Overview

overview

10

Static

static

10

2024-06-30...ye.exe

windows7-x64

9

2024-06-30...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2024, 08:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-30_89a13f46ca4dff7017918cab50c5ef8a_goldeneye.exe

  • Size

    180KB

  • MD5

    89a13f46ca4dff7017918cab50c5ef8a

  • SHA1

    27371619132c228b626eb84ce33acfd86c8387b9

  • SHA256

    09b0afd19d6eca63059543a218f0dc5cd79e0dec501214ae5b6941b5706fdfc0

  • SHA512

    999951ab6910b50b1ecaa26c0b73d1303c412ed3332d273cd86bdd951fa3f676db765c16dd139ee8a2b4c1cbd6efe83bcef59c16c7d18272413847b9c805570f

  • SSDEEP

    3072:jEGh0o1lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGHl5eKcAEc

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 22 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-30_89a13f46ca4dff7017918cab50c5ef8a_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-30_89a13f46ca4dff7017918cab50c5ef8a_goldeneye.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\{7E9E09C4-3C19-4263-AAC6-8DDDC75AC4EF}.exe
      C:\Windows\{7E9E09C4-3C19-4263-AAC6-8DDDC75AC4EF}.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Windows\{E12FCEA8-5BB6-4db8-990F-D9A478711D13}.exe
        C:\Windows\{E12FCEA8-5BB6-4db8-990F-D9A478711D13}.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2592
        • C:\Windows\{23497DCE-7D18-483b-991F-F4F0AABC62AA}.exe
          C:\Windows\{23497DCE-7D18-483b-991F-F4F0AABC62AA}.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2752
          • C:\Windows\{266E16C8-F58E-4d35-9411-20B702DA5A93}.exe
            C:\Windows\{266E16C8-F58E-4d35-9411-20B702DA5A93}.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2528
            • C:\Windows\{5915F0AF-50EC-4ec7-8428-F7A9D9B299F4}.exe
              C:\Windows\{5915F0AF-50EC-4ec7-8428-F7A9D9B299F4}.exe
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:936
              • C:\Windows\{349DCDA8-F06F-427b-B01F-59121ADEC831}.exe
                C:\Windows\{349DCDA8-F06F-427b-B01F-59121ADEC831}.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1688
                • C:\Windows\{B9B0695A-955E-4aa4-832C-4282DCFB6196}.exe
                  C:\Windows\{B9B0695A-955E-4aa4-832C-4282DCFB6196}.exe
                  8⤵
                  • Boot or Logon Autostart Execution: Active Setup
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2436
                  • C:\Windows\{4AA21FE7-BA02-4207-B512-FE35DD65DE8E}.exe
                    C:\Windows\{4AA21FE7-BA02-4207-B512-FE35DD65DE8E}.exe
                    9⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1524
                    • C:\Windows\{2DD6EA1F-013E-49cf-86F4-D46991D6D571}.exe
                      C:\Windows\{2DD6EA1F-013E-49cf-86F4-D46991D6D571}.exe
                      10⤵
                      • Boot or Logon Autostart Execution: Active Setup
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2964
                      • C:\Windows\{FA953496-BF35-486e-A8FB-ADA5EFF579C8}.exe
                        C:\Windows\{FA953496-BF35-486e-A8FB-ADA5EFF579C8}.exe
                        11⤵
                        • Boot or Logon Autostart Execution: Active Setup
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2284
                        • C:\Windows\{16383315-6FF7-41e5-BEE1-1057E6A5FB67}.exe
                          C:\Windows\{16383315-6FF7-41e5-BEE1-1057E6A5FB67}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1444
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FA953~1.EXE > nul
                          12⤵
                            PID:1424
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2DD6E~1.EXE > nul
                          11⤵
                            PID:696
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4AA21~1.EXE > nul
                          10⤵
                            PID:2276
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B9B06~1.EXE > nul
                          9⤵
                            PID:1628
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{349DC~1.EXE > nul
                          8⤵
                            PID:2780
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5915F~1.EXE > nul
                          7⤵
                            PID:1312
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{266E1~1.EXE > nul
                          6⤵
                            PID:2672
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{23497~1.EXE > nul
                          5⤵
                            PID:2492
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E12FC~1.EXE > nul
                          4⤵
                            PID:2740
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7E9E0~1.EXE > nul
                          3⤵
                            PID:2656
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2416

