Overview

overview

10

Static

static

10

2024-06-14...ye.exe

windows7-x64

9

2024-06-14...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-14_73809c92ced956e3951db1d789db4afe_goldeneye.exe

  • Size

    216KB

  • MD5

    73809c92ced956e3951db1d789db4afe

  • SHA1

    1bcc10c25b3f91a3584427fe6cce10dc939df888

  • SHA256

    fbff0538e269160091e723f0fcd080efc71435b443c775585d8e6aca9a3280c1

  • SHA512

    e2c2d2a306f0bdec4f3a2374dbaef9c50e55e4ceb8d8bb1150a19cb0782fa36c26d003528866658d045a7c47dc82c57b6cac0f89fcf58907269d294a9ef40e93

  • SSDEEP

    3072:jEGh0ovl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGZlEeKcAEcGy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-14_73809c92ced956e3951db1d789db4afe_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-14_73809c92ced956e3951db1d789db4afe_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Windows\{802FBB04-38D3-44a2-8CEE-736269E7BEB3}.exe
      C:\Windows\{802FBB04-38D3-44a2-8CEE-736269E7BEB3}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4984
      • C:\Windows\{1441221E-0E57-4c8e-AEDC-FAB6A6EF2329}.exe
        C:\Windows\{1441221E-0E57-4c8e-AEDC-FAB6A6EF2329}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1328
        • C:\Windows\{4C1D3782-BC3E-4a17-81A1-CA9DFC0302D3}.exe
          C:\Windows\{4C1D3782-BC3E-4a17-81A1-CA9DFC0302D3}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3436
          • C:\Windows\{3ADD3C87-1C07-433d-B5DF-69AA50BE5F71}.exe
            C:\Windows\{3ADD3C87-1C07-433d-B5DF-69AA50BE5F71}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4364
            • C:\Windows\{F4274B0F-36F1-4b5b-913F-010B16C4FC8C}.exe
              C:\Windows\{F4274B0F-36F1-4b5b-913F-010B16C4FC8C}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1860
              • C:\Windows\{3DC450EA-E399-488f-A717-6834613D36CF}.exe
                C:\Windows\{3DC450EA-E399-488f-A717-6834613D36CF}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2916
                • C:\Windows\{67C3A941-0A5B-46d0-A67C-7B26F5E9A986}.exe
                  C:\Windows\{67C3A941-0A5B-46d0-A67C-7B26F5E9A986}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4576
                  • C:\Windows\{A8DD0BF6-5B39-4caa-818E-0E5CCA855ABD}.exe
                    C:\Windows\{A8DD0BF6-5B39-4caa-818E-0E5CCA855ABD}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:1828
                    • C:\Windows\{0DC5AE62-6D82-4594-9F20-E1570F3B7062}.exe
                      C:\Windows\{0DC5AE62-6D82-4594-9F20-E1570F3B7062}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4760
                      • C:\Windows\{22C47FD9-3664-4ca4-92DC-5A1CDD30AACA}.exe
                        C:\Windows\{22C47FD9-3664-4ca4-92DC-5A1CDD30AACA}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:3572
                        • C:\Windows\{856ED978-3E6C-458e-A0FB-08A6038FCC7F}.exe
                          C:\Windows\{856ED978-3E6C-458e-A0FB-08A6038FCC7F}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:888
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{22C47~1.EXE > nul
                          12⤵
                            PID:5104
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0DC5A~1.EXE > nul
                          11⤵
                            PID:656
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A8DD0~1.EXE > nul
                          10⤵
                            PID:2948
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{67C3A~1.EXE > nul
                          9⤵
                            PID:4940
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3DC45~1.EXE > nul
                          8⤵
                            PID:832
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F4274~1.EXE > nul
                          7⤵
                            PID:3852
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3ADD3~1.EXE > nul
                          6⤵
                            PID:3696
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4C1D3~1.EXE > nul
                          5⤵
                            PID:1944
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{14412~1.EXE > nul
                          4⤵
                            PID:2516
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{802FB~1.EXE > nul
                          3⤵
                            PID:4184
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:3000
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
                          1⤵
                            PID:3124

