Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2024, 23:29

General

  • Target

    2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe

  • Size

    197KB

  • MD5

    7700691d1d8ba6023d1d9bbaa3de7429

  • SHA1

    d6e1723304c1fea09129871ff9e6fe1cb83ef91a

  • SHA256

    e48951fb1eb66395f19027038718abafe06697d96adda70534ba15c0cc7ac7a8

  • SHA512

    c0e6f62e9bc01b77fa423855f382da849b4718cc6cc55696cc08a5b554ebcd0d82a92248d99f8733f08bb0a166004b12c8e0061fa0cb0f8018cb9273263fc5be

  • SSDEEP

    3072:jEGh0oZl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGrlEeKcAEca

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe
      C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe
        C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2664
        • C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe
          C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2656
          • C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe
            C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2896
            • C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe
              C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:472
              • C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe
                C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1120
                • C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe
                  C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1752
                  • C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe
                    C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2756
                    • C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe
                      C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1556
                      • C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe
                        C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1220
                        • C:\Windows\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe
                          C:\Windows\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:1092
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{A2C69~1.EXE > nul
                          12⤵
                            PID:1996
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FA6CC~1.EXE > nul
                          11⤵
                            PID:2012
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C1D23~1.EXE > nul
                          10⤵
                            PID:1460
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4100C~1.EXE > nul
                          9⤵
                            PID:2732
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{87277~1.EXE > nul
                          8⤵
                            PID:1088
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E99C2~1.EXE > nul
                          7⤵
                            PID:876
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{82F7A~1.EXE > nul
                          6⤵
                            PID:1292
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{37F3E~1.EXE > nul
                          5⤵
                            PID:2072
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{2B711~1.EXE > nul
                          4⤵
                            PID:2592
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{1F9B4~1.EXE > nul
                          3⤵
                            PID:3000
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:1216

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe

                                Filesize

                                197KB

                                MD5

                                eecf3019153851685ca1853710e1ac1a

                                SHA1

                                f09c06cf819104489f57beeb794dad36b8c3db5d

                                SHA256

                                b55b4eba4eeca3776695fcb590e63aa5deabf8b379263a5449d7fb262142d9ca

                                SHA512

                                1d149e9e6149980e7813e57094bb2a9eca13c44292bec35d2ab72da0bae1f5ae12890b74cc980d203212d9cd536ce9109c785e7f16fc2b8e96568cc089203a6a

                              • C:\Windows\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe

                                Filesize

                                197KB

                                MD5

                                2da9d22d06fa58a013d5cf503d476073

                                SHA1

                                a8d69507380bef0d5d68bf5d1995c6cae2d0de53

                                SHA256

                                3b9d3bf2b08822350e2700a3304074ca5a8da15a06cdfb1124629677f705c8bd

                                SHA512

                                1735d3be9135ea696cc0605c274e2ad74e1afadc15dea9af977f45b5f369ebe6561662b26bfeedcfef3ea1a39cfea7008adb3dc7a61211cfda73aa61c417d409

                              • C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe

                                Filesize

                                197KB

                                MD5

                                e406ff81b38d6345e349eecb1497c357

                                SHA1

                                bc0d58325725d6e7606008c7ee388a935716fe71

                                SHA256

                                ccbd9999b56d84dd603ef8e10d8e11708f99bee4990cb653119ca8f639915432

                                SHA512

                                a60d3e88aed545ee93579cc4885e1b338a7cbcc5064a70a0d24a4115e47cfe8559bddea9e960bae8a971450337de3718c9fca36b08bb2643faa0d56fac667c3b

                              • C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe

                                Filesize

                                197KB

                                MD5

                                3939837a97ea9c5afc9d5497797f6027

                                SHA1

                                60bca6a9f5b4c7aa2f25486e50886daa447679df

                                SHA256

                                78c9f2808f4ba3709116ffc569f82608fed7ae9c7fb90d91339b14e527c66936

                                SHA512

                                95b9adf68f4c57def700c0dc4287dc34409684bd74e02dc6ba91af43dd5ef912376ae9df7f368e13b3922fe10b2b022a63a48678eaaa9f943b1f9ac7a0e51474

