Overview

overview

10

Static

static

10

2024-05-21...ye.exe

windows7-x64

9

2024-05-21...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2024, 02:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-21_1bc2052b82fd5e7f2fc0107ffd3f4ff6_goldeneye.exe

  • Size

    204KB

  • MD5

    1bc2052b82fd5e7f2fc0107ffd3f4ff6

  • SHA1

    7d127f1237073ab71eda1eae563c7f9712b08311

  • SHA256

    bc2cc765f6874385e37e9addd967240261af5958098bc009cc9b3f9cdbeaa01f

  • SHA512

    a7eb096e28c222af7ed246be36459369cc6c30936aa1611946f6e7405b311c1520673730fb179ca6e4e527b1ecd009939840ce5c3128c31afb249d86d994d683

  • SSDEEP

    1536:1EGh0oEl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oEl1OPOe2MUVg3Ve+rXfMUy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 13 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-21_1bc2052b82fd5e7f2fc0107ffd3f4ff6_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-21_1bc2052b82fd5e7f2fc0107ffd3f4ff6_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Windows\{E19A8F01-C0FE-4270-A8C9-8807A935906C}.exe
      C:\Windows\{E19A8F01-C0FE-4270-A8C9-8807A935906C}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4232
      • C:\Windows\{2193BFC5-31B8-4c2c-9B6F-D6A6F6F3275D}.exe
        C:\Windows\{2193BFC5-31B8-4c2c-9B6F-D6A6F6F3275D}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3168
        • C:\Windows\{C9A6D9A1-48C2-4e09-A643-56DDC511217A}.exe
          C:\Windows\{C9A6D9A1-48C2-4e09-A643-56DDC511217A}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1240
          • C:\Windows\{6FF9A765-E86C-4498-892B-9D68E74E1101}.exe
            C:\Windows\{6FF9A765-E86C-4498-892B-9D68E74E1101}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1612
            • C:\Windows\{C6435784-4EF7-48cc-97A5-A3861EE1794F}.exe
              C:\Windows\{C6435784-4EF7-48cc-97A5-A3861EE1794F}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4140
              • C:\Windows\{C9623E53-58D9-4640-AAD5-6C063F566243}.exe
                C:\Windows\{C9623E53-58D9-4640-AAD5-6C063F566243}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4956
                • C:\Windows\{3CE80426-3EF2-4030-B86B-248E7FCDFF0E}.exe
                  C:\Windows\{3CE80426-3EF2-4030-B86B-248E7FCDFF0E}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2592
                  • C:\Windows\{AF8248C9-B99A-4273-BA65-BFE12749CBFC}.exe
                    C:\Windows\{AF8248C9-B99A-4273-BA65-BFE12749CBFC}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4820
                    • C:\Windows\{D06C141B-1901-493e-81F4-8C45660F3523}.exe
                      C:\Windows\{D06C141B-1901-493e-81F4-8C45660F3523}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3256
                      • C:\Windows\{F176887B-2E21-4690-AA24-DC4D863074C3}.exe
                        C:\Windows\{F176887B-2E21-4690-AA24-DC4D863074C3}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:2072
                        • C:\Windows\{4E6D4883-75B1-43aa-BC4A-6ECDA3971260}.exe
                          C:\Windows\{4E6D4883-75B1-43aa-BC4A-6ECDA3971260}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1188
                          • C:\Windows\{3A4BE538-E0BA-4076-B7CF-D746134240BC}.exe
                            C:\Windows\{3A4BE538-E0BA-4076-B7CF-D746134240BC}.exe
                            13⤵
                              PID:1968
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{4E6D4~1.EXE > nul
                              13⤵
                                PID:208
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{F1768~1.EXE > nul
                              12⤵
                                PID:872
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{D06C1~1.EXE > nul
                              11⤵
                                PID:1168
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{AF824~1.EXE > nul
                              10⤵
                                PID:2796
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{3CE80~1.EXE > nul
                              9⤵
                                PID:1548
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C9623~1.EXE > nul
                              8⤵
                                PID:220
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C6435~1.EXE > nul
                              7⤵
                                PID:676
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{6FF9A~1.EXE > nul
                              6⤵
                                PID:2932
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C9A6D~1.EXE > nul
                              5⤵
                                PID:2172
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{2193B~1.EXE > nul
                              4⤵
                                PID:2776
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{E19A8~1.EXE > nul
                              3⤵
                                PID:2256
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                              2⤵
                                PID:1748
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3732 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
                              1⤵
                                PID:3972

