Overview

overview

10

Static

static

10

2024-04-23...ye.exe

windows7-x64

9

2024-04-23...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-23_34b2bb095275220b2aa79c0b5d9a5018_goldeneye.exe

  • Size

    344KB

  • MD5

    34b2bb095275220b2aa79c0b5d9a5018

  • SHA1

    cce663ac649d7787d19196e64f241617d64f0fdd

  • SHA256

    c98ac18bb2d4f638ebc2bf4bd3409294a3169d87050fc38a70a126451422dc46

  • SHA512

    799735cf88ec649b26417c474e2574e98068248ca29461d0922aab00b18b02ecf7dce7138ae603aaa6403ad5231fc5eb0c91ac08030552357812dba4d763fef3

  • SSDEEP

    3072:mEGh0oolEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGKlqOe2MUVg3v2IneKcAEcA

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-23_34b2bb095275220b2aa79c0b5d9a5018_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-23_34b2bb095275220b2aa79c0b5d9a5018_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:112
    • C:\Windows\{2626DB88-A4D4-4571-84A5-E9B1D51F666F}.exe
      C:\Windows\{2626DB88-A4D4-4571-84A5-E9B1D51F666F}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4332
      • C:\Windows\{A8B791D5-2BFA-4b71-BB29-C3182D47E99A}.exe
        C:\Windows\{A8B791D5-2BFA-4b71-BB29-C3182D47E99A}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2884
        • C:\Windows\{11C70732-870E-48dc-A56C-521E56206316}.exe
          C:\Windows\{11C70732-870E-48dc-A56C-521E56206316}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3152
          • C:\Windows\{655FC5AC-1328-43c6-9119-65B783885C5E}.exe
            C:\Windows\{655FC5AC-1328-43c6-9119-65B783885C5E}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4588
            • C:\Windows\{C852CAE1-2D68-4d33-97E1-A50A88C56133}.exe
              C:\Windows\{C852CAE1-2D68-4d33-97E1-A50A88C56133}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1908
              • C:\Windows\{DDB96FA4-A1D9-42cf-94E8-54D326312A0A}.exe
                C:\Windows\{DDB96FA4-A1D9-42cf-94E8-54D326312A0A}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2744
                • C:\Windows\{C24F22EC-BF82-4caf-A731-02009FC914F5}.exe
                  C:\Windows\{C24F22EC-BF82-4caf-A731-02009FC914F5}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4392
                  • C:\Windows\{6248810D-DE14-4b6d-B08A-9901F09F9970}.exe
                    C:\Windows\{6248810D-DE14-4b6d-B08A-9901F09F9970}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1612
                    • C:\Windows\{02116EB7-69A7-462c-80C0-B29F3EEA13EE}.exe
                      C:\Windows\{02116EB7-69A7-462c-80C0-B29F3EEA13EE}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2512
                      • C:\Windows\{03716F87-C464-40b1-A9F5-4528981F3E02}.exe
                        C:\Windows\{03716F87-C464-40b1-A9F5-4528981F3E02}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4572
                        • C:\Windows\{0128A560-BA15-4ec7-9AF9-6D6FD1A711F3}.exe
                          C:\Windows\{0128A560-BA15-4ec7-9AF9-6D6FD1A711F3}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3496
                          • C:\Windows\{16894F1B-7A5B-4484-88DE-47950BF1F9CD}.exe
                            C:\Windows\{16894F1B-7A5B-4484-88DE-47950BF1F9CD}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:1824
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0128A~1.EXE > nul
                            13⤵
                              PID:4916
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{03716~1.EXE > nul
                            12⤵
                              PID:1532
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{02116~1.EXE > nul
                            11⤵
                              PID:1548
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{62488~1.EXE > nul
                            10⤵
                              PID:5100
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C24F2~1.EXE > nul
                            9⤵
                              PID:4228
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DDB96~1.EXE > nul
                            8⤵
                              PID:4944
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C852C~1.EXE > nul
                            7⤵
                              PID:824
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{655FC~1.EXE > nul
                            6⤵
                              PID:2084
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{11C70~1.EXE > nul
                            5⤵
                              PID:5076
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A8B79~1.EXE > nul
                            4⤵
                              PID:1132
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2626D~1.EXE > nul
                            3⤵
                              PID:3508
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2980
                          • C:\Windows\system32\rundll32.exe
                            "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                            1⤵
                              PID:1132
                            • C:\Windows\System32\svchost.exe
                              C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2956

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{0128A560-BA15-4ec7-9AF9-6D6FD1A711F3}.exe
                              Filesize

