Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2024, 13:42

General

  • Target

    2024-04-04_8b0d6362c5339021cf7bf8c3335b3656_goldeneye.exe

  • Size

    180KB

  • MD5

    8b0d6362c5339021cf7bf8c3335b3656

  • SHA1

    5edcdcbc300c263a93bad82d0e3c9a58eaa1df6d

  • SHA256

    bd35f6bc5112f724f198ce37c376e172a7d8854e88e2919c8c26bf4fd3e12bdb

  • SHA512

    e9ae3dbcb28949cb6af1ec184d3b9b71086afa2ddc3762a8b9425fd8b0ba5eb44b7907304da312ac0600ef6ef4ade589fd21133d5f7d6d447e2b3b892a8e6177

  • SSDEEP

    3072:jEGh0oVlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGfl5eKcAEc

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-04_8b0d6362c5339021cf7bf8c3335b3656_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-04_8b0d6362c5339021cf7bf8c3335b3656_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3848
    • C:\Windows\{E5F6747F-F8C9-4298-8588-D9659C9693DD}.exe
      C:\Windows\{E5F6747F-F8C9-4298-8588-D9659C9693DD}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Windows\{1D38C02C-5582-48c9-A3F0-5F04547529B2}.exe
        C:\Windows\{1D38C02C-5582-48c9-A3F0-5F04547529B2}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3144
        • C:\Windows\{F05964B4-1D80-482f-A6F7-1222A98F013A}.exe
          C:\Windows\{F05964B4-1D80-482f-A6F7-1222A98F013A}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1272
          • C:\Windows\{6A667538-DBCA-42ff-9E90-7B1A03348C86}.exe
            C:\Windows\{6A667538-DBCA-42ff-9E90-7B1A03348C86}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:680
            • C:\Windows\{54C94FE4-A674-4342-B33F-0C3AA010BD89}.exe
              C:\Windows\{54C94FE4-A674-4342-B33F-0C3AA010BD89}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3236
              • C:\Windows\{719367C5-57DE-4bc7-AF55-5C07042C35E3}.exe
                C:\Windows\{719367C5-57DE-4bc7-AF55-5C07042C35E3}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2556
                • C:\Windows\{AF3128AF-4935-4ace-9C58-61F6DA5C9F92}.exe
                  C:\Windows\{AF3128AF-4935-4ace-9C58-61F6DA5C9F92}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4824
                  • C:\Windows\{2A52E8A8-A254-4b21-84B4-6E18E0C6363D}.exe
                    C:\Windows\{2A52E8A8-A254-4b21-84B4-6E18E0C6363D}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4740
                    • C:\Windows\{C02D84D4-482B-4001-82EA-403C637B3A85}.exe
                      C:\Windows\{C02D84D4-482B-4001-82EA-403C637B3A85}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2748
                      • C:\Windows\{5ADD6913-B0D0-4d05-B4D9-AE6D1D5444C9}.exe
                        C:\Windows\{5ADD6913-B0D0-4d05-B4D9-AE6D1D5444C9}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4436
                        • C:\Windows\{4E3F10B0-4DD0-4cd8-9121-E8BC42DCE38A}.exe
                          C:\Windows\{4E3F10B0-4DD0-4cd8-9121-E8BC42DCE38A}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2068
                          • C:\Windows\{2A3DC0AB-82D0-445a-9D31-F018E5D8C43B}.exe
                            C:\Windows\{2A3DC0AB-82D0-445a-9D31-F018E5D8C43B}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:1192
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{4E3F1~1.EXE > nul
                            13⤵
                              PID:676
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{5ADD6~1.EXE > nul
                            12⤵
                              PID:2884
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{C02D8~1.EXE > nul
                            11⤵
                              PID:3816
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2A52E~1.EXE > nul
                            10⤵
                              PID:2320
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{AF312~1.EXE > nul
                            9⤵
                              PID:2144
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{71936~1.EXE > nul
                            8⤵
                              PID:4316
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{54C94~1.EXE > nul
                            7⤵
                              PID:3788
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{6A667~1.EXE > nul
                            6⤵
                              PID:3700
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{F0596~1.EXE > nul
                            5⤵
                              PID:3348
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{1D38C~1.EXE > nul
                            4⤵
                              PID:4764
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{E5F67~1.EXE > nul
                            3⤵
                              PID:1084
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                            2⤵
                              PID:1352
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
                            1⤵
                              PID:5060