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\{2193BFC5-31B8-4c2c-9B6F-D6A6F6F3275D}.exe
                                Filesize

                                204KB

                                MD5

                                ffbbaa84f335e1906073d68c2e39fdf4

                                SHA1

                                89e477ee178fa2bef79dc064b6f68e46b83574a0

                                SHA256

                                554f0e35995b189cfe421d7e7d0a79a90eae499aac718fe5330634d8ea620ca8

                                SHA512

                                0e3db381a3cbc76b97aa703d434bdac04bede66696e1436f2a49b7e2e515c48fb5286d02919a37726fe360ff425e5813be39e67591d0ef823effc5f9cdaf4a66

                                Download Submit

                              • C:\Windows\{3A4BE538-E0BA-4076-B7CF-D746134240BC}.exe
                                Filesize

                                128KB

                                MD5

                                9006e41557773dd13066a5276ae22d55

                                SHA1

                                b07577fc1cbc02e76ba2f6b8767acc37d2b65b55

                                SHA256

                                1fc438e0fbbced69ce5dc812df5134905ee0c6e2c54bb5e08d685e013a72d47d

                                SHA512

                                d9dc883071f7273ace1ddf1008b2af057ad212bb35faf6e84d6198a509343529455cd893fd373599532e24737f2c4c24d4892b5cc43aea19cda05a943b97ec03

                                Download Submit

                              • C:\Windows\{3A4BE538-E0BA-4076-B7CF-D746134240BC}.exe
                                Filesize

                                81KB

                                MD5

                                349e7f8fc3ef11f6984cdab6904b40a6

                                SHA1

                                0763ccfab6e72aa7601b1a6798bd0350f1d68685

                                SHA256

                                36954acbcf2787b47afa085984eebb41276d76a1fbe8d4a3822b46afc10d188b

                                SHA512

                                c41c7acb2b08a5cb60a404d2040b24642b8bf3f309a7cc951b7d954d3b639a56b46e8a3f86e431cee1319f0a79ea049241c8e7078fdbb27f6964062d0964452a

                                Download Submit

                              • C:\Windows\{3CE80426-3EF2-4030-B86B-248E7FCDFF0E}.exe
                                Filesize

                                204KB

                                MD5

                                539f873620f80dc1b2b27046e4769ef8

                                SHA1

                                e79019dc654b576f77c73e639be21854295bc13a

                                SHA256

                                c9596207c8bec8a2f5c3e379faa1236a7b4586001b91fd67a4f4c451540d1585

                                SHA512

                                bc24e93c658fcbc29ae64d532a00a736492901cd6a2d61117f1078dc6a9e07fd4cbae5f37029155cb81d6fe1e638d45e4b67b003e4e484f422312383aa26387c

                                Download Submit

                              • C:\Windows\{4E6D4883-75B1-43aa-BC4A-6ECDA3971260}.exe
                                Filesize

                                204KB

                                MD5

                                8b37f82f26fc5d8d6b9c7ba6d77fb1a9

                                SHA1

                                496695862de9bd753e44a518ec0a942d4bb28f7f

                                SHA256

                                7227fd4d55a74bdd7d9823cc263a1fa07762cddbdfb9a515bf5e3d84324c25cd

                                SHA512

                                5e38cd281b207880ddc257c1d4360038db37f4f340386c36358225d822f5bc67a488c33d70e1b00031ba2ab2147d3f81a85102e3d21ade5af5fb4008c1280bce

                                Download Submit

                              • C:\Windows\{6FF9A765-E86C-4498-892B-9D68E74E1101}.exe
                                Filesize

                                204KB

                                MD5

                                189d8b45c798355c9b15bff6943b6b49

                                SHA1

                                11b9c67f215c209bf01b9755ee1fe2104d810ff5

                                SHA256

                                089a25741ed19d37c3facc660a6588679f9df0bc9727fae77be00497b38c890a

                                SHA512

                                171f5835451178b43026cce4836b4bb368799359501cdea8d614cda8acd142b7880c8a2f3fb974599c644211543bb9151d5a6752cc27b8093f2d0f4da7574a78

                                Download Submit

                              • C:\Windows\{AF8248C9-B99A-4273-BA65-BFE12749CBFC}.exe
                                Filesize

