Overview

overview

10

Static

static

10

2024-06-01...ye.exe

windows7-x64

9

2024-06-01...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 05:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-01_aad8dbcce138384b45cc793c0e96c2e5_goldeneye.exe

  • Size

    180KB

  • MD5

    aad8dbcce138384b45cc793c0e96c2e5

  • SHA1

    bdecdad5ea9d82519726354a97233e334958a987

  • SHA256

    dde49b4b65f0dab017a8f046e18a1b7e010a6aeb7e477cdfdb30594e2eb34eb1

  • SHA512

    f0d25f0c3efe00956730e1e426ad55a21318894dd82ebd33dab82e7dc3ea1a33f198f09486c616e987705343a8e18c4e146528ac7898bc74d931e74edf399c47

  • SSDEEP

    3072:jEGh0ohlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGPl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-01_aad8dbcce138384b45cc793c0e96c2e5_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-01_aad8dbcce138384b45cc793c0e96c2e5_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\{BA11751E-5248-4be0-A892-1A0C0B8BF8B6}.exe
      C:\Windows\{BA11751E-5248-4be0-A892-1A0C0B8BF8B6}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1336
      • C:\Windows\{776D19F0-A920-4b8f-B453-163492443C96}.exe
        C:\Windows\{776D19F0-A920-4b8f-B453-163492443C96}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Windows\{290D955C-12CC-4114-BAD2-33D12462F4AE}.exe
          C:\Windows\{290D955C-12CC-4114-BAD2-33D12462F4AE}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2840
          • C:\Windows\{6157BA8C-6133-4adc-B9BC-41545F8D94D3}.exe
            C:\Windows\{6157BA8C-6133-4adc-B9BC-41545F8D94D3}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2332
            • C:\Windows\{93166571-4A1B-4f05-9CC2-1F23BEAF82BC}.exe
              C:\Windows\{93166571-4A1B-4f05-9CC2-1F23BEAF82BC}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3000
              • C:\Windows\{8F187EB5-AD49-4aac-8A47-A0764EC9681A}.exe
                C:\Windows\{8F187EB5-AD49-4aac-8A47-A0764EC9681A}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2516
                • C:\Windows\{1C8BDC8E-F472-4e95-96C7-EC99F7791F5E}.exe
                  C:\Windows\{1C8BDC8E-F472-4e95-96C7-EC99F7791F5E}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1532
                  • C:\Windows\{72132E60-B685-45a0-8D3C-9DCA3DA42649}.exe
                    C:\Windows\{72132E60-B685-45a0-8D3C-9DCA3DA42649}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:776
                    • C:\Windows\{830DCA46-05C6-40e9-9C64-275BB397580A}.exe
                      C:\Windows\{830DCA46-05C6-40e9-9C64-275BB397580A}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:960
                      • C:\Windows\{38D133F2-7D11-46d3-9E76-1F4F2912F4CF}.exe
                        C:\Windows\{38D133F2-7D11-46d3-9E76-1F4F2912F4CF}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1472
                        • C:\Windows\{A4632A10-6206-44fc-B356-22574AA0E343}.exe
                          C:\Windows\{A4632A10-6206-44fc-B356-22574AA0E343}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1496
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{38D13~1.EXE > nul
                          12⤵
                            PID:2948
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{830DC~1.EXE > nul
                          11⤵
                            PID:2432
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{72132~1.EXE > nul
                          10⤵
                            PID:1840
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1C8BD~1.EXE > nul
                          9⤵
                            PID:1320
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8F187~1.EXE > nul
                          8⤵
                            PID:2860
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{93166~1.EXE > nul
                          7⤵
                            PID:1940
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6157B~1.EXE > nul
                          6⤵
                            PID:2996
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{290D9~1.EXE > nul
                          5⤵
                            PID:2844
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{776D1~1.EXE > nul
                          4⤵
                            PID:2612
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BA117~1.EXE > nul
                          3⤵
                            PID:2920
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2556

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{1C8BDC8E-F472-4e95-96C7-EC99F7791F5E}.exe
                              Filesize

                              180KB

                              MD5

                              e7b439dcd05d6eda87712e2d761de3b9

                              SHA1

                              18d12928385ab8b7f1d0ef94f21d91b4af63a33b

                              SHA256

                              48e642220562e85d60b68379c7cd53ab7356ccf2647f58427aa6ccb32e194bae

                              SHA512

                              c2b1d30aa1dbd3a1e273232790110ff1f89e6f9cd0d9ba1522444e662b50171473cf4711c5ea057f6d044d80b6890636c4ea7602f3f4d87e8fe3f01f775154f5

                              Download Submit

                            • C:\Windows\{290D955C-12CC-4114-BAD2-33D12462F4AE}.exe
                              Filesize

                              180KB

                              MD5

                              a15dc0bdaaca90b962696d078304357d

                              SHA1

                              7f9cd7ea9aa8e100f326f51b071d94ef8d32a9ae

                              SHA256

                              06fa59b13aec88109903c87c7b7dc4764205f39ede5ac644877560cae97aa87a

                              SHA512

                              6031a2d48e8cf583c97c8c55b875b767ea7e7ce46841271c69b64bf760aba4b234dd7bff586ed6627d22af602f84b123ee581bf6ba5f8859271018bf249bb48f

                              Download Submit

                            • C:\Windows\{38D133F2-7D11-46d3-9E76-1F4F2912F4CF}.exe
                              Filesize

                              180KB

                              MD5

                              ca8fbb6157344dffac28babcf891cfcc

                              SHA1

                              4f9261799199d75c8840af964924b15a3b8dfba3

                              SHA256

                              55f3c012dbdb5bdb14b165f86202fbf4384bfd4e21d2f4d0538b2ea0177a0ed3

                              SHA512

                              b577ed8d39b723b9f456f539431b7ecedc372d2a1840c55a1714dcd8c9195e74ff68b0eb6db2a9ab7490545524ee455446a8d3614dc17d4cfd1c77998b122f3c

