Overview

overview

10

Static

static

10

2024-06-15...ye.exe

windows7-x64

9

2024-06-15...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/06/2024, 11:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-15_a2a279fa32b834ce1c07a447d6bd7d67_goldeneye.exe

  • Size

    180KB

  • MD5

    a2a279fa32b834ce1c07a447d6bd7d67

  • SHA1

    d4be69638bb09ac0f866daa941a4df86a57e6ef4

  • SHA256

    60dac2a67a382ae6abd327f10e327a77da52b65c89bbc2240c2581f9a3f61b63

  • SHA512

    234e733849b0aa6c941c9933ef71a1a12854c51b230ef6d89e791d96eb9780966079a786d511565996dabd53b9db70c8cb8721d9ef52c57c20dd0a4ecebbce71

  • SSDEEP

    3072:jEGh0oalfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGkl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-15_a2a279fa32b834ce1c07a447d6bd7d67_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-15_a2a279fa32b834ce1c07a447d6bd7d67_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Windows\{C82BFB40-B0A3-4b85-BA0B-E27353FB4988}.exe
      C:\Windows\{C82BFB40-B0A3-4b85-BA0B-E27353FB4988}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Windows\{B6278B4A-C145-43b8-90A3-294D6092BFEF}.exe
        C:\Windows\{B6278B4A-C145-43b8-90A3-294D6092BFEF}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2580
        • C:\Windows\{B1F3DED9-6C89-4b3e-ACEE-67F3197EECA0}.exe
          C:\Windows\{B1F3DED9-6C89-4b3e-ACEE-67F3197EECA0}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Windows\{C56331DD-D66D-4285-BE80-CA78A12C7677}.exe
            C:\Windows\{C56331DD-D66D-4285-BE80-CA78A12C7677}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1236
            • C:\Windows\{E80DA832-D2DD-42bd-BB7A-04AD086DED85}.exe
              C:\Windows\{E80DA832-D2DD-42bd-BB7A-04AD086DED85}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2764
              • C:\Windows\{6F16805A-70C6-4584-8EB1-DF7EA64CEB4F}.exe
                C:\Windows\{6F16805A-70C6-4584-8EB1-DF7EA64CEB4F}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1216
                • C:\Windows\{84CC8D1F-9031-45e7-9880-0183210B3EA5}.exe
                  C:\Windows\{84CC8D1F-9031-45e7-9880-0183210B3EA5}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2188
                  • C:\Windows\{BE86DD43-32D1-48a1-A168-80BA7307F664}.exe
                    C:\Windows\{BE86DD43-32D1-48a1-A168-80BA7307F664}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:480
                    • C:\Windows\{871D712A-9737-4b87-BD9D-50CCF857E935}.exe
                      C:\Windows\{871D712A-9737-4b87-BD9D-50CCF857E935}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1684
                      • C:\Windows\{858D5B76-7517-42ef-BE57-D4549034FC6E}.exe
                        C:\Windows\{858D5B76-7517-42ef-BE57-D4549034FC6E}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2200
                        • C:\Windows\{5ABD8FE3-E391-4573-98EF-86954D7D8450}.exe
                          C:\Windows\{5ABD8FE3-E391-4573-98EF-86954D7D8450}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1392
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{858D5~1.EXE > nul
                          12⤵
                            PID:856
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{871D7~1.EXE > nul
                          11⤵
                            PID:2208
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{BE86D~1.EXE > nul
                          10⤵
                            PID:2836
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{84CC8~1.EXE > nul
                          9⤵
                            PID:668
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6F168~1.EXE > nul
                          8⤵
                            PID:2700
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E80DA~1.EXE > nul
                          7⤵
                            PID:272
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C5633~1.EXE > nul
                          6⤵
                            PID:2788
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B1F3D~1.EXE > nul
                          5⤵
                            PID:1256
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B6278~1.EXE > nul
                          4⤵
                            PID:2668
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C82BF~1.EXE > nul
                          3⤵
                            PID:3032
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2564

