Overview

overview

10

Static

static

10

2024-05-31...ye.exe

windows7-x64

9

2024-05-31...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 04:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-31_4f03c3b703ec5bc6abd3aa09f66ff8ef_goldeneye.exe

  • Size

    168KB

  • MD5

    4f03c3b703ec5bc6abd3aa09f66ff8ef

  • SHA1

    4c9b9feb435a38c9828e46afc99cdd832eb9c0fc

  • SHA256

    bea312dd7a189d729702f3b0aa7b717b8c23b71cb880b73549d1e103308be4a9

  • SHA512

    116c1713761760e5f8fcbc71f80d3385a6318323e19e6f39727c696f633aa09aa30dcaed936a29eb0342377a9dce8a2d68308437825e7ae5cec9144b189cdffa

  • SSDEEP

    1536:1EGh0oIlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oIlqOPOe2MUVg3Ve+rX

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-31_4f03c3b703ec5bc6abd3aa09f66ff8ef_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-31_4f03c3b703ec5bc6abd3aa09f66ff8ef_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:60
    • C:\Windows\{D0B12878-DF0A-4b57-BBC4-4EEB877B9763}.exe
      C:\Windows\{D0B12878-DF0A-4b57-BBC4-4EEB877B9763}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Windows\{750841C4-8BDA-4da9-928F-85B781D14171}.exe
        C:\Windows\{750841C4-8BDA-4da9-928F-85B781D14171}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3764
        • C:\Windows\{634BF83C-6F35-4b22-977C-8F77F578BF92}.exe
          C:\Windows\{634BF83C-6F35-4b22-977C-8F77F578BF92}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:644
          • C:\Windows\{0D1FCE66-4D96-4655-BC60-54DFBB6C693E}.exe
            C:\Windows\{0D1FCE66-4D96-4655-BC60-54DFBB6C693E}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3492
            • C:\Windows\{35826BE2-185F-438a-A5A3-F90959279A66}.exe
              C:\Windows\{35826BE2-185F-438a-A5A3-F90959279A66}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2576
              • C:\Windows\{F536B8D0-9D1C-4915-8122-3EAA4BE7AE41}.exe
                C:\Windows\{F536B8D0-9D1C-4915-8122-3EAA4BE7AE41}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1724
                • C:\Windows\{A641F1A5-D3FF-4810-8C82-20F2CA0F071A}.exe
                  C:\Windows\{A641F1A5-D3FF-4810-8C82-20F2CA0F071A}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4996
                  • C:\Windows\{2DB326AA-17CC-4dba-9935-01FAE7BA11ED}.exe
                    C:\Windows\{2DB326AA-17CC-4dba-9935-01FAE7BA11ED}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2972
                    • C:\Windows\{CB8ACE2D-37A6-4e26-8DCC-9BA40FE75F1B}.exe
                      C:\Windows\{CB8ACE2D-37A6-4e26-8DCC-9BA40FE75F1B}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:332
                      • C:\Windows\{4F3F0428-099D-4160-934C-546FCBA1DB2B}.exe
                        C:\Windows\{4F3F0428-099D-4160-934C-546FCBA1DB2B}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4044
                        • C:\Windows\{F67E94F4-C122-4a0a-8FCA-B2180C33D450}.exe
                          C:\Windows\{F67E94F4-C122-4a0a-8FCA-B2180C33D450}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3176
                          • C:\Windows\{A2A3539A-567F-438a-97CB-7995452A3466}.exe
                            C:\Windows\{A2A3539A-567F-438a-97CB-7995452A3466}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:1636
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F67E9~1.EXE > nul
                            13⤵
                              PID:2024
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4F3F0~1.EXE > nul
                            12⤵
                              PID:3364
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{CB8AC~1.EXE > nul
                            11⤵
                              PID:2648
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2DB32~1.EXE > nul
                            10⤵
                              PID:3916
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A641F~1.EXE > nul
                            9⤵
                              PID:3104
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F536B~1.EXE > nul
                            8⤵
                              PID:4856
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{35826~1.EXE > nul
                            7⤵
                              PID:4528
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0D1FC~1.EXE > nul
                            6⤵
                              PID:4180
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{634BF~1.EXE > nul
                            5⤵
                              PID:1580
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{75084~1.EXE > nul
                            4⤵
                              PID:2648
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D0B12~1.EXE > nul
                            3⤵
                              PID:4068
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2752

