Overview

overview

8

Static

static

3

2024-07-08...ye.exe

windows7-x64

8

2024-07-08...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 11:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-08_64e440be34f755b582d6536a6c2dfcb5_goldeneye.exe

  • Size

    197KB

  • MD5

    64e440be34f755b582d6536a6c2dfcb5

  • SHA1

    85d9ec716ee58e453e6e02a9390fecd02e34365a

  • SHA256

    230a792890e04ee05fa55eff46883dec87b0f27e1f02f785698145c3ab5c8d12

  • SHA512

    7695c28a15104fc573fea9ba9924de220f17bc86b22ede2230464855cc6075debfba7dadd56030bf0fce95695c4cc5cc4ae5a3dac67be9c5542a1bf10afbdac1

  • SSDEEP

    3072:jEGh0oKl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGwlEeKcAEca

Score
8/10
persistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 22 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-08_64e440be34f755b582d6536a6c2dfcb5_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-08_64e440be34f755b582d6536a6c2dfcb5_goldeneye.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Windows\{23167B3C-59D6-4b4f-81D2-30B3F118A65B}.exe
      C:\Windows\{23167B3C-59D6-4b4f-81D2-30B3F118A65B}.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Windows\{A6DEC45B-19A3-425e-91DB-CADEE03D4296}.exe
        C:\Windows\{A6DEC45B-19A3-425e-91DB-CADEE03D4296}.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2576
        • C:\Windows\{5F705285-9D89-42b7-BAEE-D43D866926A5}.exe
          C:\Windows\{5F705285-9D89-42b7-BAEE-D43D866926A5}.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2640
          • C:\Windows\{7BE16340-1542-4b4b-9C89-1D83423125B0}.exe
            C:\Windows\{7BE16340-1542-4b4b-9C89-1D83423125B0}.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2904
            • C:\Windows\{6505E20A-878D-418e-B3A9-64348B26337F}.exe
              C:\Windows\{6505E20A-878D-418e-B3A9-64348B26337F}.exe
              6⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1472
              • C:\Windows\{2844C37B-1E45-402e-9538-CBFEF5F424C7}.exe
                C:\Windows\{2844C37B-1E45-402e-9538-CBFEF5F424C7}.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2156
                • C:\Windows\{F8AD0BF6-6A1B-46bd-863D-0BE7A948BD69}.exe
                  C:\Windows\{F8AD0BF6-6A1B-46bd-863D-0BE7A948BD69}.exe
                  8⤵
                  • Boot or Logon Autostart Execution: Active Setup
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1560
                  • C:\Windows\{B813063D-A1F2-4ffc-8761-C64A4C29A3BC}.exe
                    C:\Windows\{B813063D-A1F2-4ffc-8761-C64A4C29A3BC}.exe
                    9⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:480
                    • C:\Windows\{37DA0B9B-923B-436d-A8BD-DF7D0EDF3874}.exe
                      C:\Windows\{37DA0B9B-923B-436d-A8BD-DF7D0EDF3874}.exe
                      10⤵
                      • Boot or Logon Autostart Execution: Active Setup
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1304
                      • C:\Windows\{2B62021D-50B3-4494-86B6-AE91F11119C7}.exe
                        C:\Windows\{2B62021D-50B3-4494-86B6-AE91F11119C7}.exe
                        11⤵
                        • Boot or Logon Autostart Execution: Active Setup
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2184
                        • C:\Windows\{2EB8478A-FF82-4254-8C7D-17C580DD11CD}.exe
                          C:\Windows\{2EB8478A-FF82-4254-8C7D-17C580DD11CD}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2280
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2B620~1.EXE > nul
                          12⤵
                            PID:1704
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{37DA0~1.EXE > nul
                          11⤵
                            PID:2208
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B8130~1.EXE > nul
                          10⤵
                            PID:1668
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F8AD0~1.EXE > nul
                          9⤵
                            PID:568
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2844C~1.EXE > nul
                          8⤵
                            PID:2092
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{6505E~1.EXE > nul
                          7⤵
                            PID:1860
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{7BE16~1.EXE > nul
                          6⤵
                            PID:2532
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5F705~1.EXE > nul
                          5⤵
                            PID:2316
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A6DEC~1.EXE > nul
                          4⤵
                            PID:2596
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{23167~1.EXE > nul
                          3⤵
                            PID:2436
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                          • Deletes itself
                          PID:2080