                              344KB

                              MD5

                              e760e367d9200aa477691815f79be6f2

                              SHA1

                              86948687c73fcb14d55908fa619ba6c3f1083c08

                              SHA256

                              7079b64f8262bf0e3733c9f4744fc53f55fddb61ee332408f844a08aa57fd1f2

                              SHA512

                              d69406d4d9ad2d0a84ee5f402bac36f5c3fec81b2e3accd78f5d3df86ac8ce7ad752c3366ea3743580ba7cc15a02c15d34585cb603a0e82e1c2b1e96cc421448

                              Download Submit

                            • C:\Windows\{02116EB7-69A7-462c-80C0-B29F3EEA13EE}.exe
                              Filesize

                              344KB

                              MD5

                              d5e68c18ed703dd6b4e85a671fe5ab65

                              SHA1

                              94aee8dd8af7b62dcbd6842ee38b18562ad059d9

                              SHA256

                              ebac2c446ba2335a059cd2a125418c92186fe4996cbb36e12e63b0a9f0af0d96

                              SHA512

                              47726d651eca09f48bc1022a47186bb64d7411cff3a7cb95b9fe91ec38842548417f149bf86f0e4dca97a555dbccced58d012bcd9d699691324b2857e11d9f8f

                              Download Submit

                            • C:\Windows\{03716F87-C464-40b1-A9F5-4528981F3E02}.exe
                              Filesize

                              344KB

                              MD5

                              a81a62bf48f5dee1ddff25a88328b4ae

                              SHA1

                              c2ca004fbbaaf94c2ac8935f03cd2999b7b1b1ce

                              SHA256

                              7e0803f223552e4ed3c92bb8b6c204bfe2c905053249e3469399f87e4cd96c73

                              SHA512

                              b18c40760e682717e5af21924f2e6f1f340835e9b068292c7bc31d58d1985561834b1caa70a105554aa0c4deaf7ed13674b8be14a9cf2290bfcc236b08af16c8

                              Download Submit

                            • C:\Windows\{11C70732-870E-48dc-A56C-521E56206316}.exe
                              Filesize

                              344KB

                              MD5

                              552747891bbdbc753cec4cdf24ed63e0

                              SHA1

                              436d04436a19bd00052cd0afe19781f82387cdb7

                              SHA256

                              58f0f2c8917aa297952b44464c93f41cdcbbc20acb4afcf69fb4e4c8e989e403

                              SHA512

                              26cccc92d2afbf63dca59f9663660443fa23dd68afc86ef77d4dff29e219d0da8c54b5df67cc5d7716484ea4c8849019f725cd303c6f9e22e85defbabd732a89

                              Download Submit

                            • C:\Windows\{16894F1B-7A5B-4484-88DE-47950BF1F9CD}.exe
                              Filesize

                              344KB

                              MD5

                              e93813ec810876fbd03bdd5234b47894

                              SHA1

                              9f73e629957ca03811d460f15679939754a57541

                              SHA256

                              f23249fd221119eff5c6bb431808ab95535b38ddbe5da797e7efbd834a354ebd

                              SHA512

                              a8b983d4a68ecc7713451ca94be79f1215009aa9e96a1fedb35a4e5ade6db185e692187072f3d94ff3424a4a029a42facdf0d911672b8833df4e4ffb3f10d6d2

                              Download Submit

                            • C:\Windows\{2626DB88-A4D4-4571-84A5-E9B1D51F666F}.exe
                              Filesize

                              344KB

                              MD5

                              b26b88c8b70c103bde0229310943d896

                              SHA1

                              bf3ef60f2cd1e29fae29725a0c43e3e2c103be1f

                              SHA256

                              1b016ae1a53cbc2f6d31987f68c7c7431e03c9fb2859d755f3794e87cd03470d

                              SHA512

                              44186a99a6b08e4e34f2e15e0e79d50f1169d86853fcb63a698f26f02a8562d57198b1dd275a7617d10a01be103c8ee1129ede4d16101103125ba581351267a0

                              Download Submit

                            • C:\Windows\{6248810D-DE14-4b6d-B08A-9901F09F9970}.exe
                              Filesize

                              344KB

                              MD5

                              966e3fa36bc0bbb5afa7dcd2a1d9d1ec

                              SHA1

                              358763c787452962b35650a7b7249a2a93268716

                              SHA256

                              e43a8067d8579ef32c7093181b2ff9e6161c3cf8efcb57329588340a5bba759b

                              SHA512

                              cb51729b4d1327a1ed3eece2572b986c774d08c61d0005b03d2f093ff1722539ee9f59fe41336e3a0c3f247f5cd692c195bf55cd87505d077eea36d403399a39

