Overview

overview

10

Static

static

10

2024-06-11...ye.exe

windows7-x64

9

2024-06-11...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 05:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-11_8e9b385c64ee616c194650116e451269_goldeneye.exe

  • Size

    344KB

  • MD5

    8e9b385c64ee616c194650116e451269

  • SHA1

    3a7925d84cc6b09566c12d435a507aa50d338f60

  • SHA256

    4b7d8a2737d39247e1cd858b2b5db348d7e236e11f5e18a43ceb888c409df6ef

  • SHA512

    70e8309214949aafb2732c3f62654370a8a28d106306ffe1d7654e055a7a795b9dca5a0467f8ffebd18a303f8d7c7b4ef978d61045e248937e0fb7a0b93ddf3f

  • SSDEEP

    3072:mEGh0oilEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGMlqOe2MUVg3v2IneKcAEcA

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-11_8e9b385c64ee616c194650116e451269_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-11_8e9b385c64ee616c194650116e451269_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Windows\{285FAD9C-1CAB-4d17-A56D-A3737EC5A457}.exe
      C:\Windows\{285FAD9C-1CAB-4d17-A56D-A3737EC5A457}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Windows\{A3B10981-CC5C-4f07-B4E2-9F2533A96323}.exe
        C:\Windows\{A3B10981-CC5C-4f07-B4E2-9F2533A96323}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Windows\{8F8B6732-DB4E-4793-BA49-972922B19880}.exe
          C:\Windows\{8F8B6732-DB4E-4793-BA49-972922B19880}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2756
          • C:\Windows\{9D896D3F-DBE9-4219-918B-A3AB5DB6D65B}.exe
            C:\Windows\{9D896D3F-DBE9-4219-918B-A3AB5DB6D65B}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3036
            • C:\Windows\{DFEE77E7-847E-4968-AD4A-EF97F60BFFAA}.exe
              C:\Windows\{DFEE77E7-847E-4968-AD4A-EF97F60BFFAA}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2876
              • C:\Windows\{A714C2D1-BABC-4c36-970F-344C63A5C2CD}.exe
                C:\Windows\{A714C2D1-BABC-4c36-970F-344C63A5C2CD}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2772
                • C:\Windows\{22F08D84-9AF5-465c-98E6-D6390283CF3A}.exe
                  C:\Windows\{22F08D84-9AF5-465c-98E6-D6390283CF3A}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1548
                  • C:\Windows\{C9B179F4-43C3-4dd0-AAC3-DE7E04A88519}.exe
                    C:\Windows\{C9B179F4-43C3-4dd0-AAC3-DE7E04A88519}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1684
                    • C:\Windows\{F5C9C757-9CFD-44c9-B3C3-645AC28961C5}.exe
                      C:\Windows\{F5C9C757-9CFD-44c9-B3C3-645AC28961C5}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:468
                      • C:\Windows\{E65CB5BB-7010-42f5-85A8-6A9E51B2EC0C}.exe
                        C:\Windows\{E65CB5BB-7010-42f5-85A8-6A9E51B2EC0C}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:380
                        • C:\Windows\{19E6A950-4C54-4f57-B2DE-9767C83BCD7D}.exe
                          C:\Windows\{19E6A950-4C54-4f57-B2DE-9767C83BCD7D}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:752
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E65CB~1.EXE > nul
                          12⤵
                            PID:1480
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F5C9C~1.EXE > nul
                          11⤵
                            PID:2220
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C9B17~1.EXE > nul
                          10⤵
                            PID:1128
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{22F08~1.EXE > nul
                          9⤵
                            PID:1316
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A714C~1.EXE > nul
                          8⤵
                            PID:1428
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{DFEE7~1.EXE > nul
                          7⤵
                            PID:1848
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9D896~1.EXE > nul
                          6⤵
                            PID:2924
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8F8B6~1.EXE > nul
                          5⤵
                            PID:3052
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A3B10~1.EXE > nul
                          4⤵
                            PID:2776
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{285FA~1.EXE > nul
                          3⤵
                            PID:2672
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2620

