Overview

overview

10

Static

static

10

2024-07-01...ye.exe

windows7-x64

9

2024-07-01...ye.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-01_c9af3b9034cede8ad3f7a25aaa0932a9_goldeneye.exe

  • Size

    408KB

  • MD5

    c9af3b9034cede8ad3f7a25aaa0932a9

  • SHA1

    60e511859cf79847d4d3bd659ff092f1a6d6686a

  • SHA256

    2a1df51a9805d1f7353ae8132c6aaf3c1b8ec56afc8898e76afaab8b593b753d

  • SHA512

    a7aeb1d18605da928e0269b8501934cd24ed8651b381e72ba468a9ee508ede6c0d134d54424bf6a8af5f29d48a24d4d6faccce4853c7547ab0275c8344471ab9

  • SSDEEP

    3072:CEGh0oel3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGMldOe2MUVg3vTeKcAEciTBqr3jy

Score
9/10
persistence

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 22 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_c9af3b9034cede8ad3f7a25aaa0932a9_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-01_c9af3b9034cede8ad3f7a25aaa0932a9_goldeneye.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Windows\{A4A31304-9532-473c-8B45-B35DCA76B206}.exe
      C:\Windows\{A4A31304-9532-473c-8B45-B35DCA76B206}.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2476
      • C:\Windows\{71CC0AEB-7CE6-47b0-95EB-A17CD97EC7EB}.exe
        C:\Windows\{71CC0AEB-7CE6-47b0-95EB-A17CD97EC7EB}.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3064
        • C:\Windows\{74118C5B-9C94-4f51-8742-CA4E2A4E09BB}.exe
          C:\Windows\{74118C5B-9C94-4f51-8742-CA4E2A4E09BB}.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1972
          • C:\Windows\{0A28DBE3-5A05-44f6-B306-1C199E24E515}.exe
            C:\Windows\{0A28DBE3-5A05-44f6-B306-1C199E24E515}.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2520
            • C:\Windows\{90C7555E-F8D5-41a8-BFF8-601C64ECFDCD}.exe
              C:\Windows\{90C7555E-F8D5-41a8-BFF8-601C64ECFDCD}.exe
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3024
              • C:\Windows\{1D922A98-4688-4b49-8A48-306EFEE35B63}.exe
                C:\Windows\{1D922A98-4688-4b49-8A48-306EFEE35B63}.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1668
                • C:\Windows\{40C39E72-E01E-4008-BED2-B5A351CAB0EF}.exe
                  C:\Windows\{40C39E72-E01E-4008-BED2-B5A351CAB0EF}.exe
                  8⤵
                  • Boot or Logon Autostart Execution: Active Setup
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2192
                  • C:\Windows\{B5117498-00C4-4522-A104-E65B63842C65}.exe
                    C:\Windows\{B5117498-00C4-4522-A104-E65B63842C65}.exe
                    9⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:264
                    • C:\Windows\{580CAB8F-59F1-4c03-8C48-C7424DC0A089}.exe
                      C:\Windows\{580CAB8F-59F1-4c03-8C48-C7424DC0A089}.exe
                      10⤵
                      • Boot or Logon Autostart Execution: Active Setup
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:844
                      • C:\Windows\{8F277521-D65F-4aa8-A8EE-96B21BEF9492}.exe
                        C:\Windows\{8F277521-D65F-4aa8-A8EE-96B21BEF9492}.exe
                        11⤵
                        • Boot or Logon Autostart Execution: Active Setup
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2732
                        • C:\Windows\{A20AA0AD-03D0-4fc2-953A-4C6B6DD6B077}.exe
                          C:\Windows\{A20AA0AD-03D0-4fc2-953A-4C6B6DD6B077}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2340
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8F277~1.EXE > nul
                          12⤵
                            PID:1468
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{580CA~1.EXE > nul
                          11⤵
                            PID:2256
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B5117~1.EXE > nul
                          10⤵
                            PID:1276
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{40C39~1.EXE > nul
                          9⤵
                            PID:980
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1D922~1.EXE > nul
                          8⤵
                            PID:2176
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{90C75~1.EXE > nul
                          7⤵
                            PID:1028
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{0A28D~1.EXE > nul
                          6⤵
                            PID:1628
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{74118~1.EXE > nul
                          5⤵
                            PID:2580
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{71CC0~1.EXE > nul
                          4⤵
                            PID:3040
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A4A31~1.EXE > nul
                          3⤵
                            PID:2744
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:1728