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{5ABD8FE3-E391-4573-98EF-86954D7D8450}.exe
                        Filesize

                        180KB

                        MD5

                        fa1a6b90666058d86521d638781b3fab

                        SHA1

                        3cc2f9d6fb63e61653ee40ec347e55cf0c42541f

                        SHA256

                        300a9bde2a8cf9d472ee3b50d8e5025f54ba6f6b13b7857835ea9b5be2f982f9

                        SHA512

                        c62f30668025a2fd3df693e630c9ea58e2996fb2707231449394693e93effe9a66c48f4c0427efc0456caa8bdc5c54aac3649f8fae9fb3379894a8ef6bfaee77

                        Download Submit

                      • C:\Windows\{6F16805A-70C6-4584-8EB1-DF7EA64CEB4F}.exe
                        Filesize

                        180KB

                        MD5

                        564d9cafa9419c4700a357c0a31a4223

                        SHA1

                        8d37b0977a741fd12db5f92beb594830d2549d8b

                        SHA256

                        c1c8e51fe83bd57b21e63005be167709bb6566a782b4d55d36151bd4f5f752d6

                        SHA512

                        ce297661e99962c879e65868eb02eeddf1c5f0892c8d16cd6e71e3b9f8bb981fbbe0014eadd084239985ece01c0fe447b0816bec82f15ebcd614406a6b25e7b9

                        Download Submit

                      • C:\Windows\{84CC8D1F-9031-45e7-9880-0183210B3EA5}.exe
                        Filesize

                        180KB

                        MD5

                        42267a19cc380b930cdd73446b010c00

                        SHA1

                        117c8240c9c5cf3a8de7dc52a7dbe3a3f9351f8f

                        SHA256

                        b77d23404aa982d6de7f3c8047dc685f43ba81931ca721ab6d182f71d3f08f66

                        SHA512

                        f7a010eeeb2712fa1ad53b73352f7d50488da817ab065ffee39bdf14d236180354fc5b7679643385c36342925e31892a26320acdad3a6205977eebffa4749884

                        Download Submit

                      • C:\Windows\{858D5B76-7517-42ef-BE57-D4549034FC6E}.exe
                        Filesize

                        180KB

                        MD5

                        3a3f9059ba3f431fef5f7a93f713e02d

                        SHA1

                        b113adfc69cca5051c0af01bc60d84fcb0485207

                        SHA256

                        ac36b43e5c85c3ab15df0f6196e9c7ee905ec4255a9b0dd966dbc1ab14b13d45

                        SHA512

                        d9f3e7cbaf939fd9af73f6d29bb7f02b44156456e69cbe6b68cf0ef254e86cf58f9b69ae75a1dfa334ec043bb9884de2908d312067bb8b3020b248a66942c801

                        Download Submit

                      • C:\Windows\{871D712A-9737-4b87-BD9D-50CCF857E935}.exe
                        Filesize

                        180KB

                        MD5

                        e231e7a08092edc135293b1bfdd37320

                        SHA1

                        b22a39a393686a74a7c371cf5a8a6819ab4292da

                        SHA256

                        bbab0c2804019b339a585cdb77a097a7d1063aacd5e1b8783076a0b17e287b4d

                        SHA512

                        4f0bff1e0d34cd93ba8723cfedc37b88769e62af9ee9ed60b1f67c33476ecc424a3503fb5d51006f64d35f211462367758afe5baf77780e530c559ddd26571df

                        Download Submit

                      • C:\Windows\{B1F3DED9-6C89-4b3e-ACEE-67F3197EECA0}.exe
                        Filesize