                              Download Submit

                            • C:\Windows\{655FC5AC-1328-43c6-9119-65B783885C5E}.exe
                              Filesize

                              344KB

                              MD5

                              78966cf0d3c3b14ea8adead4a4470293

                              SHA1

                              f31a665491fb3a8df109f944f4a08f0002fd6f50

                              SHA256

                              64c2d4658455350ed8c6a2dbf7ce6881f4e3f8f16a487fc0e540dc341fc9f694

                              SHA512

                              5f30664562f39f1bcea24398bcb7d201b8a628887063fa7489b164b343b46624d5b508a28b742d34b80c263bc021f4cfd372bf8f3777e722f648f08137898f86

                              Download Submit

                            • C:\Windows\{A8B791D5-2BFA-4b71-BB29-C3182D47E99A}.exe
                              Filesize

                              344KB

                              MD5

                              19eacb35530bb653b33afc19209701e7

                              SHA1

                              352eab1dc09e3d680596aacac08bceeb41b6b96e

                              SHA256

                              bd60659c6c2a339724d9e452e8f555f923d6d0a783e5d9e8766654607099e371

                              SHA512

                              0a5a6e03ec2aa31f6edde0fdf7b4ac2cac25c8f8d92f2c24d59622c335e1873e59cdac0d06ff23e382c230b37ddeecf03b06a01f2af2b5acbca0290dd41f8014

                              Download Submit

                            • C:\Windows\{C24F22EC-BF82-4caf-A731-02009FC914F5}.exe
                              Filesize

                              344KB

                              MD5

                              737093fe00ea4979f37f3700359fd588

                              SHA1

                              ac34f8c01597042b16fc639256d6418483cf1647

                              SHA256

                              c5654435522f21522780643f1ebf7b027e26aa11caa5c37ae59eb912b6d98c26

                              SHA512

                              ea86f25619d0fe429b8ed3208d9f7b4da849cde979ba7d7ebcae1a9e1cdfe06deabc121f1959be610e61a54f1ff421089ed1eeaa610e77cb57d579c430ed14c9

                              Download Submit

                            • C:\Windows\{C852CAE1-2D68-4d33-97E1-A50A88C56133}.exe
                              Filesize

                              344KB

                              MD5

                              c51237bcf1e27cf8fa57a4ad52f9a5fc

                              SHA1

                              5aaa018e53241b38fee72b86570e32615e7ca565

                              SHA256

                              e9d5ac5f8d00353ba8196b9d61b811a2892fa333e24d230c1cb2221370a444f4

                              SHA512

                              6e65ca6caed9753d1088cebf25086b299a0e8a56e61d5f00734d8f8248d15f86df4440664f0a34a2e75e6ab06142b34da4df8f25f01320b4f336258c68decbe9

                              Download Submit

                            • C:\Windows\{DDB96FA4-A1D9-42cf-94E8-54D326312A0A}.exe
                              Filesize

                              344KB

                              MD5

                              ab2daedcefa34122e3e59d9f70a90538

                              SHA1

                              9332022f8625565e9254187129414f65c05e60aa

                              SHA256

                              4fd3d2f074655e753a99a471d50bfa618d8812cd5d6f84d2e319dfe693394fa7

                              SHA512

                              31b09f6cf4e7ebd511e5084db640c83b81c046c862566037caf9d8ce078028f036dfce97346391038b160f4420f8f11f445af70c0f2b2babc2324b2b1d0f9b3f

                              Download Submit

                            • memory/2956-79-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-86-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-77-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-78-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-60-0x000001D73E680000-0x000001D73E690000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2956-80-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-81-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-82-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-83-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-84-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-85-0x000001D746C90000-0x000001D746C91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-76-0x000001D746C70000-0x000001D746C71000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-88-0x000001D7468B0000-0x000001D7468B1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-87-0x000001D7468C0000-0x000001D7468C1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-90-0x000001D7468C0000-0x000001D7468C1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-93-0x000001D7468B0000-0x000001D7468B1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-96-0x000001D7467F0000-0x000001D7467F1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-108-0x000001D7469F0000-0x000001D7469F1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-110-0x000001D746A00000-0x000001D746A01000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-111-0x000001D746A00000-0x000001D746A01000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-112-0x000001D746B10000-0x000001D746B11000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2956-44-0x000001D73E580000-0x000001D73E590000-memory.dmp

                              Filesize

                              64KB

                              Download