                              • C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe

                                Filesize

                                197KB

                                MD5

                                ca55d477ed4eede8e5b94fe42b8f949d

                                SHA1

                                8e902ce629764a85f600d4cfcf48c010d110119b

                                SHA256

                                a15e9259a03c8f164cae9545c2f5df51b23a3fde74e07129d09723e04bec6bfe

                                SHA512

                                fbe136a998203fc08229e5fdc4a07a6e9283a98dae99d920d77f15e6120c3d8cf32ee1c78fb495641cb81708f97515ec99547974b9d6ce547c93943ed4cc3bcf

                              • C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe

                                Filesize

                                197KB

                                MD5

                                ef29cc273952a3b498d62421972de1ad

                                SHA1

                                db41749e6b2d88efd47f702439157165feaabfb8

                                SHA256

                                3760b972106ba2943ea4d5364a3447c197e284c70d0d4d1dc7f0f71680249322

                                SHA512

                                3f72b87162219bc2d39210367dd7f834a3a0380b63c2ecd4c3a9d422bcd0d52800625ca6fd20fa67eb3d944dbd2339d207fc18ddce6d9f3d3db7110f146a8b95

                              • C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe

                                Filesize

                                197KB

                                MD5

                                88817a97e9a1a961dcee56943ddbb608

                                SHA1

                                425d0524a1eec26766c21083ae277de41973d40a

                                SHA256

                                dc93feedd95866e99971a93af9a451ec919f2c6fa747f7bc6d9312ceac08e267

                                SHA512

                                3cef6275c28f2f43e8204ffcc496837c0adf4dddac80cf3be95a8bcb5474541578db9736acb25c9346b56b56c22d8735f7f1988cc441a96206a581913256dab5

                              • C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe

                                Filesize

                                197KB

                                MD5

                                62c240b09ff5d30bf1af3c009feb979b

                                SHA1

                                9759988be3380b559f0487e3f2ea3c2242d3f713

                                SHA256

                                bf49f4f3e79cbd53eb5ce5b6790f894375671e68eb32dfa62f5ffbaa1ac55908

                                SHA512

                                79e3f0dd46c2168966a0853b31a341431afb08425c3bcfa224c69bcb3adc7989d53eea164b8c3bb01aca090c640a6a85c64e2b180446e07964107db5f5697ad2

                              • C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe

                                Filesize

                                197KB

                                MD5

                                722cbef8ae74ebf39aa3f9d1330fb48e

                                SHA1

                                8386d787dab363302b520f0a637ffcca3afd7cdd

                                SHA256

                                0d04e39af934d04687e0d64b64dd425548b553e5bbf82c7ed9ec5aa965417a7e

                                SHA512

                                b6e9cadf81d59ecb82f98d24f8cf53e3edb37abd923a517e6de99059208ce02b6b7e66679dabaa19d1a4da4c8b4c0a113b8b2c4fd393d54c2add07666d0de493

                              • C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe

                                Filesize

                                197KB

                                MD5

                                be7300af720926e9c34f4d4c85d0a168

                                SHA1

                                2010698dd5e18a526bd0ac9b15e92ac6fe762cb4

                                SHA256

                                ae8a021d3d6e906b42c41109f6b47920f6fa8ba846e04f20bb0ed2938161a9f5

                                SHA512

                                1c1ca9b9afac50bd463e11455829534d0a20a08728983cef589d64422cc6406c74bc646bcbd0272327f70e20080e7123013dbcd569e79a4bb789db9d190d4465

                              • C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe

                                Filesize

                                197KB

                                MD5

                                0d8994e62835a0fe3b64fefc71ccfa35

                                SHA1

                                72b6b239b7b45ff460dce646720f051ad21a1772

                                SHA256

                                481cbdd92c60baa555c2af68334cef4998a59ebed40ea396b70b08ea3897f9a9

                                SHA512

                                668cbdc312df764fba33d7a614b7b4f1139ccdce83499bff6078ad4e3bd401e53ff4a838f7269bbd610f1c2f51ea355470acbd12a78aa55cb5afd094b109d2ea