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0D1FCE66-4D96-4655-BC60-54DFBB6C693E}.exe
                            Filesize

                            168KB

                            MD5

                            52390165e851ca83a648d08900f191e6

                            SHA1

                            c93f5b344fd471fb4389c879b42dd1b1a44e0c64

                            SHA256

                            6071d739f474c9d1ebfa7d0b7ed98c4b554445b78508cbb7c20ee6efead5f507

                            SHA512

                            dcc36108957270a27fae13571c750a9680971252e25969951ca2ce3e4850190c56d83f2e38611b7b5a32b8c63b58dfbae2dc6274aff2ca229e3cf864c4d88eea

                            Download Submit

                          • C:\Windows\{2DB326AA-17CC-4dba-9935-01FAE7BA11ED}.exe
                            Filesize

                            168KB

                            MD5

                            4770bcb67783781d45051768f2d39394

                            SHA1

                            ea769a718712d085776ad532199e18eb0eda33b5

                            SHA256

                            eac1ad9c51c989f4636c89150c3f91f78ce880b0740e4fbe75a3173447710b32

                            SHA512

                            6f510096f921f4c161b9a92f103c4006118cbbc6d3f19b3f34b0ad1a897a8b49a20812ea0ea199f54e5457d265bee4ecd973e0384193dd9116d69900a661bf31

                            Download Submit

                          • C:\Windows\{35826BE2-185F-438a-A5A3-F90959279A66}.exe
                            Filesize

                            168KB

                            MD5

                            0f6b813097d94e1dcd7c451d73e5916f

                            SHA1

                            a7c42d572cfc11f6787089d653d4489a9a0c14be

                            SHA256

                            41c2049bd819b46495b91aaa642fb5f0bc3c23d6b5d4ba2a175b1d0b75e5a9f3

                            SHA512

                            ee552db9dae4faa3e96edaaeadd93d7d0bd1eed30f0e6b851bd3831636d6d4fa291ba1bc30b25e6237b2ec6912628868a13b06568b20fbe2b3e95976852da841

                            Download Submit

                          • C:\Windows\{4F3F0428-099D-4160-934C-546FCBA1DB2B}.exe
                            Filesize

                            168KB

                            MD5

                            453fe3a9291ae5ce93db42c116a13e1e

                            SHA1

                            d525f97fd543e24cd295c9a14caae485b8c0f5af

                            SHA256

                            052ca464b984bc21de749f3a6b631ce51222a63878e543a57676cb1822447930

                            SHA512

                            aaa3d26638f2e4c739735bef6f75bfb987578b099ec74482308a603adaf3afb7dab5635918f43f086d0288d591b9d6ea1968405f1bed023d7bd16aed458d2155

                            Download Submit

                          • C:\Windows\{634BF83C-6F35-4b22-977C-8F77F578BF92}.exe
                            Filesize

                            168KB

                            MD5

                            c6a12d09cf31f87f05bc98c455831b9b

                            SHA1

                            398cd503da06f1a83ae4f12adc25b5b8e035dd24

                            SHA256

                            2e393b9fa395089f452b7dcee2d847abd9462a3e1e0ebb7f40a990dcdf9fb2f4

                            SHA512

                            f4420ea8a882d5ccdb93b03e64dd5b3de42b8f0bf5bff5a507dadb3adfe1e578c5aff6062ccae122aacc8c97fbd86d8d07ceb061fa57d5d90db0560917740807

                            Download Submit

                          • C:\Windows\{750841C4-8BDA-4da9-928F-85B781D14171}.exe
                            Filesize

                            168KB

                            MD5

                            ceb3f79d420408b4808833140a126bbe

                            SHA1

                            270f62975fd9e9644ec0ad058d9ed2e1cd902304

                            SHA256

                            35d5463ee2b956971cfa438ce12831d0c99e24a3eb1caa8eb51076f4020728fa

                            SHA512

                            6f69a354a9d5001ce46dfe13295427492178b378c6c9f5f8bd544aec8c4d4935ea9fcac4d9aaf754267ddaa2fdeb82276b6647e9e51e9e524caab38174409017