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0DC5AE62-6D82-4594-9F20-E1570F3B7062}.exe
                            Filesize

                            216KB

                            MD5

                            76afa1ba80699380193f39ee03f7ca49

                            SHA1

                            1256cfa431a56f18194bd3742d70ae4a567600e5

                            SHA256

                            9018dc859dc9ce04d28b65aec12afae8bf601ef77d5f109f5787576646d77867

                            SHA512

                            85b657801b7584ded27169e55df8b3b9355ec7b7dd8a7afb754dd0d7bc2803f1b348c340e22847b7a07a2ccb84215a9bbbb5d44d34cdad56c96010e17eaf8e1e

                            Download Submit

                          • C:\Windows\{1441221E-0E57-4c8e-AEDC-FAB6A6EF2329}.exe
                            Filesize

                            216KB

                            MD5

                            bc48d6c538e2c3732316a2d0a2d266ce

                            SHA1

                            2f6c2a7f966e0b6d6c58ade8e44d6e04251cd72c

                            SHA256

                            d8e3e1293d0399af881d932fbe9fc437fc552478cbeb2113be994bb5f75453f1

                            SHA512

                            11552401da1199a241f540f14bd1e5946b64dd552f44086995bf012881e28cc20160219650704dc8d5ffaa157ef3019d5425136665a4b6146420b194f0b0332f

                            Download Submit

                          • C:\Windows\{22C47FD9-3664-4ca4-92DC-5A1CDD30AACA}.exe
                            Filesize

                            216KB

                            MD5

                            67700d9395f69fd7a8c261be26586be9

                            SHA1

                            120282bd125443bd7bf955a19c74ee134b04cafb

                            SHA256

                            8153b94839fcac7dbfc771138522f1bfbb8d11316028c45d0f285ceb9043ca26

                            SHA512

                            56ebf4178a5d24bbc36f5bb8d3c98d8cbe06120804367244620deebc3a8fa02ff4dcd8c737813c07e49675320faaa5b27c40d2c2acf1a1b48547339f0aee5c6f

                            Download Submit

                          • C:\Windows\{3ADD3C87-1C07-433d-B5DF-69AA50BE5F71}.exe
                            Filesize

                            216KB

                            MD5

                            5211cac53761d1de552a0c760f114a67

                            SHA1

                            97064d4f483d6bac63d6d8d789af7e0dfde41ad9

                            SHA256

                            b0c8771cdf52f97e53f58521d9cc8fb63d11fba712b700dbfe405e7037765a62

                            SHA512

                            e38d3f9040952a3d3d80d60cc7b4936e1045cb95820aed6a2f4e72c7b26f1a535b4501a01db97cc61d7fcf8f71e7ae88a1f27b9d26c9d421ff18072d1ca0f981

                            Download Submit

                          • C:\Windows\{3DC450EA-E399-488f-A717-6834613D36CF}.exe
                            Filesize

                            216KB

                            MD5

                            c6b63ad72255253273abbdc18315139f

                            SHA1

                            dec66a81804e52a433717d19d4ebce85b2fba9b2

                            SHA256

                            64f616c96938ac9d8b219441a7a58120dbf39d9c6a5452ef93ba25559e094089

                            SHA512

                            a2612ffea50c736f855deff45f424c92878391aadc83c51901b1d07a831b8d077e1be00583b4c71b2d01cc252c5adc37968de432d5d7c1ff2393fd574ca506c7

                            Download Submit

                          • C:\Windows\{4C1D3782-BC3E-4a17-81A1-CA9DFC0302D3}.exe
                            Filesize

