Overview

overview

10

Static

static

10

2024-05-20...ye.exe

windows7-x64

9

2024-05-20...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-20_18c6c72a6cd0f4c5467ecd508f1d0589_goldeneye.exe

  • Size

    344KB

  • MD5

    18c6c72a6cd0f4c5467ecd508f1d0589

  • SHA1

    67f029f42d97b862814c633916d39c8a870c534b

  • SHA256

    d98641d61dacb607746b68bc86a2da88b87e7081deeeba22902deda5de6adf58

  • SHA512

    64de8a0ea565e108af99e8464fe4d84cfcc6df21525d09b4b179774dc6b2f1bd00491952cf2365a6fc03a394f238aabb204481cb9f5f7db679a4095adc1c1a9e

  • SSDEEP

    3072:mEGh0o3QlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEc:mEGKlqOe2MUVg3v2IneKcAEcA

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 10 IoCs
  • Modifies Installed Components in the registry 2 TTPs 20 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 10 IoCs
  • Drops file in Windows directory 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-20_18c6c72a6cd0f4c5467ecd508f1d0589_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-20_18c6c72a6cd0f4c5467ecd508f1d0589_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\{8BC4DAFB-426E-4d88-A23E-D2EDFD98BE8A}.exe
      C:\Windows\{8BC4DAFB-426E-4d88-A23E-D2EDFD98BE8A}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1116
      • C:\Windows\{724257DB-95F4-404b-8CA3-7984792C727E}.exe
        C:\Windows\{724257DB-95F4-404b-8CA3-7984792C727E}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1964
        • C:\Windows\{78D941AE-A97A-4e5c-B517-45CC558CED66}.exe
          C:\Windows\{78D941AE-A97A-4e5c-B517-45CC558CED66}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:592
          • C:\Windows\{C99AAD80-7566-4162-9192-E706CB3CDCE7}.exe
            C:\Windows\{C99AAD80-7566-4162-9192-E706CB3CDCE7}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1736
            • C:\Windows\{07FA35F6-425F-4d2f-86E6-84414D803807}.exe
              C:\Windows\{07FA35F6-425F-4d2f-86E6-84414D803807}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:696
              • C:\Windows\{48B75BB2-62F5-400b-9728-A5ACB98CD792}.exe
                C:\Windows\{48B75BB2-62F5-400b-9728-A5ACB98CD792}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1136
                • C:\Windows\{9E27EFBB-8893-47d0-A286-F43BFEA9A2F0}.exe
                  C:\Windows\{9E27EFBB-8893-47d0-A286-F43BFEA9A2F0}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2628
                  • C:\Windows\{02DB3B4D-2A73-43bf-B137-0539CEA8224C}.exe
                    C:\Windows\{02DB3B4D-2A73-43bf-B137-0539CEA8224C}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2700
                    • C:\Windows\{233DDC87-093D-4cca-A955-4DA99D91F433}.exe
                      C:\Windows\{233DDC87-093D-4cca-A955-4DA99D91F433}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1824
                      • C:\Windows\{EF7CDA4B-0A37-4414-9C67-4A628D6770B7}.exe
                        C:\Windows\{EF7CDA4B-0A37-4414-9C67-4A628D6770B7}.exe
                        11⤵
                        • Executes dropped EXE
                        PID:2964
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{233DD~1.EXE > nul
                        11⤵
                          PID:3008
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{02DB3~1.EXE > nul
                        10⤵
                          PID:1780
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{9E27E~1.EXE > nul
                        9⤵
                          PID:2684
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{48B75~1.EXE > nul
                        8⤵
                          PID:2856
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{07FA3~1.EXE > nul
                        7⤵
                          PID:2828
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{C99AA~1.EXE > nul
                        6⤵
                          PID:2660
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{78D94~1.EXE > nul
                        5⤵
                          PID:564
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{72425~1.EXE > nul
                        4⤵
                          PID:464
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{8BC4D~1.EXE > nul
                        3⤵
                          PID:2032
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                        2⤵
                        • Deletes itself
                        PID:1532

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Windows\{02DB3B4D-2A73-43bf-B137-0539CEA8224C}.exe
                      Filesize

                      344KB

                      MD5

                      1512021c6ee7e2409f3eaea6c2a5a241

                      SHA1

                      121d02ab7b54198d90fcef09eca0b44a7132a200

                      SHA256

                      ba7a9e7fa0b66dd756ccc6fb45785f7e6ea4b43c18cad21bfdb9ed280549cf90

                      SHA512

                      13fb7a223e97be2c8678b801d7e629277329f97d30ef387042b29d6bbe282cb719fad8cb0cd80d4a87feeccb273ad62af5380607d684e916d0d9dad0596cf85a

                      Download Submit

                    • C:\Windows\{07FA35F6-425F-4d2f-86E6-84414D803807}.exe
                      Filesize

                      344KB

                      MD5

                      0de7f42ffbce7e3628d53c15ce5adefc

                      SHA1

                      1a5488b7f3df0ff5015b8195b23e40bcfc52e80b

                      SHA256

                      6bdb11a2b1cb63bbe8a2413bcce6ff1a7c8d3f5a22255091d1c1b695899495cd

                      SHA512

                      bcd5938a5184e6ece793e75ba7c17e02c7af0399e61bfbcc13d88baab5fd10b1d02efa5e2941c720c925ffa53c600e458e84ad19c941ac4ce0c2fc2ea885e07a