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Windows\{23167B3C-59D6-4b4f-81D2-30B3F118A65B}.exe
                              Filesize

                              197KB

                              MD5

                              89aaaad22dcb4d82625be44c814e0c9a

                              SHA1

                              8020ea59e5c6f14d4d45f8f2d21a192f3adf8201

                              SHA256

                              29199314a42f26c92db6208e1b5cc5d23e3d51f20e14085f970cee89cd74921a

                              SHA512

                              0b02980226f227add76280f33c163acf78a3f6134024f83725a116333d3de7c3d56e92cd03d444087510bb4a6a3d849be317bcbdd6aeedeaee7b07643ff7cf07

                              Download Submit

                            • C:\Windows\{2844C37B-1E45-402e-9538-CBFEF5F424C7}.exe
                              Filesize

                              197KB

                              MD5

                              097866573bcb101b8308be68f110963e

                              SHA1

                              33a31871dbab10de6f41d4419c89184f54093535

                              SHA256

                              b6ee4e1c540bbd2687e1e35aef1e979ec5cf7b0aab43bf5de347293bc9a441c7

                              SHA512

                              06c63442b8a046d572046a5c0516f498dcd4aa11298faf2cd6fe1f803a2a45c1048e1316c8f0b66651c843fb60ca1efb0a272ee1c7a323f953b01669a08abf76

                              Download Submit

                            • C:\Windows\{2B62021D-50B3-4494-86B6-AE91F11119C7}.exe
                              Filesize

                              197KB

                              MD5

                              293b025230f0d1eb2d4f2d17899a3d5b

                              SHA1

                              0310e2019c8790ed6e87a83bef985382b86a0cf1

                              SHA256

                              fb034a89a84ae02d8fdaaea325acbd9ef495b583ba163099da0e92e9f6b0e22d

                              SHA512

                              987730c5efe318cef86f583de47c679ca58f2c60c2391bd1cff6df930f1e9b8d5556033aded52dbff2da5ef342d883132a4f80990d400aab590613a9e2dbde66

                              Download Submit

                            • C:\Windows\{2EB8478A-FF82-4254-8C7D-17C580DD11CD}.exe
                              Filesize

                              197KB

                              MD5

                              31d0ee436921964cb64030dbc633a185

                              SHA1

                              c38a51d5072b92da8d52212063b4dae8e2a858db

                              SHA256

                              47f52e3bfb09f08f7171f17c7a68ab205123bf72fda6b415601b94f7b9a10807

                              SHA512

                              330454a6ff2615e9bf9e0217717fbf0003836d3171ed339b4cdf13067322b7f21a65b0323c1a2e13ddf286bc9182b455d734e19bf8fb7a3c11577f84c0b833e9

                              Download Submit

                            • C:\Windows\{37DA0B9B-923B-436d-A8BD-DF7D0EDF3874}.exe
                              Filesize

                              197KB

                              MD5

                              54563f66ebbc1c157e49a970a4929c15

                              SHA1

                              62156b7afc185e747166eacf801a952cb08cc44a

                              SHA256

                              bcb62b2fa78a77f60ea52b85b76f7686625d4f8ef906a813404b4310c95ea23c

                              SHA512

                              192d324b9f2b2ae008611f32008027e38ac23788e8ea2f3ca97e60aaa014daa3041259af581d5b182810be1fdddb763a9d48ae1ef15537da32731d7d6017424c

                              Download Submit

                            • C:\Windows\{5F705285-9D89-42b7-BAEE-D43D866926A5}.exe
                              Filesize