                                204KB

                                MD5

                                061b045c58369c32c9a1d28d6a73094c

                                SHA1

                                5370fece1a243deaf38f261450406fd6e6e2be87

                                SHA256

                                5db12a4a4abe9a63fa658e54135313616ae51826b6452a9391e702bae79d5306

                                SHA512

                                4faee348931b7d2b4e8f783549d79f9c89d2e010c9f4221f8391b6b87ae65118784d731295016ef7605aad327d84af969ce9964b7393f7eba075c5bd2fae88df

                                Download Submit

                              • C:\Windows\{C6435784-4EF7-48cc-97A5-A3861EE1794F}.exe
                                Filesize

                                204KB

                                MD5

                                9219388a9b7e48b39dee0284dbce25df

                                SHA1

                                b4724595bd82edadf14865fc19369b305d2d6350

                                SHA256

                                cdee83b36a8286d32940a2ec1e655b3e5eda2e1b9fc827f8f3e3d1c4bcf53178

                                SHA512

                                712b4d8440b6dd21ee3be3d5f86a60c380acdd9c6e1cb4ca6769b4e6b596785b8b45b3b233b51d32189986c8b48b98d7823d478d3ef283426601970d646dfc68

                                Download Submit

                              • C:\Windows\{C9623E53-58D9-4640-AAD5-6C063F566243}.exe
                                Filesize

                                204KB

                                MD5

                                f327929ab42db74d8b3fd167fa047265

                                SHA1

                                ee16491a27d3d179bc9e080d0df016f78efad888

                                SHA256

                                51e0e2de64163fd2c5825c975520fb29a8a0fe3f16fdcd402ee0ec047db2187b

                                SHA512

                                d854f65749408aed1f3fa887b15a8631879b382ff2791baeb5c6882c7b93d2a725a05e39a7f72eceb228d10eb497546cbe52975db8901508f0df02520da1f012

                                Download Submit

                              • C:\Windows\{C9A6D9A1-48C2-4e09-A643-56DDC511217A}.exe
                                Filesize

                                204KB

                                MD5

                                ac84e500b0fa0be2f266efd6d5b70e4f

                                SHA1

                                2d46fa92481edfcb20d0398deff4035466baaa5b

                                SHA256

                                d9f9289ab2a7f4afc3e3e4b7200f98f039d2ae87376e826031c630db928c1c80

                                SHA512

                                9e695a1ba136c00f1f218f388467fce48416f5c6512f68985802fc0566f118db7d1c9f8705f32a962f654dde46a87bdaea830d7ecaf651770571f72f5a1c18a3

                                Download Submit

                              • C:\Windows\{D06C141B-1901-493e-81F4-8C45660F3523}.exe
                                Filesize

                                204KB

                                MD5

                                0b36a79f269e37a0358ff357694a6244

                                SHA1

                                03725fd9014ff025ae4a30639dfaf10da871cd88

                                SHA256

                                c84bf18eec40afd1b2522d984f945db93a3b284fab5aabe3e002f62a6cd2cdb3

                                SHA512

                                fb217ef547567a4adf320c0d7b7f09fcba915fe72245c3a46813f308f23a3cdb9d616cd72f08e68be96740e2cf273698410fbf814d84e15b8c4d3e0a8d9dea9f

                                Download Submit

                              • C:\Windows\{E19A8F01-C0FE-4270-A8C9-8807A935906C}.exe
                                Filesize

                                204KB

                                MD5

                                054d5e284be5d93fe304b5ed34c7ea93

                                SHA1

                                4d661df5fe10ba113abb2da711d862b683352ffb

                                SHA256

                                0dbab37b19782bc294f94888bb4962455fce1844cdc4800ac8df6b575fc90b39

                                SHA512

                                ff228485d79040dd1ed503ae6e2b83943d69e5fb7239e61f67056447a30ff0cd5574fbe5849b6035acd1bfa49a17a127b0dd84c66c5f4c21591a7162b40207d7

                                Download Submit

                              • C:\Windows\{F176887B-2E21-4690-AA24-DC4D863074C3}.exe
                                Filesize

                                204KB

                                MD5

                                b2b399076c89774e84872781cbdfaef7

                                SHA1

                                ae3bf836c6394fe30c8073266d624b722d7b75dc

                                SHA256

                                066864a1be241b5904a473c49dccd4b4fcb855e8f6af44f91d081e687147ddf5

                                SHA512

                                6b386175810c03fe0f6048c0381e9467ecabd312d2a348c4b3218fce6670384e520ae23c4ac430e77d48dce64a138a3d056ce0b11e7f9379f776f0d2d64444ee

                                Download Submit