                      Download Submit

                    • C:\Windows\{233DDC87-093D-4cca-A955-4DA99D91F433}.exe
                      Filesize

                      344KB

                      MD5

                      596d4a5d3a204122985092267cca8241

                      SHA1

                      327617d21bba768a46655c04240a333bdca4bff1

                      SHA256

                      c48eb158e6560a26fe3d1db0ca7b911ce93d7eb5dd50d63fa16d54403d53fa69

                      SHA512

                      cbc1502b17889f017e2c0f1dbb7541178f68efb4bd36ed70341e20998ccbdf914dc1cc85260fd0e1524ba7f420c8d4b6ef0c0e67816c48d20389a002b9bb30fe

                      Download Submit

                    • C:\Windows\{48B75BB2-62F5-400b-9728-A5ACB98CD792}.exe
                      Filesize

                      344KB

                      MD5

                      4a6ff6f62c3c1e658e1c53212b1351ef

                      SHA1

                      6f364fe2855772f072eee2344be24922ce862bd4

                      SHA256

                      785db4ac0390e7a66ccf85c247fd5e7de93e8a31bff1d2086b0af57b31acfe2a

                      SHA512

                      c82fb1e4ebd25bf92101ad55a10e27bc89c3ff7e676c8b404257b4fe98ca339902baa2cb4f681dcecee0f332000c29c3da15386a6c34c7678f2cd8c490aaf67a

                      Download Submit

                    • C:\Windows\{724257DB-95F4-404b-8CA3-7984792C727E}.exe
                      Filesize

                      344KB

                      MD5

                      7e88b98fbee366f7c022a537dadc9713

                      SHA1

                      e3cd601a6c56602be7bdfd01eb7ce4bd07a49286

                      SHA256

                      664588a69850f8799cb0f2c4e57cce2b224f0581b8b2543eec9e463f89a30ea4

                      SHA512

                      fb7e5df68a9e6f989f2d4685f7743f4998a4de223089ba3c8b2c249d7c6775d56be7c230f54b818436f231e483f86f5a5d25090f16b9bffb1e13adcdeddf1f3c

                      Download Submit

                    • C:\Windows\{78D941AE-A97A-4e5c-B517-45CC558CED66}.exe
                      Filesize

                      344KB

                      MD5

                      cb5012b56edace7e0aad306f9bd3314b

                      SHA1

                      ae3e53977319b73ea9825fb3c727c8d60800cfc3

                      SHA256

                      6d2e062fd375a5e45c063e96e6dbaf10de93ef0eff7b06806574f35190b1bf25

                      SHA512

                      3622fa90377262f5ebd63cd1e8651c1193cc73bb04486b7d97517d5c14ea8cc322091895144f3b976297cbde1d8c058d695c06b480fa91c01a96c376c1e7f519

                      Download Submit

                    • C:\Windows\{8BC4DAFB-426E-4d88-A23E-D2EDFD98BE8A}.exe
                      Filesize

                      344KB

                      MD5

                      5f3fd5cde2148b7ff4975151e1b2c6cc

                      SHA1

                      d421f49f70f7254a87e531de9c61770498cc4d3f

                      SHA256

                      9261b47607119c14a7e0a0453aa8d30fdb573ba3909193822d47eadaa29d24db

                      SHA512

                      f24616c67e7cb4d293a164a69346c0bce3e291fab8837761870ae15297d0b5a251f8ea980dc2868492ad20e993483af451b65ddb0a6937f629a59c028047ec63

                      Download Submit

                    • C:\Windows\{9E27EFBB-8893-47d0-A286-F43BFEA9A2F0}.exe
                      Filesize

                      344KB

                      MD5

                      4e079a11df3b9a54711746217506af32

                      SHA1

                      27a2cae878955a654f594dbf7336665b59ed5501

                      SHA256

                      dc317b84dc755571e3ded73f831cb141225c5161cd8cc296c57a1e9ff75f393c

                      SHA512

                      7c8bd6ecc97d90179c315848032a1315e440859f81014d06b3b15d584d777a1423ee2287e2959298aa68d6b746e8236754f95e844abbbc642a664640af3378fd

                      Download Submit

                    • C:\Windows\{C99AAD80-7566-4162-9192-E706CB3CDCE7}.exe
                      Filesize

                      344KB

                      MD5

                      6e6fd5e64af16e201098fcfa8b15e669

                      SHA1

                      c8c0e1da26417e19de66660a872a6d6e5c900ad0

                      SHA256

                      9878535f242ea9f4a626da1c237b4e9b3c1fad8e654b44ce2ece96409fa60409

                      SHA512

                      72717ea47126e2efe632191f1cf0ed401a27975c096df197cf7bfd6acd626c21aeafb30bb8d71a81bf905abcc6cca390cd6c6b9254acf17ce87843159c1c431a

                      Download Submit

                    • C:\Windows\{EF7CDA4B-0A37-4414-9C67-4A628D6770B7}.exe
                      Filesize

                      344KB

                      MD5

                      3cdddea88b1e7997b3146662f2eaa1bd

                      SHA1

                      c35ff7db2e5a847abbd2e79d3ce21b52f68cdc08

                      SHA256

                      b2720b07cc15da9c1ee0c742202284d28782ccb7661fe08e617f3c24aa371aee

                      SHA512

                      d22ab97111f5f2bc6801997d5da1be278a32b99879c17976bbcf91d2ab0edd64517bcea776b2ceb91029e1a8c75a910e9ef6cf8d2b7f1d80db05879aa1c83abf

                      Download Submit