a3f91c354c4cfd6eb524319fb7fde3e79ceca971ec8ce7474fb7be3fb34e7e62d4d9b99254f6c889b439eafddd4a9364ba1db18e71683b73bb210f9d6

                            Download Submit

                          • C:\Windows\{70D3EE8C-4FF5-4e98-9EB9-252466197041}.exe
                            Filesize

                            180KB

                            MD5

                            2a543be6189e5c78312c9a9f6f1b08f0

                            SHA1

                            cb5b3bd79033af39894fd7e477ba2ebc578d1837

                            SHA256

                            3de8d24b9212a5a1cec63c18c8c07ddbfe56906e5408dd0dd285eff50390d81c

                            SHA512

                            88922e040fa37edf291b69d6c1c3f9109a360404b9dce016acbf06e887da9bba1cc5f14c204f4b5945cf97f9e1f25c751c0396fccf25f0a9330e2de26a2d2105

                            Download Submit

                          • C:\Windows\{A37F4A7B-CAD3-4d48-A222-C97E5D6435DA}.exe
                            Filesize

                            180KB

                            MD5

                            0325f56e3a7f0a95d3536b751e7adb30

                            SHA1

                            26dc063ae0c7e909dea139013245a58e3fb43d1e

                            SHA256

                            af3275e740e1ba2ff0d14d523a1ed342788792e30e4955f488fe6c2d69df3327

                            SHA512

                            a1abd6d90c6b4372e470456d95cd87a1c661b5a8d292bc548fd54bb9b5fab0c9abeef4946243c7222d5d6a50e6877b1356be80edbceb2875be6d53bd6d6f0512

                            Download Submit

                          • C:\Windows\{B4D67837-9B2D-4eba-9341-2DF0A549976E}.exe
                            Filesize

                            180KB

                            MD5

                            83f8e39a8a12dbdade350053dc3170b8

                            SHA1

                            1aa94fb21e0bd98032a3af1f03411b93e34f61c2

                            SHA256

                            e3b5f19edc089f66288c167c570b9cba3d073bf2b622741566889699d2093963

                            SHA512

                            02c7894bb175cd2be67551365c7042002ce09e572cde64f75986e121a807ef345fbe8fbe997a2d297695433c4a14a93c4e12ad5bca6c47938b0bfaad56525b2c

                            Download Submit

                          • C:\Windows\{C0648872-A980-427e-86EE-EDFBB74E5326}.exe
                            Filesize

                            180KB

                            MD5

                            aa7a3741a4b0359b62faa0c8bb7f09ea

                            SHA1

                            3307646afa3decfa63c7aadb521e2ddcfdfe1fe0

                            SHA256

                            32d22078663b5409a426d77d724b229246c28adf6e7860284cb59836be31ac93

                            SHA512

                            52452735589b4a6aea54c5b5122a78dcce162cda25362ba119491bc4823f196c6f5e192d439964a13cec6acbe3c2d55258ef93db3ca6bbc472a85563c45e24eb

                            Download Submit

                          • C:\Windows\{C3A9DC4D-DF20-441e-B486-052437B96E92}.exe
                            Filesize

                            180KB

                            MD5

                            02a810b96db0ee757a7938720ad70065

                            SHA1

                            68cf7dfc3a31ac23d16a5476c9ec54131c6aa1b1

                            SHA256

                            e59021ce60fccdccc31130294c6552f9b453fbdc84a818ec339f37c3fa9850ec

                            SHA512

                            f44c8c9d6f880b267bffba95b5fa4e945ff5375fc545057410e4a2933e3338a57c70d6bd05b7cfa7ed4a6df9d32e56cd54b358a97b65f560ded34df3b019876b

                            Download Submit

                          • C:\Windows\{D11C0415-D193-4ad9-98E0-5390E63580B4}.exe
                            Filesize

                            180KB

                            MD5

                            8011804d39b8dd3828c641992c481da1

                            SHA1

                            7b7776472659ba24682bfdd8f826d316a98703cd

                            SHA256

                            a2afa760e96765e7ffe88273f2f45b3083489b81fb7d27510232ed3e07262807

                            SHA512

                            268c917f3269b1c5c26253a5d66bd69634d071a7f9ab53698093329b0c00f46003a896b0564396a997a3363704eaf1a9b76a33947d6a536f5404e41070ff40c2

                            Download Submit

                          • C:\Windows\{E2CCD4D7-ED04-4a97-BCB3-68944CBEA775}.exe
                            Filesize

                            180KB

                            MD5

                            8760452446e26af1ee58e090b3aa6186

                            SHA1

                            545dc81989f0bdede3d01271a300c6f993c72b5e

                            SHA256

                            ea375dae22a9e3356746b807e1b94c5dc2fe7edd597d41c4399f85c86c80c4fb

                            SHA512

                            b50bc72e9f91a7a2132333880bcd15991e7ddcf8a243958dcfd490b825ab65c93e019024ee08c8da689fa4f5d3f356197bc160fb35422d9962d05735498a5ba7

                            Download Submit

                          • C:\Windows\{F1E9B885-33B7-402a-87A0-5D5FC24FC4DC}.exe
                            Filesize

                            180KB

                            MD5

                            f5a7fe93d1693b784c20d99124f712be

                            SHA1

                            c53de40d5fbb24ae7deeabb148a3cd73d5ae45f6

                            SHA256

                            bcd1a81a583f132c315df5c59bd52395f49bd0673627d9ca461992065b8509a0

                            SHA512

                            df001a39011466ebe4a26cb2b8a9f5400552676edc1d748518245d64d2a6d3aa3f9a58670075efd1c4206d8d6a6b0c8ae1b27fb0c6135e4ddba332d7c65547f1

                            Download Submit