Analysis

  • max time kernel
    69s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 04:10

General

  • Target

    2024-06-10_54def91bc41e5f6dedc6d0b825b03fef_goldeneye.exe

  • Size

    408KB

  • MD5

    54def91bc41e5f6dedc6d0b825b03fef

  • SHA1

    1cfdc7443fdc12740eb1ec74f09db2dc8eec9b76

  • SHA256

    71d546866b6bd57bd3addee83e4738fb057c44eeb1781cf5ca1a55dbc6c1715c

  • SHA512

    d6417abddab26c051f00c1e8be422106c36d2a4370830d9596f43741ad788fd2393a0c1f4bc86512c294a4fdfbf254b44392a1190f273268d4bcc4aa1812d402

  • SSDEEP

    3072:CEGh0odl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGzldOe2MUVg3vTeKcAEciTBqr3jy

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 12 IoCs
  • Modifies Installed Components in the registry 2 TTPs 10 IoCs
  • Executes dropped EXE 5 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-10_54def91bc41e5f6dedc6d0b825b03fef_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-10_54def91bc41e5f6dedc6d0b825b03fef_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Windows\{C1D80A0B-3479-4edd-B43E-856FD86C53CB}.exe
      C:\Windows\{C1D80A0B-3479-4edd-B43E-856FD86C53CB}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Windows\{7A775777-527C-4d2e-A2E3-BE4E0F1DC718}.exe
        C:\Windows\{7A775777-527C-4d2e-A2E3-BE4E0F1DC718}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:640
        • C:\Windows\{29CC750B-4451-42b5-AA2B-C4C2A510135E}.exe
          C:\Windows\{29CC750B-4451-42b5-AA2B-C4C2A510135E}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2200
          • C:\Windows\{05E49E1E-308D-4e42-AACE-F1634AA78878}.exe
            C:\Windows\{05E49E1E-308D-4e42-AACE-F1634AA78878}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4856
            • C:\Windows\{18BADCE2-B1EA-4bdb-9DD5-AA39D6346C3E}.exe
              C:\Windows\{18BADCE2-B1EA-4bdb-9DD5-AA39D6346C3E}.exe
              6⤵
              • Executes dropped EXE
              PID:428
              • C:\Windows\{D128C14C-13EF-492e-992A-8947AFEB5E13}.exe
                C:\Windows\{D128C14C-13EF-492e-992A-8947AFEB5E13}.exe
                7⤵
                  PID:4288
                  • C:\Windows\{4C04DDCB-2D88-4b19-B6F7-FA1A0DA6BB19}.exe
                    C:\Windows\{4C04DDCB-2D88-4b19-B6F7-FA1A0DA6BB19}.exe
                    8⤵
                      PID:3248
                      • C:\Windows\{6DC2DCB6-8E37-4086-9A1E-6040EE88FC65}.exe
                        C:\Windows\{6DC2DCB6-8E37-4086-9A1E-6040EE88FC65}.exe
                        9⤵
                          PID:3268
                          • C:\Windows\{0F48EC3C-BC6F-4a6c-B79E-89C346FE47AF}.exe
                            C:\Windows\{0F48EC3C-BC6F-4a6c-B79E-89C346FE47AF}.exe
                            10⤵
                              PID:3968
                              • C:\Windows\{9FB22527-35A3-423f-95A6-9FFDBCA971E6}.exe
                                C:\Windows\{9FB22527-35A3-423f-95A6-9FFDBCA971E6}.exe
                                11⤵
                                  PID:1588
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{0F48E~1.EXE > nul
                                  11⤵
                                    PID:2496
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{6DC2D~1.EXE > nul
                                  10⤵
                                    PID:3748
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{4C04D~1.EXE > nul
                                  9⤵
                                    PID:2508
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{D128C~1.EXE > nul
                                  8⤵
                                    PID:3844
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{18BAD~1.EXE > nul
                                  7⤵
                                    PID:876
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{05E49~1.EXE > nul
                                  6⤵
                                    PID:2216
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{29CC7~1.EXE > nul
                                  5⤵
                                    PID:880
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{7A775~1.EXE > nul
                                  4⤵
                                    PID:3876
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Windows\{C1D80~1.EXE > nul
                                  3⤵
                                    PID:3016
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                                  2⤵
                                    PID:2004

                                Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Windows\{05E49E1E-308D-4e42-AACE-F1634AA78878}.exe

