Analysis

  • max time kernel
    75s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 04:10

General

  • Target

    2024-06-10_54def91bc41e5f6dedc6d0b825b03fef_goldeneye.exe

  • Size

    408KB

  • MD5

    54def91bc41e5f6dedc6d0b825b03fef

  • SHA1

    1cfdc7443fdc12740eb1ec74f09db2dc8eec9b76

  • SHA256

    71d546866b6bd57bd3addee83e4738fb057c44eeb1781cf5ca1a55dbc6c1715c

  • SHA512

    d6417abddab26c051f00c1e8be422106c36d2a4370830d9596f43741ad788fd2393a0c1f4bc86512c294a4fdfbf254b44392a1190f273268d4bcc4aa1812d402

  • SSDEEP

    3072:CEGh0odl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGzldOe2MUVg3vTeKcAEciTBqr3jy

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 11 IoCs
  • Modifies Installed Components in the registry 2 TTPs 12 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 6 IoCs
  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-10_54def91bc41e5f6dedc6d0b825b03fef_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-10_54def91bc41e5f6dedc6d0b825b03fef_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\{701B1477-0536-4ce8-A0AC-4272467DFDCA}.exe
      C:\Windows\{701B1477-0536-4ce8-A0AC-4272467DFDCA}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2148
      • C:\Windows\{D7959034-881C-42e8-8249-89AD8819C1DC}.exe
        C:\Windows\{D7959034-881C-42e8-8249-89AD8819C1DC}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2696
        • C:\Windows\{E6B1F28E-3DCD-40e9-8B37-E2C3FB9B7160}.exe
          C:\Windows\{E6B1F28E-3DCD-40e9-8B37-E2C3FB9B7160}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2744
          • C:\Windows\{A9813416-B0D7-40e2-A823-1ED3622119CF}.exe
            C:\Windows\{A9813416-B0D7-40e2-A823-1ED3622119CF}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2868
            • C:\Windows\{859B9250-2726-4e1e-8340-CFBD3D779E2C}.exe
              C:\Windows\{859B9250-2726-4e1e-8340-CFBD3D779E2C}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:768
              • C:\Windows\{2F3891D4-74EC-468b-A927-C66142374897}.exe
                C:\Windows\{2F3891D4-74EC-468b-A927-C66142374897}.exe
                7⤵
                • Executes dropped EXE
                PID:1980
                • C:\Windows\{D7390EF6-EE50-4bcf-B5A0-2C467D102060}.exe
                  C:\Windows\{D7390EF6-EE50-4bcf-B5A0-2C467D102060}.exe
                  8⤵
                    PID:2248
                    • C:\Windows\{4381FE12-067D-4ddb-8CB2-5B12FA51CDC3}.exe
                      C:\Windows\{4381FE12-067D-4ddb-8CB2-5B12FA51CDC3}.exe
                      9⤵
                        PID:540
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{D7390~1.EXE > nul
                        9⤵
                          PID:784
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{2F389~1.EXE > nul
                        8⤵
                          PID:2404
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{859B9~1.EXE > nul
                        7⤵
                          PID:2412
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{A9813~1.EXE > nul
                        6⤵
                          PID:312
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{E6B1F~1.EXE > nul
                        5⤵
                          PID:2236
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{D7959~1.EXE > nul
                        4⤵
                          PID:2688
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{701B1~1.EXE > nul
                        3⤵
                          PID:2564
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                        2⤵
                        • Deletes itself
                        PID:2060

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{2F3891D4-74EC-468b-A927-C66142374897}.exe

                            Filesize

                            408KB

                            MD5

                            8fba8d942fa96dab5244a563a9498d31

                            SHA1

                            88f71da3e9377bc8f28991e6219442a0bd2601d7

                            SHA256

                            ad78f0e70c87297901f89395e8dbce919112c23be002d68842ef8541fba648b4

                            SHA512

                            a73301538bad72df7253d81a5a49dd7fc4aab3c363fa930bd004b80177c7379bc36602502cd1416e346e8ecd4f2a9acf83feb10448e4fb891c15f3f0f2b6a3c0

                          • C:\Windows\{2F3891D4-74EC-468b-A927-C66142374897}.exe

                            Filesize

                            128KB

                            MD5

                            8ab61473e99b58673a5b4331a53d0883

                            SHA1

                            d5bdb78e27009f88e3e45e8e746ae8d933c84abd

                            SHA256

                            cd552f209b39d6a617d086a7c0a35931c6367321f18e1c60e56ef12f070b468a

                            SHA512

                            550da3c88837852e6a85f9daf086fea41cb0914e75f19c97b048863e859ce91e6d5f1c1f047b492d8906300a0b3821caf509159e3221ac9064aaf60d365ad038

                          • C:\Windows\{4381FE12-067D-4ddb-8CB2-5B12FA51CDC3}.exe

                            Filesize

                            92KB

                            MD5

                            e2773bc901ce7abcb741aa0c18417991

                            SHA1

                            58bad29624673bf08b68d568955002a4c20df0ad

                            SHA256

                            c694123d4df7d665931dc671b872b6c25be851fa5b10b3ee15788515932a00d0

                            SHA512

                            f52f1ff6bf0724a3372a88b51d7ae0e1367c95f2c03bd01bc546f5de829ea83f6a1cf2e7a8a45c0f1c118a239979fab0e02c950fa423c797963ae2baec3c4423