                              197KB

                              MD5

                              1e4c334c9447a1b2cd0975e9847776f3

                              SHA1

                              ce992bb46a871b05aade57ee03ffce8f89c6fe9f

                              SHA256

                              88cad8fa08dae187d74d650cc0eb8a08a18605e58bfb6b146b22297879a2b102

                              SHA512

                              3c123ecabcadef184adf34772c26eb68e48101dc1036604909c4e9b862030c292678395c71d6ca466269bd21e4dc8e502b3bb4fb02fc4d4dac3d2a822ab683a5

                              Download Submit

                            • C:\Windows\{6505E20A-878D-418e-B3A9-64348B26337F}.exe
                              Filesize

                              197KB

                              MD5

                              dc6ba7f8f9bb302b8adec33d6366dd42

                              SHA1

                              9bcc9049c4d175258064dc0d8aa55886290292c5

                              SHA256

                              70e008b8ce552405441a8af06ba500dad4d6cffb67d7df5b9f4413f23a9d1161

                              SHA512

                              81adb08595a4970eafd956372b39ae109c3e766860020375ff9ccb4bd4bbcb822afd5125b7c8bd75c46ac3dfcdce3605a9177ed9b59895e483bf7a3e970535bd

                              Download Submit

                            • C:\Windows\{7BE16340-1542-4b4b-9C89-1D83423125B0}.exe
                              Filesize

                              197KB

                              MD5

                              a4f35afe6d3258e3e51ae3992f61712f

                              SHA1

                              6392ef00b7b61765e1785bfdae5ee78d3fcfbc7a

                              SHA256

                              4295bee19c1ea86fd4a2f7d54aa791992fcc380c9040921c98c8cdee57a1c47e

                              SHA512

                              a800e441c896cf2b560e7ff2906a1175c5c7ebff29bd6a4844596191275a788ec78ec4fe92c1011a080ba313aca6b90545918146449f33c0292d078243bd107b

                              Download Submit

                            • C:\Windows\{A6DEC45B-19A3-425e-91DB-CADEE03D4296}.exe
                              Filesize

                              197KB

                              MD5

                              6cccb064633a62f02a4e42eb00edb2d4

                              SHA1

                              e1b4e795f5b39d24000ae08cebc2b08f5c5fdd90

                              SHA256

                              5395384c5649502d1b97647b41c140a7c917f0670fb220f729da5ea6bb39ebd0

                              SHA512

                              3df4c28e45a3b17caef4d435876b66881153f969c45bb49688d5aa4094e96e5c714769f9935e6d1db19e7ac6cce50de5db037a824f31b212661a53c22d55758d

                              Download Submit

                            • C:\Windows\{B813063D-A1F2-4ffc-8761-C64A4C29A3BC}.exe
                              Filesize

                              197KB

                              MD5

                              a1c696b4b2b4b1192db93d984b44bd14

                              SHA1

                              88218143eee6c870cbd76d17c752aec68661c8f4

                              SHA256

                              12761f2315994d491173b6aa597b35cef1d9d930560cbf77f3a12b1a47f98c95

                              SHA512

                              ee7d28fca4956077d04c9f4d878c292b3a8ae96fa13407d27a1fee86a3b5b80a5a04f64dcaa7cd1f1cd4e73b34438566dbe517228945d3667bc94478ea46c369

                              Download Submit

                            • C:\Windows\{F8AD0BF6-6A1B-46bd-863D-0BE7A948BD69}.exe
                              Filesize

                              197KB

                              MD5

                              fd0c5c800423036a0233056bc0d6c875

                              SHA1

                              d835ccca6eefaeb3bea07059e3eeb44c561d61d8

                              SHA256

                              7634cb872e39e30b37163feb79df7bcf256d8750bfa0881938d4999b7a4b6409

                              SHA512

                              a1f04b4472476f555daf9b80068926952e4bbe6e4f9ced2242a0b4c40adfe3e85a96ee289c2d8f915fb1080858bb0f0711b315625e86b8ef7568a55a0ca82eb3

                              Download Submit