Overview

overview

10

Static

static

10

2024-06-28...ye.exe

windows7-x64

9

2024-06-28...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-28_9421dddd2256278f0e862c746326243f_goldeneye.exe

  • Size

    408KB

  • MD5

    9421dddd2256278f0e862c746326243f

  • SHA1

    2238135bb88162c83486a0c7a34b864e7ab5fdbd

  • SHA256

    8e19cfd59bc2b47e7e584b6c4953f22db1c9e6e2114e50ad4ab358181ede7311

  • SHA512

    72aec33149a3df420c1176883be8417cb5d252e2981d6a73b4f77b01258194a33126b61881a0df306b2d012637ac831d3b2c5baa49f4a4f5da3af0a594b3f811

  • SSDEEP

    3072:CEGh0ocl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGqldOe2MUVg3vTeKcAEciTBqr3jy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-28_9421dddd2256278f0e862c746326243f_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-28_9421dddd2256278f0e862c746326243f_goldeneye.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Windows\{E8D5B7A0-31CD-46ea-A343-B23E96B1B573}.exe
      C:\Windows\{E8D5B7A0-31CD-46ea-A343-B23E96B1B573}.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5004
      • C:\Windows\{F6815DE3-EB9C-46a6-B2AE-E62D0E9C135E}.exe
        C:\Windows\{F6815DE3-EB9C-46a6-B2AE-E62D0E9C135E}.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4660
        • C:\Windows\{E28CEE72-6111-4530-9D2C-2CB6FAAEA906}.exe
          C:\Windows\{E28CEE72-6111-4530-9D2C-2CB6FAAEA906}.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:844
          • C:\Windows\{E4AD9058-C7A2-4cf6-9A0C-F048F2AD1C81}.exe
            C:\Windows\{E4AD9058-C7A2-4cf6-9A0C-F048F2AD1C81}.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3504
            • C:\Windows\{0CC86CCE-C28E-439a-95D4-2D089E3D7F0F}.exe
              C:\Windows\{0CC86CCE-C28E-439a-95D4-2D089E3D7F0F}.exe
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1104
              • C:\Windows\{A80FF990-BD5B-4297-A785-E198886DC6AD}.exe
                C:\Windows\{A80FF990-BD5B-4297-A785-E198886DC6AD}.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2584
                • C:\Windows\{95D7C828-4FB6-4b4a-B5FF-43900FE6C3B1}.exe
                  C:\Windows\{95D7C828-4FB6-4b4a-B5FF-43900FE6C3B1}.exe
                  8⤵
                  • Boot or Logon Autostart Execution: Active Setup
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:796
                  • C:\Windows\{2A1D6C57-D403-4fc7-ABD4-C6322045A8EF}.exe
                    C:\Windows\{2A1D6C57-D403-4fc7-ABD4-C6322045A8EF}.exe
                    9⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2548
                    • C:\Windows\{323ABC6E-70CF-407a-85BD-B645731C2D55}.exe
                      C:\Windows\{323ABC6E-70CF-407a-85BD-B645731C2D55}.exe
                      10⤵
                      • Boot or Logon Autostart Execution: Active Setup
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3732
                      • C:\Windows\{F07E38B6-3A75-41f2-BD81-00CF91D7906A}.exe
                        C:\Windows\{F07E38B6-3A75-41f2-BD81-00CF91D7906A}.exe
                        11⤵
                        • Boot or Logon Autostart Execution: Active Setup
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4296
                        • C:\Windows\{8DB9AD94-AF59-4ed4-8897-F409789B444D}.exe
                          C:\Windows\{8DB9AD94-AF59-4ed4-8897-F409789B444D}.exe
                          12⤵
                          • Boot or Logon Autostart Execution: Active Setup
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3016
                          • C:\Windows\{ED8FFD03-1C4B-48c8-94F0-05C65952A26A}.exe
                            C:\Windows\{ED8FFD03-1C4B-48c8-94F0-05C65952A26A}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:4388
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{8DB9A~1.EXE > nul
                            13⤵
                              PID:1356
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F07E3~1.EXE > nul
                            12⤵
                              PID:1656
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{323AB~1.EXE > nul
                            11⤵
                              PID:4636
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2A1D6~1.EXE > nul
                            10⤵
                              PID:4040
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{95D7C~1.EXE > nul
                            9⤵
                              PID:4360
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{A80FF~1.EXE > nul
                            8⤵
                              PID:368
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{0CC86~1.EXE > nul
                            7⤵
                              PID:1936
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E4AD9~1.EXE > nul
                            6⤵
                              PID:4972
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E28CE~1.EXE > nul
                            5⤵
                              PID:3496
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F6815~1.EXE > nul
                            4⤵
                              PID:1400
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E8D5B~1.EXE > nul
                            3⤵
                              PID:3164
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:696