                        180KB

                        MD5

                        db6b602d1c8b330342bb07de4f3c74e7

                        SHA1

                        be9ae9ad41c863267582eb721adccbe89c8d217f

                        SHA256

                        cfa422005c28b23048e02a485fa7ae2485926b0ea5fa1839cf12d0022a822fb2

                        SHA512

                        7cd52aec549e2b14f8f48277e143067eee247775c10394c837eecff167a8b9910a649a9add249b56f25d360c646f793ddd545d6ff64af48fb820ad6985e50f83

                        Download Submit

                      • C:\Windows\{B6278B4A-C145-43b8-90A3-294D6092BFEF}.exe
                        Filesize

                        180KB

                        MD5

                        95d5751eb91faaed282e63a871c9e812

                        SHA1

                        5d6aa0a3bd4cc5e25090158b183feb11b9a875f4

                        SHA256

                        e895c85bfc00ccab7be7c44f3ef6d2cecabc4f5559b7fa8a54a17870bff3121a

                        SHA512

                        12186e00836c0ce4a6fa1ce5dbbc8109ff1efdaa8c8f28d63770fc2efa7d0446ea6b00e82dd32ff63489c0ec3f5bb4fed6697e5f6590897dbd1cc5e13888ad5d

                        Download Submit

                      • C:\Windows\{BE86DD43-32D1-48a1-A168-80BA7307F664}.exe
                        Filesize

                        180KB

                        MD5

                        6da7072d400c51e83a405cbab89b793c

                        SHA1

                        8382848cff8f190231519d36b6d50129a69fd849

                        SHA256

                        48dd882e3472395dc047c33c0669f2a038bc4425c41b7e67451384952d4d2bdc

                        SHA512

                        6ff377ed572b4a25af4f1acc83787655ad478ee7ad67a2c2d08697248ba0435345723156c1cee1206985c8515f88d2d82801a11e34624fd42a7d3302c9bbfbfc

                        Download Submit

                      • C:\Windows\{C56331DD-D66D-4285-BE80-CA78A12C7677}.exe
                        Filesize

                        180KB

                        MD5

                        f41d6048840bfd0a610c79c42741f630

                        SHA1

                        686cee9500cf7c59024db1ec34d1b09e7f77db28

                        SHA256

                        6869fae8f2f34ca24dcb9bb92256724e5fd29f382ef35338aa84f4cb1f090802

                        SHA512

                        34bfa42ef8240d8ede16188d312f1b6214c09cf80efe61ae4573afc71b5fe6407d5bc1327bd7a5f4e98d683c1ec800b90fd72e06a287e88db97690ff126cdc98

                        Download Submit

                      • C:\Windows\{C82BFB40-B0A3-4b85-BA0B-E27353FB4988}.exe
                        Filesize

                        180KB

                        MD5

                        b596bd20025ad7c1fcdae99f68e96c23

                        SHA1

                        85b7bb82e670b9a8482355644891806d2ee37a28

                        SHA256

                        450fc5e600aa014adff75d2623eee32a1d6ee3460322f7102f4f2ed80bdc1ddf

                        SHA512

                        056db2f7b894b9d3ed7e0d9a4f2dcbf488371ce837471187a84be1bdd7e2c82596638ec87d7a8e9b34de63775d384dcd4c5e0bb69918a83dd0c12fe1241ff9ae

                        Download Submit

                      • C:\Windows\{E80DA832-D2DD-42bd-BB7A-04AD086DED85}.exe
                        Filesize

                        180KB

                        MD5

                        cd95ff1cae34c5f19d34123f23dfd6a5

                        SHA1

                        f1001aa37cb0eaee4640053da1dc9a40f774b349

                        SHA256

                        4d4c769682f03ffd35f171b38cc6e5083e3c0d4052a3432d205eb6937d825e0f

                        SHA512

                        964ff8037b0d8ce5966f3fce8b92ac81aa581721243d8850acc8ca34a5bf59da5d4cdfdd11b570c6cc37bd3054f7c9a2db40cd537c1af47cc455828db02b4c97

                        Download Submit