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{16383315-6FF7-41e5-BEE1-1057E6A5FB67}.exe
                              Filesize

                              180KB

                              MD5

                              2405cea7dd82977cea535e1c1d39fbff

                              SHA1

                              4c3d5c1e1ea3d1234394d895433039984277ae07

                              SHA256

                              42a6a304e3080b311a4a55e9a578b6842b6af019c9e3f8810f5298872392f73e

                              SHA512

                              9a271104ad6207bc878bc5646d3711bedd620b872e660d2d297bfba45fb359ebd8d6313fe904020193d7481c83c6c3227ad3839e6dc8e60b109ba66e51c659d4

                              Download Submit

                            • C:\Windows\{23497DCE-7D18-483b-991F-F4F0AABC62AA}.exe
                              Filesize

                              180KB

                              MD5

                              7053d6b372fbecc146728ac2ee11ea2e

                              SHA1

                              bbb9b05ec05478f2fb49fd7786b3afcaba04a607

                              SHA256

                              b69203e8ce434a949abade6cacc1cdb01bbe8f477510094f7b14c2544a408886

                              SHA512

                              2c7de7bc1bbf92a709b2b4d9376fa97a7bda79c58cc88d811f4df7405fe9889ad44524cdeee6da48f7c0042ba8aae0b8738f313dc460652d40345bd8851c2ad6

                              Download Submit

                            • C:\Windows\{266E16C8-F58E-4d35-9411-20B702DA5A93}.exe
                              Filesize

                              180KB

                              MD5

                              e91039408c06a5e070671bab0acaa6c6

                              SHA1

                              77c61ff93c4fa1d4c05a75e150f017c5e75d427e

                              SHA256

                              15f4d64ef338110b22b34244e521b990101bd0912c11dcd955dc38b8abec508f

                              SHA512

                              3be770918d51c63e6f3f8be92b0dc258eb12d5367a15a8d4651b4b82578cc31046f4f83e0244c15fc3bbcb47277fa892c75debe70d4ce3a91aa55da03e88be9d

                              Download Submit

                            • C:\Windows\{2DD6EA1F-013E-49cf-86F4-D46991D6D571}.exe
                              Filesize

                              180KB

                              MD5

                              7353d4d53ec440f5dc3b8b4e2c0cec51

                              SHA1

                              2124541458b8897f05b66f0368c9d2fef7b5dc9b

                              SHA256

                              2111a8fb8983aba1500ad81f79914ed7cc0a9ecf779a660d9b1146708d1c4bd9

                              SHA512

                              ab7757caa379065dbca3b0bf459b199f18f825bde52c6194cdd0702eeca2c80dbe7126f3adcf1cb91284fae7046624d218f1be95c4d47622be9a974c32889348

                              Download Submit

                            • C:\Windows\{349DCDA8-F06F-427b-B01F-59121ADEC831}.exe
                              Filesize

                              180KB

                              MD5

                              7b6145a851a953f1919df3e55ac19d02

                              SHA1

                              5055f33190d6c7b521a6962ad72e804fa29cd61d

                              SHA256

                              bf684557803d894f861dceea38a494a65b4d3772cc0f1c282bc63702999ae6ca

                              SHA512

                              b5416c5196d75b8f7c9d83d232a4b0f086b9a594d69dc03af52cab46c32ff22c97985974f500f393ee28e2780c196c13be02766b4835581b7062bbfa7af6abff

                              Download Submit

                            • C:\Windows\{4AA21FE7-BA02-4207-B512-FE35DD65DE8E}.exe
                              Filesize