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{19E6A950-4C54-4f57-B2DE-9767C83BCD7D}.exe
                        Filesize

                        344KB

                        MD5

                        d484d6ff61c36bc252d372789090056e

                        SHA1

                        d6af61e685b9b6e8ed236240342835f286e0ca16

                        SHA256

                        2a4773cf1a2c02f5d86c1aeb583cfefc0d5793d0b370abb20d27ffca21b45aca

                        SHA512

                        608243b385e12e59cb1c961681c5dc5a33ada01c9628ac1d3fc724f74bdb190582c588727fabccd268b2230a9c499bbd565fc40c635d947090458f7c0b807135

                        Download Submit

                      • C:\Windows\{22F08D84-9AF5-465c-98E6-D6390283CF3A}.exe
                        Filesize

                        344KB

                        MD5

                        d911628c78823ca1611d18fa760328e6

                        SHA1

                        592418eaf00565ccdddb1cc2efd6322e905b3210

                        SHA256

                        58dd0d40ed585d56edaeefd49464d33f32da004a8acbf2657208aa33d9a6ae17

                        SHA512

                        69338df5c69298abde0d870a75861c37f1c6840694b22afdd30147f7b3cb6a2bdff972036096cb5ad92bdbd6a7da483c46ac9e1dba57aa546f222e807a01ed01

                        Download Submit

                      • C:\Windows\{285FAD9C-1CAB-4d17-A56D-A3737EC5A457}.exe
                        Filesize

                        344KB

                        MD5

                        0b935ae6c7068d2553a333e5cbe86456

                        SHA1

                        2fc644ebb61901d77866feeedc1f93b206a1e5c2

                        SHA256

                        4456fa94714027ce38c03ca187f151ed138f2a453aa958b288de0a0e6cc5e2b2

                        SHA512

                        67ba9f91bb6034817a37d99d311f3b24d386ca00ba74c2a7e74cfae554f869b8e33c7f9814efe9b813301b06390536181bcead24556fd47a929c872a8300dd10

                        Download Submit

                      • C:\Windows\{8F8B6732-DB4E-4793-BA49-972922B19880}.exe
                        Filesize

                        344KB

                        MD5

                        7883c9178cff24ab9ea34d96e036f13a

                        SHA1

                        07e4af89b843acf2ff0faeaf3b27f5676454a4d6

                        SHA256

                        338f4942ecaae70e3a302fb4a523f3ad944a2fba49bca070d97d5a97f34ecc9a

                        SHA512

                        642c15f7d9906fcb2a494a49ab19eba5347e872a8a0a9ca59d3576f99a93b889d99fbb86544017255e5b9f2596ef55ad5f7e6615af1d069b82c54fc3ff0b72e7

                        Download Submit

                      • C:\Windows\{9D896D3F-DBE9-4219-918B-A3AB5DB6D65B}.exe
                        Filesize

                        344KB

                        MD5

                        2cfeb872d91106ee95df5e035b6fb70f

                        SHA1

                        23bb66b255ee4609bef8aa7daad126f82712e643

                        SHA256

                        d371b618936ecff9fdbe110228e83ba4939ead824307518dc1cc230692f9a9ec

                        SHA512

                        06c50412790aa67d65cca00c9dbb4cfaa3625e25a7a6b17a3b85e9774e051b5bd7bddb7e115eb45963708ef8a9f7abd30301a9ce67ad1e4750da4a9ff2ff7151

                        Download Submit

                      • C:\Windows\{A3B10981-CC5C-4f07-B4E2-9F2533A96323}.exe
                        Filesize