                            Download Submit

                          • C:\Windows\{A2A3539A-567F-438a-97CB-7995452A3466}.exe
                            Filesize

                            168KB

                            MD5

                            a7192eb92aed6bddd08c2124e295e00c

                            SHA1

                            92db3a79b1ef159515ec247c4ccff8cd9d445730

                            SHA256

                            ecf058fdb7a93e6b880bcca23f6b9247abc7ccf9439492d8e993d279cd4beda4

                            SHA512

                            c14388e83f5f79d7893b4fa31a54da5f6be9f281a298f36177e61a22c4b55c319652a7ef71635b20055648031fe6ab4b558124e4f246ecb02d97bd3e7dd22066

                            Download Submit

                          • C:\Windows\{A641F1A5-D3FF-4810-8C82-20F2CA0F071A}.exe
                            Filesize

                            168KB

                            MD5

                            909485da20af486c79c12afcc0aa67f2

                            SHA1

                            a1fb3a0bdfd02323e33833bd1ee05c7d77e8dbfa

                            SHA256

                            08800d9c0b4daa7c6167519e3aaeaaeed142f5182170c9af78a4689c1bf67988

                            SHA512

                            182c635a381abcf7662042ecb5f1a6c9bce590701eae9356b6d18ee53703c18b3cf460c0621357da60db85b1616b084e92a4858524357cdad99f991117107485

                            Download Submit

                          • C:\Windows\{CB8ACE2D-37A6-4e26-8DCC-9BA40FE75F1B}.exe
                            Filesize

                            168KB

                            MD5

                            3476e1c9353451a83ec57c9d99e16cca

                            SHA1

                            5f7cfef8a0288f9342912fbbef78b00b7dc782ca

                            SHA256

                            19acf9ea5d0328767e83b394914c4804ffdf6c208085aca22b29d912ac2be9ac

                            SHA512

                            35d26d46956698faa25abaabf2a41dc9f1e14b0d41dd8397889a1ab1eea6aa8924b0e33d5566f32bd087420802c83794f2df335c2322c6d221450485c0f7c87c

                            Download Submit

                          • C:\Windows\{D0B12878-DF0A-4b57-BBC4-4EEB877B9763}.exe
                            Filesize

                            168KB

                            MD5

                            f16658aa33ada15c8c7ba48e861b1d2d

                            SHA1

                            a8664433daa709db00c254b4612d0fa685692236

                            SHA256

                            a8369cbb8de3ba203852095a7be7a6320b9e316a90d21990d4baafe5780cd249

                            SHA512

                            49d5a1dce33a9d9cf7ec3e39e67be12362a581ccb0d244a9aa63925be0b91ea5119628264a2caa4461f77d19bccd66a7d06cb69f27a8def1ec1f0cc7033b55a3

                            Download Submit

                          • C:\Windows\{F536B8D0-9D1C-4915-8122-3EAA4BE7AE41}.exe
                            Filesize

                            168KB

                            MD5

                            cb7256755336e7e4daad33bb808156f8

                            SHA1

                            33d11ee5a999cc23e3475d2e7162ceeb8778f238

                            SHA256

                            2fb95a0d2f98ead22cd4850280072be40785e316a086172b37e7b3201bdbc544

                            SHA512

                            01873cfbcdfe838b45959d137db1548261175f25b759d7c36225967e8de8db8ed5e1ddbcf7aa3f13491cae6182206804068400cc52b3969225c279d8cde9dfe0

                            Download Submit

                          • C:\Windows\{F67E94F4-C122-4a0a-8FCA-B2180C33D450}.exe
                            Filesize

                            168KB

                            MD5

                            ad2d9d07211d63e76822abce05083e2b

                            SHA1

                            58b123ab97efd5d4e65babab27998a8d43e52f1a

                            SHA256

                            2765a849fdf59ed048f682e695fc37a97a24bd4c6195019525d342434438ba9f

                            SHA512

                            26bc2f33def18c50c96033fddb307decdc52cc760910f38bf2421890debc4aee3bc048440c52c27e81f31d3cc4dfaea284342eb234e9663e91b6878f1cc21c8d

                            Download Submit