                          • C:\Windows\{701B1477-0536-4ce8-A0AC-4272467DFDCA}.exe

                            Filesize

                            408KB

                            MD5

                            bf9398b7fedc16b39b773397812a5603

                            SHA1

                            f15b6e10211cfef1ff9944b627b2c53758eab839

                            SHA256

                            e03807bc203bae44159274cc5a09317b33fb87bfa4f0500dc7b50f32ac8a5149

                            SHA512

                            d60f64b8cf4197c109a86b990f38866c6b4028de9db5b96a329981bbf948694ca93871d939629e5241d8d36cd88a44343c3129257b3283926e87c270f64c4a58

                          • C:\Windows\{859B9250-2726-4e1e-8340-CFBD3D779E2C}.exe

                            Filesize

                            128KB

                            MD5

                            7f657649944b4c91452521dd0a891839

                            SHA1

                            251ebff75dcd3a7a95de7d8326e55cf5ad9c773d

                            SHA256

                            bb295233bc59157419b2195027bcfbe8c1a4d6fb59957b5e596e9d4b0e6cf252

                            SHA512

                            7790006eae2dd668790c8f59fde23d5975965a689087ddcaa0187007517b9a6f1f1297df995f820d0b4b1b34fdee50d2692ee6e3bfac7f8c14e865a942df2b62

                          • C:\Windows\{859B9250-2726-4e1e-8340-CFBD3D779E2C}.exe

                            Filesize

                            93KB

                            MD5

                            c9e2ac6497509f5815050348e472fbea

                            SHA1

                            2f53431b4ea143f14877337012f3e9834e2cce7b

                            SHA256

                            d204247c12cecfd2af845ee2087066c34d82993b2cd6fa0eea08162f6e0ecf48

                            SHA512

                            0b94ce14e6d1f31c38bc2cc44cddb4092e053b52ac78805ec1a84807afeceec46a0786afa0dc45158bd360435e5428387436685a7aef6477cb98129651b319bc

                          • C:\Windows\{A9813416-B0D7-40e2-A823-1ED3622119CF}.exe

                            Filesize

                            408KB

                            MD5

                            f1bb9fe2f7feeb62734012e2d07cc994

                            SHA1

                            6dc7b96925c88304416c8319823b3869b14e64e6

                            SHA256

                            8df266fde65afa0c35c7335d17723b77d58e32e7d70aae4ab40024cb3b97fb26

                            SHA512

                            83c0b6b2cf99acef6a4039004121820a57a9f319486935dc11670c5a70c4fd8adb4ffb32ebb604dc4c6a5c2c0428a9e00912fb37c83a5e4f8f0c8cab21822782

                          • C:\Windows\{D7390EF6-EE50-4bcf-B5A0-2C467D102060}.exe

                            Filesize

                            93KB

                            MD5

                            e67dc4636100246c1a8b602647079f72

                            SHA1

                            d998a29735e47e980409d93857b6abc704903b05

                            SHA256

                            17527124380df17cfa24cdda99dbb9ed3aaf469d93b34f75b1f8dd70058e6717

                            SHA512

                            e15fb73e8ff654c82e14c28bed78af820a89c497837961c6ece1e688d2f194afb6972db46ee1b96885d562da2fa816e3322ca2f10772684ee660a160fb45a46f

                          • C:\Windows\{D7390EF6-EE50-4bcf-B5A0-2C467D102060}.exe

                            Filesize

                            96KB

                            MD5

                            dc880221f9b5257f6b552a6c79abe53a

                            SHA1

                            fbf0e8dc2936539de1861288c9d2e541fd674456

                            SHA256

                            d069ade7da504316e15a41f9b25e25dc5f6b44b590014c026643dc7d39a8ffc7

                            SHA512

                            8033a339bade456f0ea7abdb471eb780aed76c011a394d9455f6412f34d1985285117eaabe62f4cd14934299b7380244772bcb0f644976ada7cd45b1423259b3

                          • C:\Windows\{D7959034-881C-42e8-8249-89AD8819C1DC}.exe

                            Filesize

                            408KB

                            MD5

                            6b1347e4e69bf6877df30eb1d5678fca

                            SHA1

                            4773265902984216aa242fb9f68658edf609cc69

                            SHA256

                            510fdb82b323a1eefba450d16794df314e32dcbbc84e24a7c3c55ee3d2720aa6

                            SHA512

                            0d4203fd768b2713e62153c863cb49d34455c28bbfb0c87a7f4288d68e856f38f3bd57267c1c53896581205ba491f9b851b716230b7c1ffd0bb12a1746d5e9f2

                          • C:\Windows\{E6B1F28E-3DCD-40e9-8B37-E2C3FB9B7160}.exe

                            Filesize

                            408KB

                            MD5

                            787dc17bb7f2ef76e4126af6cd8a9d19

                            SHA1

                            6deea89cab426c2679c8ca7db2afcf35fb010bc2

                            SHA256

                            8d9dbd860fe3f0a71f4da99ea47e99440c7adbbd67e74554ebcd0d6075d88978

                            SHA512

                            e8bdb300730d0e28f943a3701ca6b98d66eb520b83110afe3cd7083dc4c31721756f11167289496f186f5c162915b05c3d17c656467e3022f3875cdf594ac56f