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Windows\{1D38C02C-5582-48c9-A3F0-5F04547529B2}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    285b2768c7711416ebf74c8aacae5cfd

                                    SHA1

                                    75756931c440c41cdffa0097200abc0c78bdb478

                                    SHA256

                                    83e28d0d2cb27fbc20c549906e9590ca1eb29124f126fcaeb9340597c77ad7c1

                                    SHA512

                                    2a131d67b795912304972b9a2c04304bb025ea1be31ef6511d7be69788099f1d09e8dfb04ce6660c728067bb71361edde979e65e151f621299029465abf960ef

                                  • C:\Windows\{2A3DC0AB-82D0-445a-9D31-F018E5D8C43B}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    4c4f6507127de70ef1ab0c80824a8d09

                                    SHA1

                                    7670d55eacfc561fe0272fe6bf63e519069fd179

                                    SHA256

                                    0bd47a3ca69cdaa174de4877ab17bb3b5b78f0bf2f54d29edb8c169662bd47cc

                                    SHA512

                                    c8cf455e13da10affdeacd917cf757eaa215d1e4b905119abf9a6b0c49a3744a1d99048664d6eaf494c350e6a9f7f4202765d49ffcc31c776aed46967662c481

                                  • C:\Windows\{2A52E8A8-A254-4b21-84B4-6E18E0C6363D}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    42f4d1fed021ca9a392605f8a171e3c5

                                    SHA1

                                    5883da9b09aa4ca2a7503f733779dc262f5bd323

                                    SHA256

                                    0eb1fb50f988383196a39b52a00ce9191e358edd652ad62d3067829696bff486

                                    SHA512

                                    7e7d67654c0d4575c261ba54567cbe1bcc4276b92ba389df5e343efa95dd4bf3c3706e62e3cd92695735899e663c384968a14d85e9de82fc13c3c6006e4767fc

                                  • C:\Windows\{4E3F10B0-4DD0-4cd8-9121-E8BC42DCE38A}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    552ba3b676000103b683b1816832d3d6

                                    SHA1

                                    1879bee58f94c903515ac1b67953f0337d5a2914

                                    SHA256

                                    3737c3904ef925754eee91c036c164ef8aefbee35ed462bc740b3dd37832aa1f

                                    SHA512

                                    2d56ab5b2e9ca8b86de8b27df138b32acab3a1fd3f40df61169ae548e52a6df9c9bbdbedd956a35da37c9c0049cd5e1208204317424447d9d76a46153d21dccb

                                  • C:\Windows\{54C94FE4-A674-4342-B33F-0C3AA010BD89}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    366373eb32a66bc1475f99a76f7b6e0f

                                    SHA1

                                    95353d57e3b405d1ef49dd289f406af830615ec8

                                    SHA256

                                    79b4874e6b4bafe432b1551013f82de30265040054164ee165daf2a00a7298ce

                                    SHA512

                                    d4aa152983156180a6f372557d6c31098c2f4736177ba0972ba07b226770dfb5933e3a3433b5b75635776a0259646a31bc774404e70b20a19c0968222ad5bb0c

                                  • C:\Windows\{5ADD6913-B0D0-4d05-B4D9-AE6D1D5444C9}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    cfee9fffc6e1d72f482da1f494267319

                                    SHA1

                                    85eb7a0346ac34642e13d8480f468e5deef73a70

                                    SHA256

                                    d44374ff9148a9025d58ade52d6b37ff7be7e1ec8d62f3e599f34347b3324432

                                    SHA512

                                    60fba8cff74d25b1f075d7e4a512dd6224393598f1898f7dc17777c2247546615505b41ff3f2dae9a23518d18876e633a3bad5276452ea93bf93d0563238190c