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{0CC86CCE-C28E-439a-95D4-2D089E3D7F0F}.exe
                            Filesize

                            408KB

                            MD5

                            cad781c085dca6426fe600cf24db7483

                            SHA1

                            7ca9187454f561fd769e490637273ac7e00ac936

                            SHA256

                            329b1710b1abb8274f6c54f71e1cab952ac766f0824bdbd84117e3b42dcc6d5c

                            SHA512

                            ea8d85b55eee4761e1668d585e6f4d7336bc9641648205f08fc45cdaeadb027703ccba277f95c4009cac026008dad400adf863d99f3d17989e8d55e1e9c5aea2

                            Download Submit

                          • C:\Windows\{2A1D6C57-D403-4fc7-ABD4-C6322045A8EF}.exe
                            Filesize

                            408KB

                            MD5

                            81a7303eaeb0017699977c273c0e6dff

                            SHA1

                            d6e80aac249e23de8269bd225e8069e065879668

                            SHA256

                            064b743c36539b551a87b504fd75d27c27882af251492851d15a4a2086020204

                            SHA512

                            5a27ffc950f20b829cb630830d3cc0174f8f03beb92a49e4e8f929095f17be6cc723c73cfb4b08272bdf82546d60ac42d8c19bbcbc919b004fe2d219826f4239

                            Download Submit

                          • C:\Windows\{323ABC6E-70CF-407a-85BD-B645731C2D55}.exe
                            Filesize

                            408KB

                            MD5

                            799d66c473a0b15fbf9c717f57730a7f

                            SHA1

                            891d6c7b05e5bb2614c830ca138c902d8200df91

                            SHA256

                            271559770be97b46656d4284c72d1c5fe7ce5bad08aba0322a3a77ca81f5c6d2

                            SHA512

                            f8e6a9788ece1305329a0b9a0ae1114939a54e753e0a7bde9b99842501739e323b99d9db6533933adffd5a6bc10f6381c7dfda1a024a844f0b7505970565a6f3

                            Download Submit

                          • C:\Windows\{8DB9AD94-AF59-4ed4-8897-F409789B444D}.exe
                            Filesize

                            408KB

                            MD5

                            91dd558d668e6d8a9089a7c86140aa6c

                            SHA1

                            3794379666716b3cd9f93ebd5a1dd90a01390517

                            SHA256

                            dca0eb3e10c51f78ac1ca799898a9cfe44741aeca026c33cf93f5d0525f895f3

                            SHA512

                            875e407f62f1ab026cc275a82f58709eefdd7400f12c122ca619f778486a507263d5fbd7994cf0352002c7530eb229e8703c78edef5dc11936d7c40698631dc4

                            Download Submit

                          • C:\Windows\{95D7C828-4FB6-4b4a-B5FF-43900FE6C3B1}.exe
                            Filesize

                            408KB

                            MD5

                            eb5edb48088236cf314340653217ffe3

                            SHA1

                            9ec4e9edc0edea72e3bd55515f8c9358d39688a0

                            SHA256

                            fc7c47230d0df02e45bfde668ca16d8b0a335b58d77f34c64d86e492a0adf36b

                            SHA512

                            ca736d4b22896c142952f35cd6856ffbf9f3674453e3fcf4decbf949c2733ec42c513ff6df545ae494541c74a3c4d8528abe3ab88a310ecb2540e60221a1ed02

                            Download Submit

                          • C:\Windows\{A80FF990-BD5B-4297-A785-E198886DC6AD}.exe
                            Filesize

                            408KB

                            MD5

                            6a019050ee0863188564b710b65872c6

                            SHA1

                            bf1cd8fc52565a894fbc4faaee387e7d477ae6c2

                            SHA256

                            5df35bc94d2d9eb50f235712c3d51464bac69fdba821b67b245a7830a0c20e77

                            SHA512

                            ac122ac2d1394ec547ac2cbad24a6877cd389fbce82f85783a434be7898b97a5f4341755e60683c05d5f35fc6e1bcaefa95a6c6dfc8e50c0b8026118f2ab885c

