Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2024, 23:21

General

  • Target

    2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe

  • Size

    197KB

  • MD5

    07df5cc6838f279930c33904c850e1db

  • SHA1

    db9fad254bcead8c4c6d5c66633b4ed7ef9d46d4

  • SHA256

    20c1f5b05d5cb43caee71a2c91870af3415c008102ab0f54d480f1df4f615b1e

  • SHA512

    3c706f99aac39d42683dc38e62f9b9e251f5811d6c0fcdc5e50647a73c2bae1dc26e06bdaf973ebd9c4d108e5c531fd5a03728b43d9fa5387abadf998c45b9b1

  • SSDEEP

    3072:jEGh0oCl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 23 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3948
    • C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe
      C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5896
      • C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe
        C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:6020
        • C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe
          C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5876
          • C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe
            C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:116
            • C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe
              C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:4160
              • C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe
                C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2640
                • C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe
                  C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2472
                  • C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe
                    C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2192
                    • C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe
                      C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3728
                      • C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe
                        C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4620
                        • C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe
                          C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          PID:2324
                          • C:\Windows\{55327C1F-113D-415c-B775-53944E266C8B}.exe
                            C:\Windows\{55327C1F-113D-415c-B775-53944E266C8B}.exe
                            13⤵
                              PID:5756
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{9C34C~1.EXE > nul
                              13⤵
                                PID:772
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{188CF~1.EXE > nul
                              12⤵
                                PID:5084
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{27279~1.EXE > nul
                              11⤵
                                PID:1648
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{59AFD~1.EXE > nul
                              10⤵
                                PID:4836
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{8E17A~1.EXE > nul
                              9⤵
                                PID:1652
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{7B52B~1.EXE > nul
                              8⤵
                                PID:3744
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{A9B47~1.EXE > nul
                              7⤵
                                PID:3936
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{8CB02~1.EXE > nul
                              6⤵
                                PID:1280
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{45996~1.EXE > nul
                              5⤵
                                PID:224
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{E233E~1.EXE > nul
                              4⤵
                                PID:1660
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{41079~1.EXE > nul
                              3⤵
                                PID:5500
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                              2⤵
                                PID:5952
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
                              1⤵
                                PID:5848

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      73696f50ba20f50033bd42c69de24135

                                      SHA1

                                      2e357efd09d5d403f401fcffcf8e347d14f9df6a

                                      SHA256

                                      1e07fe01c0b2c1f5e04a133ecde1f41ed0ef09ddcc17c8a338a431ca12c1c3ec

                                      SHA512

                                      8f7f2310cd3a6e2f31c64b16e85dd5ae296163d273768a1eeedabb2c84bd7fcb6e5fc726477f1b136a36649d4c8b773b036c397c9752c0ae704c3085c423007f

                                    • C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      06d7e288e2e225274a6ee9dec1697e4c

                                      SHA1

                                      e016fde46fc695f6e48c0e65cbf59651950aad96

                                      SHA256

                                      8500afb1e76a1ea7f1b9de82ccaef5112a6c56f81f73979d516c84ef9625efe4

                                      SHA512

                                      d8029ed11d3139269de76e9324122b9c2c6f43e94759c5cbd6ac123f5f560d5e2f8d1bab0d04382f9fc7323a44c68cde9a24742b7a585f918202b181ac09c7f3

                                    • C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      88d04b107bcd3eab68613f40a428af6e

                                      SHA1

                                      07bea16a9870b6f3d8752b94130ff7f496e529a2

                                      SHA256

                                      459a15d91b42da890e8897d0e783b7fc19a64bb6aee19739f82eacb0f0a7cc7e

                                      SHA512

                                      71faf1118bb18b7ae19e1386358ebcbce8df10705c53de3600d7f3e1acff3e8b8cf1ffef441c34fb2b028e7924f6dee6d84671886fea1891686fd3858f005505

                                    • C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      4c7d8353aa8d61ff84eb2c0fab2ff149

                                      SHA1

                                      9d8e735da283193eb01b08eb7b8365f013da48ab

                                      SHA256

                                      2835115d6f4fc52845ff17225223ac5e4c5075b85e78c98dec593b28ca05feaa

                                      SHA512

                                      0cf99664468e7fd18d7d858b7d6a16c908377911a5d2029121215628339f674bfd7ba31b85f7ad55511a04f99057460f15ea9643f73ce488de9da68ef49cb92e