                              Download Submit

                            • C:\Windows\{6157BA8C-6133-4adc-B9BC-41545F8D94D3}.exe
                              Filesize

                              180KB

                              MD5

                              cf1b5c8c5b3c47e5337ba3dad5d0e6de

                              SHA1

                              693557bfb07b64f56ecd68759143789ac5294220

                              SHA256

                              2b0558603e8e4c7191c020a7f6171662d0f2595c553e5bf7d9e2c7b07d349e55

                              SHA512

                              3869cc78ec91b39015b51a26e80a2a303b8a2761af61502fb3cc1d5dcbe480c137aac5bdbaab4da806b9edd45a21b48e04da4a68679b7b71d7e1f192ec5df123

                              Download Submit

                            • C:\Windows\{72132E60-B685-45a0-8D3C-9DCA3DA42649}.exe
                              Filesize

                              180KB

                              MD5

                              d03b694a958b5542af7f45edec03d91d

                              SHA1

                              3ac31d4b1f6c0a79ca74056f912d0fbd98dafe68

                              SHA256

                              0f6f83d46c1e4e37cf6959af3a75673a0f7412ae078e3417c60c8918b4729e68

                              SHA512

                              5484558980b948d87d0b4e9d6bf6944534cd0fc0daa29b77db9e4a2895bf8d32b97f3efe5626cfcaf423c1aed2229534f41e04a310c353a6c1ebd78e4e261bde

                              Download Submit

                            • C:\Windows\{776D19F0-A920-4b8f-B453-163492443C96}.exe
                              Filesize

                              180KB

                              MD5

                              5a3f83201b63fb41938c3a1e0ac83dd1

                              SHA1

                              2c643a9539df42d6319a7c938cd5f2dd53411519

                              SHA256

                              aafcbffc52d4c594b97b049dfd32f576f0cb8c20fbdce9d4af62e98c46d784ed

                              SHA512

                              b9e662f465c5db5b7837fe180729d72f16e6eb1955f59d0b85e7710dd445dca66feb78a4d54909ffb8e11b42eca12ce416cee590577190c6b17ae9676841585c

                              Download Submit

                            • C:\Windows\{830DCA46-05C6-40e9-9C64-275BB397580A}.exe
                              Filesize

                              180KB

                              MD5

                              6a629fa13c0ee20e36723836cffc36e1

                              SHA1

                              530da9e0d79e319ccda4dd97b66ac7420fa8cefd

                              SHA256

                              8dd171951eda1166cd7b930312660ead7d599c6518d49dc742e9ad79d13d3a33

                              SHA512

                              c947c72e815da00d470ac9fe6b0811495450cf8b21c1a51e7cb75f93d6820fc022605dbf79dacf9129aecb151a6baa32b18b2a8eef563588d22460db6e2d4e39

                              Download Submit

                            • C:\Windows\{8F187EB5-AD49-4aac-8A47-A0764EC9681A}.exe
                              Filesize

                              180KB

                              MD5

                              0fec45402f134e7d065eb39721200e98

                              SHA1

                              5e9ac37eedfe91da814f721c7e38566e56cbc035

                              SHA256

                              2cec2bfab00fa97b21fd3b15121f787b8970ad7d614d8c0a18fe0b23c8641ff9

                              SHA512

                              e84c90f874a66762fe21e7332e0309cb3c8902c92a40aea275f47ccbcf09704fc719abeb804dc02556a5fbdb98b85c96d6c2832f829306e6879dbec443d44e38

                              Download Submit

                            • C:\Windows\{93166571-4A1B-4f05-9CC2-1F23BEAF82BC}.exe
                              Filesize

                              180KB

                              MD5

                              14615f966cc6325d914e840a515fb5f8

                              SHA1

                              ba46d35ba6e1e437fb08d4ccc6076325888f0b9f

                              SHA256

                              b99ad4cd606baf4825639ca14f8177aeb7c2f1cb860cfe09f0939864f53f3ed4

                              SHA512

                              b632ed9fcce143c16102a52f91995260d10b5c698687a74b1127f70692e0d70c55e60de9e43ed72471f44b6f349fef198358797f61110f1f37ec094cddd5a650

                              Download Submit

                            • C:\Windows\{A4632A10-6206-44fc-B356-22574AA0E343}.exe
                              Filesize

                              180KB

                              MD5

                              c5d33f004d10f627850861e7a426e094

                              SHA1

                              31d73a83efd3a32951c992b4ebbc447ac5dfa751

                              SHA256

                              9237df83ae2ac7aad68f9f94c4a83de6a57f5e5465aae72ef4f089386dfa2ee0

                              SHA512

                              900449a3b54126289b37279ca731e5187c6e3b3de413924230200974f1c85611a2c5c496c1b7f7eedd3cdc277abb48e48909565559b7ac8e6b222a03a22909d4

                              Download Submit

                            • C:\Windows\{BA11751E-5248-4be0-A892-1A0C0B8BF8B6}.exe
                              Filesize

                              180KB

                              MD5

                              cff9c70b391626e4332c6fdc621a0bfd

                              SHA1

                              d2c285aa59b41924967a3cd3f2596d1928614519

                              SHA256

                              d80d99aec812fd470614c0868224048fa872873fb2046a9e817e2a5e97e900d1

                              SHA512

                              32172a1919b6c07fffa3d71408d2acf348420c2cff75e770ff505163511727a70a918f00761b51071a67afcf48d28be32494ceaee0f554cdced95583def5b663

                              Download Submit