                                        Filesize

                                        408KB

                                        MD5

                                        9c33edd401335e3ab9d16dac6c3b9d7e

                                        SHA1

                                        7b70f2f8d7ecc5eec27999194d45648bed3e6f6f

                                        SHA256

                                        27c2e0df35d2417014b3be06346355ccbc552587403a15aabb991855cacf93b9

                                        SHA512

                                        079bbcb650905a5d13bbad7c188e1551973f37f0467e4d296147bf5b7a887d788eb4c5c12a48fe7f97173212dd3f1c9cc7991a1039f3f53f6ce2de264c6f37e8

                                      • C:\Windows\{05E49E1E-308D-4e42-AACE-F1634AA78878}.exe

                                        Filesize

                                        128KB

                                        MD5

                                        74e14ce6556272bebb22b9b2a3a01775

                                        SHA1

                                        ff0b46744aa9f6e5f2819334637b9a41a9d1b28a

                                        SHA256

                                        7a4cd9f7ca3f97787ad9410467a4f0f193789112d6aaec599d5c17232b0f3291

                                        SHA512

                                        3704a36354e356f217d235a52b17120b99945340e8298c203e9231cfbfd3e316be5159c73637da1d210b46a68d2b69a5bd7264f673afcc6b5f3811d27324ab62

                                      • C:\Windows\{0F48EC3C-BC6F-4a6c-B79E-89C346FE47AF}.exe

                                        Filesize

                                        93KB

                                        MD5

                                        1630bc9119a8eeb6a4eec7fed9576d5f

                                        SHA1

                                        9b9019cfd7826084f472dddb44cdcadc7ed8ffe3

                                        SHA256

                                        81da80a991eec81f83852ad5fc7d4b14bfa076b9f78d25ba5106caba42f72ada

                                        SHA512

                                        4b10a455dcd2754e2a2e301f199bd41bdd6f2b59f4fbad99129f9807cb5fbb87b4bb25020d106c014c991077b99bb0e38b1c304061f6d7a4d6efbe3ce2f8a7ac

                                      • C:\Windows\{18BADCE2-B1EA-4bdb-9DD5-AA39D6346C3E}.exe

                                        Filesize

                                        408KB

                                        MD5

                                        fbffa3044661c44d31b5d74798d17182

                                        SHA1

                                        1d9efdff54790ebca3922b4729bd29151e2db020

                                        SHA256

                                        11b8851bb2057bf929f5a7ca346f1312675ab22ba1f1c2f8c938563696f3f67a

                                        SHA512

                                        fc2cc56b787b12375b60887788c1a896178265789892eecca02a0086ee00c76cabcdc32cd8619a02ba6ecb1082f74f2d63caa1f026679f7e89db7a48d45cc93a

                                      • C:\Windows\{29CC750B-4451-42b5-AA2B-C4C2A510135E}.exe

                                        Filesize

                                        408KB

                                        MD5

                                        24aff4051286f5ee94d1952af0c0c36b

                                        SHA1

                                        2f065b149b81a22c303090ed069b5ae4b9c429a4

                                        SHA256

                                        4860ee272eea2bbaf86d03f4d36954ff7191afb07f685346cf4b98b7b8e097f5

                                        SHA512

                                        de36f09521740d6677f6cb0b74d75883355720dd12349fc3d40ef95fdeba5f85f709eb2ef7cde863d62a93d1e1e2a411cd4c67b3f91ba082c220b2ab0ba8ae41

                                      • C:\Windows\{4C04DDCB-2D88-4b19-B6F7-FA1A0DA6BB19}.exe

                                        Filesize

                                        408KB

                                        MD5

                                        c8cead85543fb65a5e18c8eeb124a663

                                        SHA1

                                        fec1a01d034eb1243e3054ff23b7bf6f807cb1a9

                                        SHA256

                                        9a966489ebdfc325959e34017306fa1e2a60d4a6471a1e1c0c9f5446eba4c7ae

                                        SHA512

                                        ced171321be9fdf8acd24b261d9045493208233ae3704d84e86bc2ce8bc5f2284f8959e62c1c8774ad555ebcca15c3c6fc958b32f9a22a425d4f4a9d2d0879b3

                                      • C:\Windows\{6DC2DCB6-8E37-4086-9A1E-6040EE88FC65}.exe

                                        Filesize

                                        408KB

                                        MD5

                                        7ae555bbcbf4489efe2d99dd10ba8031

                                        SHA1

                                        4107c575054325bbc4aca2af36d950e42a82b938

                                        SHA256

                                        ca8673d607d62b3a74e873da6e9e7505fc92859c0f92ef7d7d9a382280d0be4c

                                        SHA512

                                        78d205502cd223af3090edc9d8fde3cedc12aaf9c9427129a95442030f159e0ad961814c51ac2cf66a25355ff696ae93965601dd96dde286970c9ec7500067e1