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{0A28DBE3-5A05-44f6-B306-1C199E24E515}.exe
                        Filesize

                        408KB

                        MD5

                        8351997c1cc158e16a97600a15355028

                        SHA1

                        de312b3bb7f05914316907f2d07d67d7cb170573

                        SHA256

                        440e179ea7048cb327800484757af64795f619a3fa2b81cc1aef5d834d7a5af3

                        SHA512

                        00c59d3bc5cf8ab4798731b3fb6f8253354b0919ab44137f1463ea2f0574c421d8a972b81ed3b994772bfd884cc582735031b2b48e638252a9ef41b45583b716

                        Download Submit

                      • C:\Windows\{1D922A98-4688-4b49-8A48-306EFEE35B63}.exe
                        Filesize

                        408KB

                        MD5

                        b09eb3413a802e71c6a9faa4596f4ca6

                        SHA1

                        e3e8e8a8de53404f2c6a761d819f28edaf50122a

                        SHA256

                        b84f644bdf569e05504b1724f1bb7329f7e767f4e781736aba649aa638cf21f9

                        SHA512

                        7e8be1501d349cd976a6ec18d4350daf23974f46cf5ccc29db03e0504be03c76cfeef67bc1ea61f1a40f281b411bcfe21fd9651ddfd58f38bdf4b39f3a436cab

                        Download Submit

                      • C:\Windows\{40C39E72-E01E-4008-BED2-B5A351CAB0EF}.exe
                        Filesize

                        408KB

                        MD5

                        dd77fd6f501db8f65653b1d7e84e002f

                        SHA1

                        0f41f94298b177e5d9dc6d95ec074b6e7434621a

                        SHA256

                        4d618465dddb2e35e974f3e8da9ef559372c762a5c3a1cdd24e4e83356d21d0c

                        SHA512

                        62154adaa9370eab60dc31dc171a72f6bc95fbb1d82cbaa7738e47c991a74ce36a6c384e50061474b58600a1ff27ed37e154543601673e679ddf278fba0fdda4

                        Download Submit

                      • C:\Windows\{580CAB8F-59F1-4c03-8C48-C7424DC0A089}.exe
                        Filesize

                        408KB

                        MD5

                        e2399b1c36a47736c88269872e79362d

                        SHA1

                        aabf203941d26630ed163393bd7642718a8350ae

                        SHA256

                        50464fa9fba565de4ff2e0ad4a731fa4acc6daa9a4775568234cc1b439d0be0f

                        SHA512

                        979d5f994cf3beedf63923f4729b7325941d299f16ec3a66d305a6f7536b7680cf52f1f9ea413104251fc2f6f64a78a9c4f7d7d8feb162daec6b6a250feac940

                        Download Submit

                      • C:\Windows\{71CC0AEB-7CE6-47b0-95EB-A17CD97EC7EB}.exe
                        Filesize

                        408KB

                        MD5

                        c6b4acaf7128725b8269f519db68f589

                        SHA1

                        e9a04d964bff60e80baa4676c45bd1217c2de773

                        SHA256

                        105d9f6b81c5da120f3afe4d8769c77497e7a2847853407526ca696d1a737416

                        SHA512

                        738763d620ed6db7baf1178b8a8a44382e35da43834be7775b437e1ff6b928a758550baf23a58ca79bb83f48d54022fd436f454f1cb4e2e0af010aed45e39080

                        Download Submit

                      • C:\Windows\{74118C5B-9C94-4f51-8742-CA4E2A4E09BB}.exe
                        Filesize