                                    • C:\Windows\{55327C1F-113D-415c-B775-53944E266C8B}.exe

                                      Filesize

                                      132KB

                                      MD5

                                      ad16bd8b7f8f1a1e6c12118c8581ee92

                                      SHA1

                                      7febe6500a84f840fd11320c549f3d10f20d125e

                                      SHA256

                                      43bc36a9bc431b87ad5dd2beb73bd8bda833c29297bce02d48c1391e1f40207c

                                      SHA512

                                      05b63192e0476225f1f2ff8e0ca1ea696023b21bbb7badd8d41dd6243981bf076a257b5834c85c2e1652b40db09815d37a654bbe8aa3b231fd3ae398102f005f

                                    • C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      d50272bbdabf94c656c963302f32597b

                                      SHA1

                                      b728abe3c9b15fc28ee4241f816c1d27b22a03fe

                                      SHA256

                                      09779308126d9add168f09852e50350d942c884cd0a4dd4641a107e3a564b22a

                                      SHA512

                                      30c5fe480317ceac07f5a39de022850a41e574b4be9d436e08a5e9cf4fa46d4331c3cef435860f1f7d7a166911ace7eb2a05aa5348bd8e077a53d0323a1c53fe

                                    • C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      0f6e1d9e5c5f76acce46c1f187d87f74

                                      SHA1

                                      969c2cc845e19700104172035b0cfc52a7de6e2d

                                      SHA256

                                      e385df1415ec7e531b1551e24fec5f74a2b32810ce7ca17b48bfa8935cb35338

                                      SHA512

                                      89a54b2b9a612fc0db58c2eb51d275814741c9148e2e286a614af7cd5d345ace2d993fcf02cd89c6c0bb5693074d77152c968edd1c998cc7bf8b1aece7dbe6ba

                                    • C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      97f79c95fe30860ca9d17bb71ed413c9

                                      SHA1

                                      da25338feb702ad9d3dee1a720fe8f3af55ee812

                                      SHA256

                                      9d4d65b0f9d820e74031a514b2c3b9f2e7c93c74d1f62470eae06c2b455f0237

                                      SHA512

                                      aa953d28d626a3dcae07b57178507dce4077eb42f0e7fdbf09e25c745c75e01b680e2eda14cddcc71f31fa69a293f373bf09bbd2bd6a1d3f8a497c0c1341c4cb

                                    • C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      c3835bb14faad522fe804fe3aa286a30

                                      SHA1

                                      44b240695643419d2929ffb8c6393bbec3dfb759

                                      SHA256

                                      82bfc0025d2c168b404912fbd2cf1cac3d7ece6a8322a378f11051916eef17f1

                                      SHA512

                                      8425341a3916309c6275e93580922bc05016320016855a194c346fcea6c449d4e005f5a80bcb7625537f5d575ea9300b2bc9fa031fa0329bf88a4ba427ca2af3

                                    • C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      b27a9e4d1be9a28d4c3e2dbd9125b28e

                                      SHA1

                                      d629e1f9faf3b11200d327b945a825429716ce5c

                                      SHA256

                                      4d9dacd4345cc77aa2db7cfeda3fe243a4bec0b02f5077a6e848407ec021666f

                                      SHA512

                                      da0984d0160f29dfb26e8e80b19df029ef620e580df99cbfa3b5fb5b7c55bf2f070f069067bde2a5f294acb33c43724534e2c41317d7835aa8b2a5c00cd85b15

                                    • C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      9a86691eceab19743ba7daac40099ddd

                                      SHA1

                                      f8319320e6644c490871a176d16bcc86eb599f72

                                      SHA256

                                      b91ed8fc47fd914ebd22c1b39a61a18f2c56769a7fbba299f432a4856bb67346

                                      SHA512

                                      b4d0d08e7a042ce0df084508e84a4e1529109b7cbdb040c9ad7d2c87a26c5686462d509af28de57b7aebb8d5cc696649d2f0bb33db31200b9f4a0b4050198c7b

                                    • C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe

                                      Filesize

                                      197KB

                                      MD5

                                      3bcf5d071e436d662733535c8f93ed4a

                                      SHA1

                                      274eadeb3ae84ee63d0c90c38bf19565ce3249b5

                                      SHA256

                                      de718c7ad1cd9df737b96dec285c41a5d2d02283d5c2d4db9ae1d1e6dc335fae

                                      SHA512

                                      e869ba2dc6fe2a93f79ca42f8e6d575a19b8512ebfca65720becf2c6fafd8f09d2adcc5f70c01dd65ee8b01b99cf252dc7c6191fdcdd1c20d05eaddfb73d2182