Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2024, 16:37

General

  • Target

    2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe

  • Size

    168KB

  • MD5

    2680d6392f72a0c5db4e1d4eb20e3fb2

  • SHA1

    e0e6554478c119d14cd2ada53a16b71982b2d8ec

  • SHA256

    02229c757c01b07239d030159c39b38281b72687a8d3406f01043e42db7128b9

  • SHA512

    c4a0b8a112b714bfc60d373b8473bb5b96e1085fadb8ccce972f341354637aaf144d52111dffbaf5f0c277f9439c1875967420f1444e6148ab21ac61472a536e

  • SSDEEP

    1536:1EGh0o6lq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0o6lqOPOe2MUVg3Ve+rX

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 13 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3536
    • C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe
      C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe
        C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4728
        • C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe
          C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2508
          • C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe
            C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4108
            • C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe
              C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3068
              • C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe
                C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1656
                • C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe
                  C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4520
                  • C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe
                    C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4388
                    • C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe
                      C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1692
                      • C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe
                        C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4776
                        • C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe
                          C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4752
                          • C:\Windows\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe
                            C:\Windows\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:4864
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{6F07F~1.EXE > nul
                            13⤵
                              PID:4816
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3AEEC~1.EXE > nul
                            12⤵
                              PID:3896
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{ED5B6~1.EXE > nul
                            11⤵
                              PID:3852
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{8831F~1.EXE > nul
                            10⤵
                              PID:1848
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{79611~1.EXE > nul
                            9⤵
                              PID:4696
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{87FCF~1.EXE > nul
                            8⤵
                              PID:1884
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{933B6~1.EXE > nul
                            7⤵
                              PID:4800
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{076EC~1.EXE > nul
                            6⤵
                              PID:2988
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2B8FD~1.EXE > nul
                            5⤵
                              PID:4804
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{86A21~1.EXE > nul
                            4⤵
                              PID:3652
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{CCD72~1.EXE > nul
                            3⤵
                              PID:2944
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:2000

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  3dac8a0000423b8d656b4ca0e0358560

                                  SHA1

                                  5f46bb597a200cd033f93874b3d3bbce6755d855

                                  SHA256

                                  dca6f5effb16c5269bf80bdb7845f6c6162c6db2e09332db0e9ffe1186034462

                                  SHA512

                                  aa45571a307b7054db80e8fbed2e8ec682421945443c87da36ff6c8c6242acdb182f1cb93d3b09f238ad04621f0d7d432d5ebfbfbfa6d0f366494bd816c4d9de

                                • C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  93014206419f1bf219162c2d939f0de6

                                  SHA1

                                  482a32325b57e7a4e0880401217ad181de3faff8

                                  SHA256

                                  ce22842c522925fba5cd17f95f8be33557218244a267e0bf5f17d9b1477687c9

                                  SHA512

                                  bc92927a3ab95bce82a7a7892f12f58fe5ef0e0d79748a3510132df8379b04fe09c150e72ff5d7a252d0239ec905a236440034a7d957d0c9b2b70923cf122e49

                                • C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  e0360ad5bc9e658dd3e5020e0cc2d1da

                                  SHA1

                                  8e307b30f2c3f6510c015b6f524fff1df35d9fc5

                                  SHA256

                                  cd56f90760ffa61219ad127c9c8540260b7147ad100d20d82e98364fad9fddf5

                                  SHA512

                                  186b07345eceb209bb8058329bf6fa5f3051fd4408a7583c7f7a27e2a87c3eb48123dcaa370fee4504315ae96ae10f6556217495fcacf6037e1da38b95b76a2e

                                • C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  bb21f764b3471002aa73f194c15b25e2

                                  SHA1

                                  8f3a180a3ca4cd6b87a00b687d4b52fc185a5126

                                  SHA256

                                  2b9ba5d951f622dc366f9cc2cb7fa3313474637628a4692fe5084aa1c18e8323

                                  SHA512

                                  45e7656e147c6bf96b083ce2536c135c3a9a57d9257943ec08fcb45a372cf30735a75df84453bd9eb1b60e01245fe9dfa6f65f92eae5c426125c495ab6e8d991

                                • C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  eaab6ff271b0cb5812015c6d704ef2e9

                                  SHA1

                                  b0dd32fb57b3c5c24ddd7a7a7c64f75187a9eea1

                                  SHA256

                                  8a0264dcd10f756d7cc23db486dd16ee04e07453ef5f0870c2a7e77673a59ef3

                                  SHA512

                                  8f2f51634a65b4722449a82450c7308397cec0f091a21866d0c24f22752a63cd4227209dcd234c636c7fa01e53f79c97329a906034711bb1b2cf75d1c26b8191