                                      • C:\Windows\{6DC2DCB6-8E37-4086-9A1E-6040EE88FC65}.exe

                                        Filesize

                                        93KB

                                        MD5

                                        3ba855d88392589b5241af5f5b047380

                                        SHA1

                                        e66d77f100ca2c4813b08f785cd6626b6e677ee4

                                        SHA256

                                        74659944398ae1a7fa8c2fb7d715cf39921aed394d9cb3077258bdc708956010

                                        SHA512

                                        beaa3809c490b1dec77fdd4e0ca33d7af1c26a309aee758c13559c57c0cac076ef41b98dcf3ae2bbb8d919689d19fa5b083bf8d786b434a30de0e0838d20e2ce

                                      • C:\Windows\{7A775777-527C-4d2e-A2E3-BE4E0F1DC718}.exe

                                        Filesize

                                        408KB

                                        MD5

                                        61f9b1e29fece0443e1335c460452b6d

                                        SHA1

                                        6506dbc105ab55058af02e98e2eb986bc2fa8efc

                                        SHA256

                                        be18a1b86e3f655f9d9c020757c17f233df30de18c31477a8749ee645832dd45

                                        SHA512

                                        27f7c1cb8c88a7ec91ada202160fbc2100b3fd8143cb244977bccca2e5206dcd7151f1e17bb8e86f1682ee692a24df080a37a8efb67611bf2a5ccf691995131c

                                      • C:\Windows\{9FB22527-35A3-423f-95A6-9FFDBCA971E6}.exe

                                        Filesize

                                        92KB

                                        MD5

                                        1a4cbecc2d8ae7b61610b90989f73515

                                        SHA1

                                        87e95d4ae5ba255d81bdfd28e3f7291f6fc5f8ca

                                        SHA256

                                        04933d288a942a7f8ce7c98c0931d9d936a54154121b2c97cdf87c40bf609074

                                        SHA512

                                        43a7d2c7cd922681f93c109efd23bce04ffada1447817138cf68b70baf6b8abc8b22d157a2b8c1ddbd145c11570777015488710a7270ff452153a92fdfdca528

                                      • C:\Windows\{9FB22527-35A3-423f-95A6-9FFDBCA971E6}.exe

                                        Filesize

                                        64KB

                                        MD5

                                        35f19861845f4ed7c053d6ee8ce7999b

                                        SHA1

                                        5b7226766176ee5fbb182508da286e425109902f

                                        SHA256

                                        409835f4cf8ed7f9c1084c1c694331dcc2c51c856900fcc22023817a7f660260

                                        SHA512

                                        90c93fa4bce4807ad0cc7122590d8780f24337d764545733a86b0de1620090a85b725950a64dd9ec3d88a0ec42dee40bfe6b358e5dc83dbba30205351ed5c7b2

                                      • C:\Windows\{C1D80A0B-3479-4edd-B43E-856FD86C53CB}.exe

                                        Filesize

                                        408KB

                                        MD5

                                        f13ff9cbc42ec6948b2754e12e837750

                                        SHA1

                                        5d3573d95bb6daa4e4faa0a928630595de32d199

                                        SHA256

                                        d95d03996afb65f646a960829a201b669f945813b248264690d1b513a293a9a3

                                        SHA512

                                        1c953f2a9d2eea7b1e121ced10472144accab0c4834578e588ed5ef3f3534c7c43f778c74cc255684e45d18fe4d33cfbfb833a458248d93d597b90d6f887ba3b

                                      • C:\Windows\{D128C14C-13EF-492e-992A-8947AFEB5E13}.exe

                                        Filesize

                                        128KB

                                        MD5

                                        6f5b2f4c1eca91fbfcad1b4556aef8eb

                                        SHA1

                                        0c3f5255b5d2d31142f0e85b94b4d97846738e94

                                        SHA256

                                        a6f1603b5ddf36160e22e0d9dad4de3b85f89fa176bf12f893c94327cb39f558

                                        SHA512

                                        a4ca19316686367583071a0180fe6c4d964083f0bec84e024adeb2ed66da279cf867cf431143355b805c20c35d368277e60bf51b1c5439d753d6df409ed06bb4