                              180KB

                              MD5

                              5f9f4c47da64efc4c6ee6581bf1ae087

                              SHA1

                              24dc3f67b3db4398a30e4caa2b709ca490c3bc0f

                              SHA256

                              71fc82ef42475a48e106ab02593d8c4d754d614ca621b62b15eee4c023394c2c

                              SHA512

                              eed6eb66b76b05fd907bc45d20bf9ee584c50cee847afd636b0c3afd3551e58b6a57320c98a342c052cab7d96904c60217bb6e651206a4c93512ff9714b2affa

                              Download Submit

                            • C:\Windows\{5915F0AF-50EC-4ec7-8428-F7A9D9B299F4}.exe
                              Filesize

                              180KB

                              MD5

                              53da3e50cce0c2b51cad74472817f657

                              SHA1

                              82b81bd71facc5f42a42a387f7106974a7eb95a0

                              SHA256

                              b94945094bdba091d96f6158bf593fec483654257a23eb6be2e6b0c64b519ae6

                              SHA512

                              2543e84cb67cdd6daea3d598f9a63079a42ed3f9a72f449086f126dfa782bde2488ef2469ea0adff3e309dff730a5a85a20f7262a7ddd78a4a70198aa01a5ebf

                              Download Submit

                            • C:\Windows\{7E9E09C4-3C19-4263-AAC6-8DDDC75AC4EF}.exe
                              Filesize

                              180KB

                              MD5

                              0f201a4e6f8a435f6aac18f6160c9521

                              SHA1

                              fd0052b2f0c7125bf62f34d91e9fcd5039ef7150

                              SHA256

                              a9e4f8e1d6719a329e728445c9bc82d287cc51de9bfc46a936e2f7bf880f32f1

                              SHA512

                              016003f8f6397c122f9ef26e6a874a396a21e24912eafddae4f0ebd2319bd27ec27db2d7b27cb59fc419f4d861d0ead7c86a18cb7adcd3cae935e7b6202ad3f6

                              Download Submit

                            • C:\Windows\{B9B0695A-955E-4aa4-832C-4282DCFB6196}.exe
                              Filesize

                              180KB

                              MD5

                              e6dba7cf6194355e89c094ead9c5720c

                              SHA1

                              cd26ec7168ac06303b2afabd0738a39ee75db566

                              SHA256

                              53d5da5db264bf62ab96b3d40b5546c30b50008a7358c401ab90e1f019ae8a89

                              SHA512

                              6ba6255657d4c67eb3c97b7fc474dfc19ae5a6bc1ff8a5cc2b0cd2296710d1bbf1cc885869abb90d6257dce8e0e378197b2774731cd807c8057cd4ca45e9e40e

                              Download Submit

                            • C:\Windows\{E12FCEA8-5BB6-4db8-990F-D9A478711D13}.exe
                              Filesize

                              180KB

                              MD5

                              b72ddf607051f905d1c26946f341bde9

                              SHA1

                              8a2fc3e38eb4dd26cbe243a85519d14fa777339d

                              SHA256

                              3f462093ca95681c29b348db6f5239a4a87a78c2395b3c6e87e696039171b217

                              SHA512

                              66d818ece8c706c2f3d3f795565a17b53a1a61cb52e4f2e1edbcc588f2622fb98e1b248dae4c44e5d5f2cfe0fc09dd5cf6d6df02ad6891a11e06df603b9d304d

                              Download Submit

                            • C:\Windows\{FA953496-BF35-486e-A8FB-ADA5EFF579C8}.exe
                              Filesize

                              180KB

                              MD5

                              bb86149a72068de22e8a414190918ab6

                              SHA1

                              4dc145e1420e997da1c65a434ecd1a262ad080a5

                              SHA256

                              68e006d79e06fe6c109d981836838f625efa903c4628a6984a3022bd11d13ad4

                              SHA512

                              c808905c3bac84fa6711a15adb4bc49cabd0c9760c5feff031d242ae05969ca3bbaf73252c573c9fe3053859a280cc8b4ff5e74bbf14f6bd4465b2f7e90d6d38

                              Download Submit