                        344KB

                        MD5

                        f3e146e8bff166dbf4181e6de5f358ad

                        SHA1

                        4f1a5a2abf748013970286574c2597a63f87a52b

                        SHA256

                        66fa92a32e8c4a658e1800a0da70534e3e2cd473ec4322a262a17e4a54a3116a

                        SHA512

                        6fab97fbbf66aff1436e581d978120efc4c92c42eec213a765754a8b79be319bce495712b5ba971bcb4961457970ce13720bc6f0997620ceb04fb04db28fced9

                        Download Submit

                      • C:\Windows\{A714C2D1-BABC-4c36-970F-344C63A5C2CD}.exe
                        Filesize

                        344KB

                        MD5

                        d9444b8a49e3cf0eb87838f0c0812011

                        SHA1

                        e1749c3815c1e5d097ebfb2dcb4604766abb9e0e

                        SHA256

                        002668eb2f81ec46c4bd7d65fd4ed4d464b4cfce024a73ff3d9d551485ea64b1

                        SHA512

                        14e7798a7dc301d1c57ec9bf9e08eb3172a190eaf98a831a78738f8413062b2deef3a562912b903eaef059132d616e10b903b73841f54e639b87920d15158d77

                        Download Submit

                      • C:\Windows\{C9B179F4-43C3-4dd0-AAC3-DE7E04A88519}.exe
                        Filesize

                        344KB

                        MD5

                        c03e28cdd671fe449f43067d961a7e7b

                        SHA1

                        e1d9b1e833daa7b6419e91dca789ad0b09d89594

                        SHA256

                        fa0672d8f9411fb4570a5faaf310249b51f8b16f5b5eb43eff78a0bede4ec602

                        SHA512

                        54923d660022113dc9a6091aa85f498393a69a15302d5eac0db8d3bb71acccfdd8d7831c3ec90a9c185632c60c966ab94f76408509c8a0fef905339ebd05d7ec

                        Download Submit

                      • C:\Windows\{DFEE77E7-847E-4968-AD4A-EF97F60BFFAA}.exe
                        Filesize

                        344KB

                        MD5

                        6469d49f47899d7017320cc339eaa114

                        SHA1

                        fe47bc62f5bf15e3dc514819010cb443b82b1cae

                        SHA256

                        5d8fc04920ff519ec8bccbc7412ca74ff4361c54e24c8cdec32e7c621dbb6b01

                        SHA512

                        64b84f663c174999ea3e96466d9eec6ac0807653ada82102eda84ed7f692072b946429ac41cac3a5be964450d3dea0f2e75b3585d8ae289b37db57d6c071962e

                        Download Submit

                      • C:\Windows\{E65CB5BB-7010-42f5-85A8-6A9E51B2EC0C}.exe
                        Filesize

                        344KB

                        MD5

                        6b513fed540fc9fe2293aa632ad77c9b

                        SHA1

                        bdb92e710255e0794fdf8e896865542487177f5c

                        SHA256

                        40c5c1483fe085b70d9f46bee9c9c68c464568811f31f200d3938d40c7039f06

                        SHA512

                        e27dd46d6868d569a4b6e5bc305abea01680b865402074dff40c0d9a4c718c0cbf1ac746dbc4fb947b94228aca00b2d24103d07f9ed2b434ebf7fccdb2b1a202

                        Download Submit

                      • C:\Windows\{F5C9C757-9CFD-44c9-B3C3-645AC28961C5}.exe
                        Filesize

                        344KB

                        MD5

                        bb9e88313b7c9494db37265dc1a0d688

                        SHA1

                        c64437126c9a82541f91d460aba8ada21befd8a2

                        SHA256

                        17e02ffae9aa2d8874762887a47b16cb96eeb7c322644db10b5124aa092af3f7

                        SHA512

                        057d433563304dd729199c4ba5e93c517c1f0bd4b46d0833db5b0358a9beef475fba4f55138d4ea443cd7b015a10cc4a5e3d795c2ecdda7fe34db3a158dabbc1

                        Download Submit

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.