                        408KB

                        MD5

                        abf8ae672bd01617a9cad5d32cc0da35

                        SHA1

                        5dc0ba7dd5daf48a862b2153f03b93c6b84e87b5

                        SHA256

                        8d84bbab77be15c813e644acceda5055a985b9b12a42baf7dcfdd838a137faab

                        SHA512

                        4a922dd34e142acc9221712e2b6e05ef807d272aa9af9687f18e9097809ffdab1ef3935887c6fef1331ff07a7306e5efbf57716194ff2aba74d29c91750d6971

                        Download Submit

                      • C:\Windows\{8F277521-D65F-4aa8-A8EE-96B21BEF9492}.exe
                        Filesize

                        408KB

                        MD5

                        cce579daa44575fe3470bd30c927163f

                        SHA1

                        8d0bac4d800710577a1bd305e4ebc3cd24d346c9

                        SHA256

                        3546bba2557e8f7ba8a71ef7ccecdad4a5df42f5e32ea0830a3b31140c56252d

                        SHA512

                        3ba91aec15431121fe5aa0fc27d9d52449d249a5fe12d02a0e20e4c8b2b898ffd3d497bb834b14f0b0fb42e3d6659886128352770adeff683134d2b9c36d2a17

                        Download Submit

                      • C:\Windows\{90C7555E-F8D5-41a8-BFF8-601C64ECFDCD}.exe
                        Filesize

                        408KB

                        MD5

                        fae5ce13156fde520c78c0fadaa48791

                        SHA1

                        a659709588a543eecb4fca492d04432a82476414

                        SHA256

                        b28e77e0775af42d159f9ea0c9d8fc31a55c3510e0b8d002085ab14487a66d63

                        SHA512

                        f519563b0f59afdbcffed8340b2c2e1d414e8fb6c072e80e7d4038ca61ce2f84c8ca513e6affe157d1e778987affeb83037a228d0f71e0ba2d107ca7a9a681b3

                        Download Submit

                      • C:\Windows\{A20AA0AD-03D0-4fc2-953A-4C6B6DD6B077}.exe
                        Filesize

                        408KB

                        MD5

                        1ad9e7af34cfa3bf8ff3fdb1e692f57d

                        SHA1

                        20025caeb0a803bff593c7fc9eea095307c46664

                        SHA256

                        34d80cf945fc74efa48a7d1728fffe710f24799886362025be27cb13ecf0d9ee

                        SHA512

                        b86ea389194400a24ca9a8cb46b2fe0a352757ab9b4bc92f37ad6071cdaf39d2ee7c5631c6acee53c92e58aa6de5ea9036b2238b62a64652c14f7fe365b4cd53

                        Download Submit

                      • C:\Windows\{A4A31304-9532-473c-8B45-B35DCA76B206}.exe
                        Filesize

                        408KB

                        MD5

                        72f054dc6289a499946c958c4e842d6d

                        SHA1

                        82ca109e6e9d1c886bb824c998c664c250d75147

                        SHA256

                        2a8fe2cb281a27a0123528f642599e2597046571fc355c20a174a1c32e1474ee

                        SHA512

                        a6f2c60237d7963413675f300123ea4497e0f7fdb8d8b66d4255cf891762f6fde9323527c8bf3e4595241b16c77193ed659fa3bdf3f6bb6bd62a98448de405bc

                        Download Submit

                      • C:\Windows\{B5117498-00C4-4522-A104-E65B63842C65}.exe
                        Filesize

                        408KB

                        MD5

                        0023f392177042fc82cf174a38f391b8

                        SHA1

                        12db6d7d6043d072212a7ce49874e8c015b94c3a

                        SHA256

                        b7ea88a1100f109e02893537f6ca480bc7f3855493ff9605756cbc1110dd7b68

                        SHA512

                        e2e6a517e7c28e97b74f0e74859a8ae11e5afbff58bb1608076210c9c96634c2fe8d4985f5b042f23e8c6851c7a969ea10660e91aa885a37a43e998e2a9348a6

                        Download Submit