                            216KB

                            MD5

                            53cbe995b55a065c5b93fbf71b335d23

                            SHA1

                            044e0df982de2f6d9f9af1c14069c38c7419c22f

                            SHA256

                            7d7194f44dcdddebd6098c06efcee6ea3359a12a7913fad1eb7a29b520d4394b

                            SHA512

                            a5f48f0d88ae4ad4abee4801207e21b57ec2f95fd884a1717f2b074c446d371f694164f9528800c981ee3298b5761b7fbfe9907bc3692c1c9f6d85ec6c4498be

                            Download Submit

                          • C:\Windows\{67C3A941-0A5B-46d0-A67C-7B26F5E9A986}.exe
                            Filesize

                            216KB

                            MD5

                            d2c4bba36f35f8f35f3cb85d43fbaa9f

                            SHA1

                            8a8a10769fad0218f0bb70b6dc9998527d23be9e

                            SHA256

                            e24c05046bd87e88ac3104185aff98f4c5b26523c96911f5875de88a4dd902f1

                            SHA512

                            7c32b30ace20102c6268acf2f1c57abe1b15f452a4881a2aec7f37591f15023dbcebfa70a3a9bdab4f0271cc4ffd7f623a8a33acd414ca426c7f3a9b52e8b54d

                            Download Submit

                          • C:\Windows\{802FBB04-38D3-44a2-8CEE-736269E7BEB3}.exe
                            Filesize

                            216KB

                            MD5

                            88d06efbd52d9329455462cfabe23fcc

                            SHA1

                            b2cb9ffd7535447f48b1f76b6372fed9dfe750c9

                            SHA256

                            b915c57dce248edde26de8b87b2d5c010f2c088c3a6904eef411c65a91f87846

                            SHA512

                            0e394a754de080c64bb3a62d7d87708853cbc480817f14b379e18a8ce3ed0541ee82c23cbfb6c61b18cbd87455f77366867ac2a24fccf15d986be5fd6dd80cfb

                            Download Submit

                          • C:\Windows\{856ED978-3E6C-458e-A0FB-08A6038FCC7F}.exe
                            Filesize

                            216KB

                            MD5

                            467cd8eccbfad846397036c901cb1c75

                            SHA1

                            22e98f0bc90cb9f4df84d35bbb254c2ef3f25bfa

                            SHA256

                            63f8a088acbf43978d7330d802a330a7a40aba0738459b69edaa229caebfe2b5

                            SHA512

                            85d047363c026b54d267449780e881ad4b4528d2de7b15643410e4e3af8b0eb41d84823225cebe8e0046b9d5beaf8c0bbdf312834718a510a8c09ca1ee68e36f

                            Download Submit

                          • C:\Windows\{A8DD0BF6-5B39-4caa-818E-0E5CCA855ABD}.exe
                            Filesize

                            216KB

                            MD5

                            d1ad1e285e9e1e9c2634e920bb8ede14

                            SHA1

                            8320918f413ee60f2b8ebc89a9d487d6bfe572a7

                            SHA256

                            ffb8aa96088d5562600ef5ede76b11dd68fbd5be957264e1053dd401ca80ded9

                            SHA512

                            80157a9c0e30913e42e236fd88d715b284908d5a8ca6922c0044a5338d1d2d2b39b8db271ccf9a2d96ee5d9b2afb915f0e1f400677c64ef21f8d300349aa2587

                            Download Submit

                          • C:\Windows\{F4274B0F-36F1-4b5b-913F-010B16C4FC8C}.exe
                            Filesize

                            216KB

                            MD5

                            2de8c1e36d6be49afa3fbfd7fb70f8a4

                            SHA1

                            d68b4693bb514cb8bf4f9ae48802a695da019793

                            SHA256

                            64eb06569d78b0380038fa4f4bf1c4d4a22c6f25f5dc794ee438e88bc49a6886

                            SHA512

                            b73b6125618f182c09b535cf2a29edbeda110e59198a570a872401d383c44915c08c4fa0f8739b22227f8e00aff93a7566e6edc5b95926db7faf6ec701ec12a4

                            Download Submit