Analysis

  • max time kernel
    76s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 04:19

General

  • Target

    2024-06-10_6e6cf573257ba32da37b3503f7758daf_goldeneye.exe

  • Size

    380KB

  • MD5

    6e6cf573257ba32da37b3503f7758daf

  • SHA1

    e58a7a82a23c63efbe2b25176ce0ccbad1c965d6

  • SHA256

    0dbdaab9f4a49f1a69493c62a58be2a079d3bc8a080344581f96aa2c13692f10

  • SHA512

    18449428a09784327bfa2b612a45a528a9baf1d4c5630fbfc57c559ab43eb71102e9f8e59ad8826af49c07085be71fb6e11c16151778187830cf00f1d712fa41

  • SSDEEP

    3072:mEGh0o0lPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEG+l7Oe2MUVg3v2IneKcAEcARy

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 14 IoCs
  • Modifies Installed Components in the registry 2 TTPs 12 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 6 IoCs
  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-10_6e6cf573257ba32da37b3503f7758daf_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-10_6e6cf573257ba32da37b3503f7758daf_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\{7C31E838-BB0B-4efa-BE3D-60419A4B6AC5}.exe
      C:\Windows\{7C31E838-BB0B-4efa-BE3D-60419A4B6AC5}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Windows\{1EA091A3-6CA6-4e51-BF91-C2E59CC5C53C}.exe
        C:\Windows\{1EA091A3-6CA6-4e51-BF91-C2E59CC5C53C}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2772
        • C:\Windows\{5E6A8C64-E312-4490-A1F5-73A411131640}.exe
          C:\Windows\{5E6A8C64-E312-4490-A1F5-73A411131640}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2468
          • C:\Windows\{CE0DE8F3-7DDD-4d4d-9FB2-C7DD6AB48834}.exe
            C:\Windows\{CE0DE8F3-7DDD-4d4d-9FB2-C7DD6AB48834}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1748
            • C:\Windows\{A09E36FB-B648-4a2d-90BD-33A0E55A1985}.exe
              C:\Windows\{A09E36FB-B648-4a2d-90BD-33A0E55A1985}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2692
              • C:\Windows\{629AD80D-08B7-43b3-B21E-F2700B80A670}.exe
                C:\Windows\{629AD80D-08B7-43b3-B21E-F2700B80A670}.exe
                7⤵
                • Executes dropped EXE
                PID:1852
                • C:\Windows\{9315A027-DC05-4641-8958-2F5B93546B6C}.exe
                  C:\Windows\{9315A027-DC05-4641-8958-2F5B93546B6C}.exe
                  8⤵
                    PID:2356
                    • C:\Windows\{2A9A6F34-CD9C-46f8-8042-DC087BAAFD5E}.exe
                      C:\Windows\{2A9A6F34-CD9C-46f8-8042-DC087BAAFD5E}.exe
                      9⤵
                        PID:332
                        • C:\Windows\{933E4C93-AFEB-4ceb-8223-7F9C7DDAA35B}.exe
                          C:\Windows\{933E4C93-AFEB-4ceb-8223-7F9C7DDAA35B}.exe
                          10⤵
                            PID:1260
                            • C:\Windows\{98075325-87F4-413e-994E-9E604F590B30}.exe
                              C:\Windows\{98075325-87F4-413e-994E-9E604F590B30}.exe
                              11⤵
                                PID:324
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{933E4~1.EXE > nul
                                11⤵
                                  PID:816
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{2A9A6~1.EXE > nul
                                10⤵
                                  PID:2212
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{9315A~1.EXE > nul
                                9⤵
                                  PID:1680
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{629AD~1.EXE > nul
                                8⤵
                                  PID:1012
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{A09E3~1.EXE > nul
                                7⤵
                                  PID:1936
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{CE0DE~1.EXE > nul
                                6⤵
                                  PID:1564
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{5E6A8~1.EXE > nul
                                5⤵
                                  PID:1200
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{1EA09~1.EXE > nul
                                4⤵
                                  PID:2712
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Windows\{7C31E~1.EXE > nul
                                3⤵
                                  PID:2716
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                                2⤵
                                • Deletes itself
                                PID:2572

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Windows\{1EA091A3-6CA6-4e51-BF91-C2E59CC5C53C}.exe

                                    Filesize

                                    380KB

                                    MD5

                                    1dc7e2cc64b7839e151c07f7e1099d3f

                                    SHA1

                                    2a5a439070d748bd836e5a67749e6ddc41bfa642

                                    SHA256

                                    99c71a17f091cd571c7be7f60a33a2d1643b046098f779b6f2aba6d83167889b

                                    SHA512

                                    600bca6892e9e73ad0aa7db8acb7b4d78bb1d78ed5accc469932d31c748c1b92bc2035b695d9075b6a6fe6445daddcd93ae5cd0f1f475f1845e093f50319a4ee

                                  • C:\Windows\{2A9A6F34-CD9C-46f8-8042-DC087BAAFD5E}.exe

                                    Filesize

                                    380KB

                                    MD5

                                    4ef974897c9c2c0109f45c7ea2236a58

                                    SHA1

                                    f47388efc8938e363591dcfda58b58a64f74a38b

                                    SHA256

                                    edca44f94b7ae3669f9f882695bd788363f7860e846bba4e354060a11b0d5e00

                                    SHA512

                                    5dca899ec6bbfbd6d7610a11bcc49a6ff6f980bb5796e10bb18a71ead4e9b49fef927ef71689a0d1c2b204aa0b6856804262a8c17acf9c5658d9830b5067a468

