Overview

overview

10

Static

static

10

2024-04-26...ye.exe

windows7-x64

9

2024-04-26...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2024 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-26_0170e6ffd4d5d9148d1d68372991e16e_goldeneye.exe

  • Size

    380KB

  • MD5

    0170e6ffd4d5d9148d1d68372991e16e

  • SHA1

    f4517115864083c914c33a29d09aaad42bcef407

  • SHA256

    9b3bc1442e90e58ee7b33616cce548023135b289aafadba1ba44af466699fb92

  • SHA512

    f283324558f651987cfa56de11738a9dcf79437aad5757963401434a5c281a8f201fc9165cda4dfaccbea412da9298e3c22f62eb6581d814139f44bd412a3fda

  • SSDEEP

    3072:mEGh0o/lPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGpl7Oe2MUVg3v2IneKcAEcARy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-26_0170e6ffd4d5d9148d1d68372991e16e_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-26_0170e6ffd4d5d9148d1d68372991e16e_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\{FF1239F4-8671-4b4a-AAF4-7DB925086442}.exe
      C:\Windows\{FF1239F4-8671-4b4a-AAF4-7DB925086442}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Windows\{0DE17AAB-E32A-4567-8434-7EC65E3D8960}.exe
        C:\Windows\{0DE17AAB-E32A-4567-8434-7EC65E3D8960}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3148
        • C:\Windows\{E819A1C6-EA17-4438-97F6-1F55CB99CE87}.exe
          C:\Windows\{E819A1C6-EA17-4438-97F6-1F55CB99CE87}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3364
          • C:\Windows\{85A60A3C-360C-4797-843D-7CE40473BA8B}.exe
            C:\Windows\{85A60A3C-360C-4797-843D-7CE40473BA8B}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4088
            • C:\Windows\{C2630DCD-D65D-478f-82A4-0A3CC11BBD71}.exe
              C:\Windows\{C2630DCD-D65D-478f-82A4-0A3CC11BBD71}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3032
              • C:\Windows\{282D9756-7628-4327-A520-EE7A0329A19B}.exe
                C:\Windows\{282D9756-7628-4327-A520-EE7A0329A19B}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1540
                • C:\Windows\{ED5ED3AE-B009-4f6c-9251-B084304CD3A0}.exe
                  C:\Windows\{ED5ED3AE-B009-4f6c-9251-B084304CD3A0}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4608
                  • C:\Windows\{0965DFB8-7B8B-4a32-934B-33FCD4F9F009}.exe
                    C:\Windows\{0965DFB8-7B8B-4a32-934B-33FCD4F9F009}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4468
                    • C:\Windows\{C945458D-82DB-4673-85F0-342996C6CE81}.exe
                      C:\Windows\{C945458D-82DB-4673-85F0-342996C6CE81}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2088
                      • C:\Windows\{71872FDE-D4F4-4e40-AEDE-838F8A0BDC81}.exe
                        C:\Windows\{71872FDE-D4F4-4e40-AEDE-838F8A0BDC81}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4992
                        • C:\Windows\{22CB62F3-D38D-410f-AF26-81480654B765}.exe
                          C:\Windows\{22CB62F3-D38D-410f-AF26-81480654B765}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:924
                          • C:\Windows\{44D96DEF-0FD2-427e-9BC6-7CA892F28BED}.exe
                            C:\Windows\{44D96DEF-0FD2-427e-9BC6-7CA892F28BED}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:3828
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{22CB6~1.EXE > nul
                            13⤵
                              PID:388
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{71872~1.EXE > nul
                            12⤵
                              PID:1852
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C9454~1.EXE > nul
                            11⤵
                              PID:5072
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0965D~1.EXE > nul
                            10⤵
                              PID:2848
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{ED5ED~1.EXE > nul
                            9⤵
                              PID:1852
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{282D9~1.EXE > nul
                            8⤵
                              PID:1444
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C2630~1.EXE > nul
                            7⤵
                              PID:5104
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{85A60~1.EXE > nul
                            6⤵
                              PID:2532
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E819A~1.EXE > nul
                            5⤵
                              PID:1192
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0DE17~1.EXE > nul
                            4⤵
                              PID:4652
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FF123~1.EXE > nul
                            3⤵
                              PID:4184
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:3068