                            Download Submit

                          • C:\Windows\{E28CEE72-6111-4530-9D2C-2CB6FAAEA906}.exe
                            Filesize

                            408KB

                            MD5

                            6d423c9cdf59ead17dfbd44dfff7191b

                            SHA1

                            122f27cc0c66887356f729af376dba89628d6f5d

                            SHA256

                            2c2b2493735e535a76adff74a5773f911d6780cfcd3093201691037fdc6f1c35

                            SHA512

                            c0b63191148617af4af1b7976b7e8102b4dccd7daa30220844caeb78c28756126c850e32fbf92bfecbe0e33767a2bb1acf8acb0d65018152046686faaa8acbd4

                            Download Submit

                          • C:\Windows\{E4AD9058-C7A2-4cf6-9A0C-F048F2AD1C81}.exe
                            Filesize

                            408KB

                            MD5

                            ac73dc3a90070fe7b3c1396b762417f5

                            SHA1

                            96b62011e430ba9626b83dea215482bf95ccd156

                            SHA256

                            2060d0d50c45582774b37ff8c2bfae7021596e069dab8ee79ffb79619dd112aa

                            SHA512

                            c2d776e5adbe0a0ee86c442c4349f056f42a013c7642b6e5526be97a308787abcfa6ed16ab0f267e5f2c02e86437507d6dce584078dd25393b9a5e5a6a52fb15

                            Download Submit

                          • C:\Windows\{E8D5B7A0-31CD-46ea-A343-B23E96B1B573}.exe
                            Filesize

                            408KB

                            MD5

                            cc9efbe64bc525cb9bf7ee83dfe01c06

                            SHA1

                            55f610a600a0d58cedde0769a35ee1f8d772f7fe

                            SHA256

                            da3c3d3647cd1653551a4a080ed6213576a4312ee402659ce002d3c0f78fbf62

                            SHA512

                            fc5ff705eaea81b8c7952ded1532c7a9f298a0ac9a18ebc704f6f8ed90698ba96ce80102ba0be004339a9769efd89459a8389ce63e417b8bf1ae9f5e82d7fb9d

                            Download Submit

                          • C:\Windows\{ED8FFD03-1C4B-48c8-94F0-05C65952A26A}.exe
                            Filesize

                            408KB

                            MD5

                            0844e063d2bc42284b9f74c3952ac89c

                            SHA1

                            4e13f8b3cda1e1f28c610a083b64f715485e1b69

                            SHA256

                            ad4ff6d738a82e1b3bfafd0aa7d51d21d3e85e28e80f732d9dfc63db79f2d7f1

                            SHA512

                            c5712c527628b4eaa6489b21ebd55ec7eaf5a7ca0bc85f5ce67e9f0f280ee382a1e6f11f3043d967fca5bcd4b4d2bf68c446f2b719387d7d060eb13f8131e45e

                            Download Submit

                          • C:\Windows\{F07E38B6-3A75-41f2-BD81-00CF91D7906A}.exe
                            Filesize

                            408KB

                            MD5

                            247d0f254e5729af19ce36fbcf52668b

                            SHA1

                            862e9904f82b08a699dfb9d035bc0f50ad484c23

                            SHA256

                            b3e7ae0fe96f28e9204afb3e23a3debfe2d8768b6ddd715d45301605f4f8c747

                            SHA512

                            a686d1f6723abba1eca60d1ae26889ba8a7e9ec8745f7b4a22bef700e3f4c4c465842b84f70844559105829be2ea6b0e4e0eb276faef9c50902acc9aa31927c3

                            Download Submit

                          • C:\Windows\{F6815DE3-EB9C-46a6-B2AE-E62D0E9C135E}.exe
                            Filesize

                            408KB

                            MD5

                            f50feba0078f5a9afa1652c6aae3204b

                            SHA1

                            09fe4c26869bd35e9ff5202b6816e6e439dc3372

                            SHA256

                            272218e449f6ba57af25280b65675589059a90390fd39ec9c7709116d7d59f36

                            SHA512

                            463e09c75e0b7665b53188f8c9e3dcd54491cbc96309db1794261c5796d1546a0b2d84103e85905f23988fc8ef79d43dab69d901f7ea3b8b270a54b4ace7ffe4

                            Download Submit