Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 04:36

General

  • Target

    2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe

  • Size

    204KB

  • MD5

    9261f11bd165c8f1c19177f14d3d1f64

  • SHA1

    20d8d65589d8bc640fac5c60cf03667f68ed14fc

  • SHA256

    217ad59471ba98885cc8a3b4f0a8bf890d0082026ba6e92db4ee83db29dc3f06

  • SHA512

    f0cfcb28883bfb32c5efeda1ff5f41b9213c3b09cb901fa0c2ce2a2f8d04ff5e5442952aa3e1199dfdaa796807a605673b8343910767a009fa20f2285cb8f9da

  • SSDEEP

    1536:1EGh0ocl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0ocl1OPOe2MUVg3Ve+rXfMUy

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe
      C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe
        C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe
          C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2576
          • C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe
            C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2520
            • C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe
              C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:952
              • C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe
                C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:320
                • C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe
                  C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1536
                  • C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe
                    C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1452
                    • C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe
                      C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2264
                      • C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe
                        C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3056
                        • C:\Windows\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe
                          C:\Windows\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:580
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{46BA0~1.EXE > nul
                          12⤵
                            PID:1476
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{9C36F~1.EXE > nul
                          11⤵
                            PID:596
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{FAE8E~1.EXE > nul
                          10⤵
                            PID:1716
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{237ED~1.EXE > nul
                          9⤵
                            PID:1480
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E0F47~1.EXE > nul
                          8⤵
                            PID:2680
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F9429~1.EXE > nul
                          7⤵
                            PID:1928
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F87BF~1.EXE > nul
                          6⤵
                            PID:1532
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{63389~1.EXE > nul
                          5⤵
                            PID:2912
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{F0F25~1.EXE > nul
                          4⤵
                            PID:2832
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{4E75E~1.EXE > nul
                          3⤵
                            PID:2700
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                          2⤵
                            PID:1888

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe

                                Filesize

                                204KB

                                MD5

                                8594730746e040a31d48ef1afa462cc9

                                SHA1

                                2107fd8ddda8b42d7888606a7327109c04a54144

                                SHA256

                                97fdf06e38852d02360891e244b039855e9eaa48d69d8856abd661e194e84d0f

                                SHA512

                                a8d5e09af37c51efb664ee4fb369315672b3ccc3a97af2b5b35b1e536d021d621974a4ace77bfc30ff03e2deda276dbf4b240927b0f84b927a0cc073624b9e24

                              • C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe

                                Filesize

                                204KB

                                MD5

                                2438c121fad1801bd2971fa4c01ccc3d

                                SHA1

                                d22d455b618f5a0130ac1780c260fb0a1c236235

                                SHA256

                                9780af70f2538843fba5d6f03b25eb1556f5b07337829c69504a004c4a2184e9

                                SHA512

                                bafb443a2b08cc665dd2a3351a934b65e4d4a656f7c5fdee67346032afdbe95946ea911a008a550f23ec9f0fde57a0359ad40fd264ef729c9cd33c6737580630

                              • C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe

                                Filesize

                                204KB

                                MD5

                                40cb3e66b6ce3f9527f4644121c3b720

                                SHA1

                                aa1f54aeebd7f5073bc9ef58e4ddd1ef802e4f60

                                SHA256

                                8d55bad02b17f7aa7ec3cc0614a6f1ff67d97b561da974bc20478a3c425c4974

                                SHA512

                                e3a2f4761b62590e3f484efd1e19fb2c7e1991016dd5ee7118c7ae80571529d6d551188b09617c4010ac40e409b8d6c058446ceb0a090af18614ec0514c8f029

                              • C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe

                                Filesize

                                204KB

                                MD5

                                2a08099eafaf0bbe3823a83c1832edf5

                                SHA1

                                dab3e972e7fd146afe18b16d4b0d77e634bd01bd

                                SHA256

                                7082473916159f7fac92ffbb31d520042ee369d8d06dddad8ff4412b7e1224d2

                                SHA512

                                9ae3c513c2970ee3cd147369c10f9afa6f45c96fbc7a81b3ffc5bc33261914ca32299556352187c7aea6d13049846d0c4b50122b9123bebb9327147a7ce60b8a