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0965DFB8-7B8B-4a32-934B-33FCD4F9F009}.exe
                            Filesize

                            380KB

                            MD5

                            d1913277ca16b0575dfbd01774d4c2d0

                            SHA1

                            8754eb2d0a4522a41accfc2bee7f86f0518cdc04

                            SHA256

                            03d815bac813c95aa8ef27a3a581d2df6e5e8b718b34a2793804197c40562528

                            SHA512

                            5cd2a538c7d1a0adeb15628b855f3b6443012bc71d2daae0b750c11a35b5c67b21dcd7e531dc1755c7064a09413b6bc5799d425f06f3fcd3564b37c5165d5409

                            Download Submit

                          • C:\Windows\{0DE17AAB-E32A-4567-8434-7EC65E3D8960}.exe
                            Filesize

                            380KB

                            MD5

                            0c93256181d68bb40a3c338dfc737af6

                            SHA1

                            f09e8b709776ccc6a78891f09e2f0c2f489304ac

                            SHA256

                            0b94d2c151b208fb8304eee1bb2fe1cffcb18cbd94f51477eb2415152ae2ba10

                            SHA512

                            2b65e53ec46aa2f7b0a335d9f515391ce19cdef2d70b7fd087c56588efb242caa05e882fca383a7f635ea083a17869fe000c099d55422fb551fb40200f449a59

                            Download Submit

                          • C:\Windows\{22CB62F3-D38D-410f-AF26-81480654B765}.exe
                            Filesize

                            380KB

                            MD5

                            350115f1bb8361d54f881c0067be922d

                            SHA1

                            afd5d0c9d24b0a6153041debb770f845fa05bc1b

                            SHA256

                            f4eb88e8c21759218c34893456f78d717412455a1d1eba35d3914035b6975f86

                            SHA512

                            0d1d05f371f834da5b705dccd0cc4bb499b55a169a2a3a14e90dbb7125cac54712aa7d0fd277f3c543a3ce91d4b1799f862ec22001445e42aeb8c8281fca9f08

                            Download Submit

                          • C:\Windows\{282D9756-7628-4327-A520-EE7A0329A19B}.exe
                            Filesize

                            380KB

                            MD5

                            a7d7e5755b3fe407e13c9bc388ab5cae

                            SHA1

                            9dc137bbb42611221ea9db5dce3e95c7aef17ff3

                            SHA256

                            085607d0b9c8d7db81d22bec45c1abd975a2487c1b03ca596a8f17d6d311f922

                            SHA512

                            b8b122ea0a8a7d080dd1ed4d354a40a9faf29910d59b3bab5f957fdf3566870386953c24ac63d68495941b9bdeeaa2b6d72929144b9f7f3eb8296f8632c7af33

                            Download Submit

                          • C:\Windows\{44D96DEF-0FD2-427e-9BC6-7CA892F28BED}.exe
                            Filesize

                            380KB

                            MD5

                            aad68f70a5c1820a5240e85824dbc6ac

                            SHA1

                            6b93c73d0da4d519b8ef23bf875fae23ddc5e8e2

                            SHA256

                            8d9fe86fe8bf3384a6dadeee96dfa08151b3e7de7ee63f4a1b2f54d36748fbfa

                            SHA512

                            612cd22d78fbfe80f8435bd121550f8481fc569c57fbdf85a923d3c04975dbe06e3d381952bb80c13ff68f6e17b668ef9240799bc6df53a55eaa17e4445f2ac5

                            Download Submit

                          • C:\Windows\{71872FDE-D4F4-4e40-AEDE-838F8A0BDC81}.exe
                            Filesize

                            380KB

                            MD5

                            854ee4bb59e6a9ac290d7cc6d78a986e

                            SHA1

                            aa75a1cb71db1dabcf22ed1d8788d2eb6808788a

                            SHA256

                            14e7165e2636e207d4763e48dd4774c2cac60faf25eaa3a33262afb1ca53f5c8

                            SHA512

                            f38e363abf28bd70eb1a585c9c07c6355e58cc795d7e7f79be44ff9b96233a5e60cf6ac30e1d3702797baf1a0fb26f9888e7313db96305f18787dad5cdf4fd33