                                • C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  f76e25a2a9ec34485124050eb887c171

                                  SHA1

                                  57e283859ecff5d4fd67909458a1d1cd22dc5246

                                  SHA256

                                  c6ece3af24f6f61a1295e80ab8e5a13225354d1f3a63c95ef68dd47a4585d6e2

                                  SHA512

                                  1e6e243bb3dba0c7bb0d68c6242cc5296a1bea4e4d0c968a1882c02a5dfb073fd90c1f1ed8cecfcdd3c22dd0808acb5172535704bfe402ba559a338a14f8363c

                                • C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe

                                  Filesize

                                  128KB

                                  MD5

                                  33a6e25d5d9f217bb285eaf3cc006f21

                                  SHA1

                                  eb6b11a10d19472ad474d460d4b94db7182be57e

                                  SHA256

                                  024be0c1b1859ba502143e882d527c8041866a0d9481cf446ece0a809e884d0e

                                  SHA512

                                  5fc68cfe3a826f4f6af7c718dd2bf82cab64baa93990496971cb101d7e77594234625468ac702eebb3a2054eca3bfab73b9fd042e9efd8d3966ff2a119c02610

                                • C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  37d58c1180a0c0e00808b873341774e1

                                  SHA1

                                  3302cb3983739d8604a021fefd833cf4fb63d758

                                  SHA256

                                  ba8a36c3f79ee4ffa48f24d979aaeea758a00bcff1699aa55a2921a8c175343d

                                  SHA512

                                  b4420bf980830608461b29c09a1ecdc447e1f96c0f753cff3ce908c06f5c17d5f78b238babe93b4de02bb54b754d5fbfced9271702acb250c3253c4f2c8e9d90

                                • C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  850c8cef58d54f74daeefd446279194f

                                  SHA1

                                  4e8ccec6c7176215639b21bf067450649edaca58

                                  SHA256

                                  1a62d1b53ea741cc0dc49fde505023f343e706c4ee771cb27c12b86792b43a35

                                  SHA512

                                  dc2d3f8a140141f50adb957779eba40edb34b17e88d4c6d68c8c83e49f0845292c5e603a9f6d31f561431e45fd314f86e4e599170c21673202d1972a88bd534c

                                • C:\Windows\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  8fdcea4c2e9680d8ae6c735a6bdecc7f

                                  SHA1

                                  c03a98646f165c6a111e95029a6aab839c7ea6eb

                                  SHA256

                                  303080708d49b6254543630f4da6cb52b48d5483b5ae6ef128e41eac4a9d18db

                                  SHA512

                                  85cbd8e2ebb7197df8028639d90714f2d36bbbc61c92645f3acb8fc6d6256791565e20d13d7afeb702246a02cf71ec3be2743c6315f8a96e097e7d001ff3bd21

                                • C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  c500b16705b7f2dc7d3f8beee5f887e9

                                  SHA1

                                  4ffc6625a6b40060dfec1a2a6cc0e9e485ead7ea

                                  SHA256

                                  4940a34fc59855a9e7e4c4c2d31dad3d1344b0d3fea70ca0463092a55fe54177

                                  SHA512

                                  688acccafb63485bf4254bf973c88cd6fcfdc6f6df85e0f54fc0b4a09bb1e5f63241f3c14b0b85f3ee6824e38e3d504a372320687a1256e47241a5fb8204f462

                                • C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  0222c0644392482b8c3739427502e3df

                                  SHA1

                                  b5e2f97c7fe430d663ddec04d8f460dcf8090cbe

                                  SHA256

                                  a2e9a9174be46d3d56ffa28f75a1e87c9aeee7084227838c37dae21922a4f82e

                                  SHA512

                                  bcc51aa975d5c55bf6118c75908a9de604ae0c3cc4e4b99015455f949be6255a0ab4f9fcb94bbd4eed1ce1a754ddadfa768bf80de214a21dfe6394912295f42d

                                • C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe

                                  Filesize

                                  168KB

                                  MD5

                                  dc4061bc402c57cbddfc1ebb51c9042e

                                  SHA1

                                  713e294fdccba195f9e9654399a690c4a60afd1d

                                  SHA256

                                  5ae79d6b8a88a237b1fc1291661799f3a18926abda8dd01788cffa31b3b6b58b

                                  SHA512

                                  10a55a85d666cd33e7202b27b5046f3aa088508af9d36fa3b89151ca51b887208a55190878069ef1457c50b393c2ff167380f4186353d3847d67b7d50b67d199