                              • C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe

                                Filesize

                                204KB

                                MD5

                                8554308bed12145c16cb3dbc272887d8

                                SHA1

                                ff486d4aea1de99d79ab614ad1da3e8d6b094605

                                SHA256

                                807309d49a17d872ddccdcf0b117f5720ed4f0b5778982245937d1c04550b8ae

                                SHA512

                                e90dbb482836d734b993cca683abb68e3aafe38ec0f57db8225fa3c7d410bf973bcd7d64f47aab25bd6a0ae0898a5848f80e8ee628d73e7c1e97f766cf7ef44b

                              • C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe

                                Filesize

                                204KB

                                MD5

                                4ea4f34111352841d7189f82758b7518

                                SHA1

                                c7e647f598b9e4089aaa30f9ea4b19fbf74a9a3a

                                SHA256

                                5760270864fccb8a833a7ff759e99888e8ac1776698eca23990e94caf97659d5

                                SHA512

                                50856173bde070e928872e4676216e12adf44480ce71e99fd0bfc0bc4d0e2533cf608b7bd59ea972d66f93c612b961ef9fa7dd122050b4c4fdaabb1267560c31

                              • C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe

                                Filesize

                                204KB

                                MD5

                                b0b36adedea9cd24c8cc204607b6bd25

                                SHA1

                                80ab7514685d107b8d2444010d91af05b8a88eb3

                                SHA256

                                b45b36bdc844dab6ac79d38ef1e5173f78dbd9e6c5e81a3ac9958fca530e71a1

                                SHA512

                                4d2a5b0bc6e1ce24bf011e3e1d3b784ef3517317574258ed8f2b90d9afa33ce7cac5420955d03e5a1ddae9b40b430301556098bc4794b02c94549a5ce381130b

                              • C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe

                                Filesize

                                204KB

                                MD5

                                906dcd9f351d59f90e3e0c845ce8b4cc

                                SHA1

                                6e903394b6674d5d8abf0eada1b6ad21bbd31f81

                                SHA256

                                911a0a0e65b36365090d49fc0f5e2718557a8a382e8cf9788bce2ffc900c46d3

                                SHA512

                                af5b9bc3238c447df6101e27ba9429d71e41afbb9565e54c7757c5d0f48f18890bd64026f0db7b7099c948fdf886e588069fbb26c81c3dd2fb987eaea0bcfd20

                              • C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe

                                Filesize

                                204KB

                                MD5

                                f2d228b795efe4cbb5871d2c81b620ec

                                SHA1

                                b6e07f7f4a38e749fa1f2a8fb7f9487095612705

                                SHA256

                                8ca3afdf5bf9bf5241f7e110e2f194e1ae7129e906460fde0c7b9a28733051db

                                SHA512

                                01c651ab81469cb2ead698ee88eaf5ae47e8d3bb2fbf1ddef92e54d78736cfa451931e7664ba5130063b94963dd85ce14e183bec51f8c33a85e116199212a88b

                              • C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe

                                Filesize

                                204KB

                                MD5

                                a25120adad0fbf02b217e74f315ff8fe

                                SHA1

                                f0ea5ad2888c4b4d5f6d6a121e148b5e6da388b1

                                SHA256

                                19bb956bf55904efc20c191ef7914ac7e52f17d69896432532eb0a92d1e9fc3b

                                SHA512

                                1dd4b046c2e55d269db88c8195c3de98bd4c8437bba623665ccc3ba40b19229f8c99fbc469f623d60a0f8cc68f24c0da526815b79403580dbf46b9f44de40acc

                              • C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe

                                Filesize

                                204KB

                                MD5

                                cca3c3f0993e2143a45d30020b85a103

                                SHA1

                                914617912e7dc70f67973d435319cd681281866d

                                SHA256

                                f131e4ab9f0b288d90c0a761c413728df6e5a3a9bc84f215c9f16ddeca0dbf01

                                SHA512

                                75e1b04aba611083706061d3093d5c764d5d02f9e19907acd15d66c337e0f6e59256203279208482df03af56b0f84f233cd4a3e0092ba21d01922bbbbb034f24