                            Download Submit

                          • C:\Windows\{85A60A3C-360C-4797-843D-7CE40473BA8B}.exe
                            Filesize

                            380KB

                            MD5

                            4bc255c939bdf50d93b22a5d146a16dd

                            SHA1

                            003eff9d09eb0dc9f0ad69dbf0e56cc0f1e3f78f

                            SHA256

                            982666a1153d10d89cd5bcf76fa1befc694e18bff2a979f400a089540b3a033d

                            SHA512

                            33a31f7b0aebdcaf127213482fa7f7f63455a600f3648f0f141ab4646f4ace98dec53bac7063ac5d7e9968b0fb0473ced5318989d2db583a744c3a9da1895cd9

                            Download Submit

                          • C:\Windows\{C2630DCD-D65D-478f-82A4-0A3CC11BBD71}.exe
                            Filesize

                            380KB

                            MD5

                            e10e230ff5711417b32376c899ece117

                            SHA1

                            f9c6b081204342a0d0ce0ecee676c55432483eab

                            SHA256

                            23ccb7787d625dcf11ee42ac074a7fc071df6961a68a015a1bf418b46ff1c858

                            SHA512

                            be09eb0138d63aaafc3716a7088b86d1a271f1d957d7c8dc5a479b905aa72014d472d8f1a903da1321451dee721c244b25589d02e4e318b8fb70d8089f927ef3

                            Download Submit

                          • C:\Windows\{C945458D-82DB-4673-85F0-342996C6CE81}.exe
                            Filesize

                            380KB

                            MD5

                            031d12974d30efc21248d33aca8647a9

                            SHA1

                            bf96dce077eda7ed143b359499f36ec6959713ae

                            SHA256

                            e6ba8b9b229b115f7e76b3e96f898f3b74fbf032a603f7f407086ba2fe7b0e3a

                            SHA512

                            311001b7bbcf5bc52a0e935cf0c7f6f5862c3f27acbc8321d3336e287f372915e6f2106c5ec270b281217f51fc425fa322e8ffca2eca1bce6810cea4e94aa232

                            Download Submit

                          • C:\Windows\{E819A1C6-EA17-4438-97F6-1F55CB99CE87}.exe
                            Filesize

                            380KB

                            MD5

                            135b68793351965c54d1c84b1d315eb9

                            SHA1

                            0157953fb7e64118dde9aef60c9f32e7fbae6f04

                            SHA256

                            5a96d3138009a90b8fb5b78c68e2196867d104d7dbf5825341381e0dd6b8af54

                            SHA512

                            ceb2b46c3822b0b4d1aa81cda7023949e2261fa5763e778bebd3822bcadacfd076e0acff29e1b626c4ec263dd47cd88071a40a618827ed68b527de24bdc08422

                            Download Submit

                          • C:\Windows\{ED5ED3AE-B009-4f6c-9251-B084304CD3A0}.exe
                            Filesize

                            380KB

                            MD5

                            532114fa642478b08275b8d69c414b4f

                            SHA1

                            4d34e959ad3b207c4f12073477a3718959aa4cf6

                            SHA256

                            bf7a22a1b6c03b80b0b40ec0d128ccc817c28633e7902d0484513c82f3c21cc4

                            SHA512

                            a7065e0933ea818e72d801cd38e370bede23d7818fa4adbb4f1ddcf5ec99c5df760856b354a95d2997159f4c087e532de9926f7006614d726fd2fda946863051

                            Download Submit

                          • C:\Windows\{FF1239F4-8671-4b4a-AAF4-7DB925086442}.exe
                            Filesize

                            380KB

                            MD5

                            230758f8d273de95ea2e6634f086ad51

                            SHA1

                            da22ecc0ae6675116d4d04e8636689f05116daa4

                            SHA256

                            e584ff678dd245b78c8fc20316f7f7eee627a4b58700ba0e98249660512540bd

                            SHA512

                            e390c95994f99ad91f8cb8340782b976d5babec568f298bede3034eb4b88683079d221e55da79671c650d84b947a0d952f2faad16d55672f67de1f133c4ececa

                            Download Submit