                                  • C:\Windows\{6A667538-DBCA-42ff-9E90-7B1A03348C86}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    a01988c7c6e58597b4a3172b98bf5f0c

                                    SHA1

                                    aa9f9c4523e9b0eb6f383fa384622c4f39b4fb24

                                    SHA256

                                    1720adedf684c3287c524cd2ab876e64af6681c9d7878e3520d9d6eeb74766ff

                                    SHA512

                                    71e602a0a1bbf8944381e7bd35099e50b091fa9e58414fc0c356d28d36a6d278ebfa9e28d59c7b2ee7377fcf0be0c7834995c638aa7a07ee1a22b8eec7ad0c4e

                                  • C:\Windows\{719367C5-57DE-4bc7-AF55-5C07042C35E3}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    560fe80261ec77ddb3cdbbc6765fa9ca

                                    SHA1

                                    5fb88a6eb607884a20563c572417740f1d31b615

                                    SHA256

                                    3614f55976d8952cb78b88a1598df89e037cec763b69279b08da6441410d43f3

                                    SHA512

                                    a3b450426542721b481f722ff5b4e3f1e79b72968d75dc0d09a439d97384afdad9a1b581db3671b4c37b91fa5d73eb335de868db7eed8f63f1883419bf5c7801

                                  • C:\Windows\{AF3128AF-4935-4ace-9C58-61F6DA5C9F92}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    03a4b468b27ae81ee11ca6f9bf654c25

                                    SHA1

                                    5b6cc702a4070ca817dcf6ffc9da1472417da0ec

                                    SHA256

                                    01e7b6014516cd8a6974c3a40fb7125bbf65e7c1b7191bc83e16621d6124e256

                                    SHA512

                                    e4f319300ad7f1f7021a7b10916903599f8ee060654b0942700b80c1f4e638e6116c30aec57750a62f5187a51188c8157482c5537a400b8759bb3a86ff7edaff

                                  • C:\Windows\{C02D84D4-482B-4001-82EA-403C637B3A85}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    1af5e07bd92ee0fb4ffa34c18da6343a

                                    SHA1

                                    b59f6e7b3495a9ef78541db64a345ee46aab7f08

                                    SHA256

                                    7ddb33b8cd22962182659346c8de4ce268d7198273a9ad2b34f854fb01d8999f

                                    SHA512

                                    949ebc74c681c9ec111b50cee65d0b3a55c8ff68fa87e83b4243291867076dc1a0debbbeb56d40d7e92f7c6272dd8c2ad0db01ad0cec76e980b8189060af2be7

                                  • C:\Windows\{E5F6747F-F8C9-4298-8588-D9659C9693DD}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    2fa53ac77d584319fb682bf4a5257a34

                                    SHA1

                                    be1ed2b18952627e2a623d07912418b18f90790d

                                    SHA256

                                    d64ef68becfeed01dfc3bbad27f6e1c6302784e2739e9dc7890a96d1826b54c9

                                    SHA512

                                    523a8d10bab10e0af6f13c1e23ff8015132ba08931875388948781631cb5bc13dd8d38ef27f1662299dfac36af6bef90177aaa55d11261ce94828d72dc895bbd

                                  • C:\Windows\{F05964B4-1D80-482f-A6F7-1222A98F013A}.exe

                                    Filesize

                                    180KB

                                    MD5

                                    0d248fe2b7c379e3a81a524d8aa48e27

                                    SHA1

                                    535b884585f705900d5bc4934773b4bc8374b5a2

                                    SHA256

                                    92a57033f65dec9510e5a94c176c137b93e09050e66dd59da0675fdd603a9245

                                    SHA512

                                    a42dbc65dc668de8b6b12cb9faf18c863051d6e16033a9063d394cb10e5eed896e754a344d67ded837f93bab2b35a466b5743735fcebb728e85197a9dc8dc92f