                                  • C:\Windows\{2A9A6F34-CD9C-46f8-8042-DC087BAAFD5E}.exe

                                    Filesize

                                    128KB

                                    MD5

                                    46420b0c9049554c652ecb3a39fb2f9c

                                    SHA1

                                    800f00a4927a7791b9b25087db43ae40b82db3b3

                                    SHA256

                                    e2fc202903ed5e6ac137027b7209ec2026b36e2646e409a3b5059e72e23f77f6

                                    SHA512

                                    bbf904e451c4f1ee62f9a8e8bf375cc1b100806f778d248fa5d973404e52c4917197c7c8dddf0382400f35a9bf65295ffa2e01c4cb593809268ab89a157a9a77

                                  • C:\Windows\{5E6A8C64-E312-4490-A1F5-73A411131640}.exe

                                    Filesize

                                    380KB

                                    MD5

                                    ae1308cbe533134393f9aa5fb7ab7ba9

                                    SHA1

                                    239beb578c9a1639caaae852fa4cd3fb9128b233

                                    SHA256

                                    0dd49ee1e6457bb6f0bb2abf8b94b15482a13a33591181f2099a49c3005fb00a

                                    SHA512

                                    552a7305f11253fcc725823e3ceb5176ad530fe79b7d44344cc6810d6b93e7d888a6c35d07e4c1288fa6de4e3d0699b79a38068afb74451ab5a38c65f925ad19

                                  • C:\Windows\{629AD80D-08B7-43b3-B21E-F2700B80A670}.exe

                                    Filesize

                                    380KB

                                    MD5

                                    80849997449367514d329571d551215b

                                    SHA1

                                    b705fa1dabe9014a6f67226f4feabfecad1e6d39

                                    SHA256

                                    1fe6dec60870760c21c5676d43f97f9e019118f18b5f136a414a2603e7975c3d

                                    SHA512

                                    39290bc65a8f825121a21029dc073509c5fe173c15c3dfaf13154a7f2a47ff5588ac292e202f97126bb27dddde0e8b94bbb771fd4f163392040ede3eb246b6b3

                                  • C:\Windows\{629AD80D-08B7-43b3-B21E-F2700B80A670}.exe

                                    Filesize

                                    128KB

                                    MD5

                                    cc505bbf06f4df180a54a3103280150f

                                    SHA1

                                    8edf2c3a6a127047d7473b273d771c39f2aca175

                                    SHA256

                                    940186badce55c215b8aa683004eef681bb392ca685a58bf7b35fdbc09582614

                                    SHA512

                                    56693a0b9d5b45c576a0950a0454e39d72ac19775b8fbf37c7edf36312fee79439fd290c71c123927fd04661685f050127ffe9c3f999634c7e4d89f0deb4a8e0

                                  • C:\Windows\{7C31E838-BB0B-4efa-BE3D-60419A4B6AC5}.exe

                                    Filesize

                                    380KB

                                    MD5

                                    3e68feca10318e689d86279afe2975ed

                                    SHA1

                                    14881fdd3fb06bcdbb931c0931a65ef615ef1b6a

                                    SHA256

                                    ae859aac76d7e761d84f32b66b562c0ab9b445e70e3f86534f5f65fb1fecbc3b

                                    SHA512

                                    9629a69271f99efe4c442dbacc99e41853ca254da6944222b795a97994a574487b7bae4420eae8fa2f5ec51f84c9107526e996de7d36a01471870af852a926a9

                                  • C:\Windows\{9315A027-DC05-4641-8958-2F5B93546B6C}.exe

                                    Filesize

                                    92KB

                                    MD5

                                    a60ca98940e632c09c0ea54b3a7f389f

                                    SHA1

                                    ff915161cfae0a4eefd5a00c1bd0d7c57a4753ec

                                    SHA256

                                    557a01dc0bbcf3cc373c7671adf410177a2f131579ebc15450bac855330c8f31

                                    SHA512

                                    71079f9e1e8ed829b7f7b418833215ee7e4a1676608aebbf814e2f3741744e20fded689cda5aec1c610436fa2ad625dc9c0e31ae1fdb215e50346f6be7271eb9

                                  • C:\Windows\{9315A027-DC05-4641-8958-2F5B93546B6C}.exe

                                    Filesize

                                    128KB

                                    MD5

                                    e3bebdef1477b208ed24f9d09254e983

                                    SHA1

                                    cb670c0f17bedb2c5a2fa5d51e619c8b6b13dc87

                                    SHA256

                                    84898c819c20ff46789fd92289f1c2236520982291895ac92cda7daecac6ed54

                                    SHA512

                                    0d1d38c92c091f0e7c70c6cc35ca8895a0a191e4b49b0717f622c17ec778e245d270eb94e7290e8bf32b308759a61eb33718c6ee3a8dd5c944734f8e4c69557a

                                  • C:\Windows\{933E4C93-AFEB-4ceb-8223-7F9C7DDAA35B}.exe

                                    Filesize

                                    93KB

                                    MD5

                                    ed57f0edbaf54109639062242b43a527

                                    SHA1

                                    3b3d7dfd79787a624b437ad260a42b3850c55fc6

                                    SHA256

                                    29f24a2155da4cfe230d99b55d51588e5c8c5f69a3ae89623e9aaa372e899fc2

                                    SHA512

                                    f09ef74ae52ee9dfa7a3381fa225871eed58feac0bffeb38b4ca26326149307750585a9699d3274d05f22d47a6c032e29537268d5bfabe93823ad3c446826270

                                  • C:\Windows\{933E4C93-AFEB-4ceb-8223-7F9C7DDAA35B}.exe

                                    Filesize

                                    92KB

                                    MD5

                                    49e2a1801699fc4deb353b00eaa4698c

                                    SHA1

                                    f3dcfa4ce8b3470cf67fec07cffdf3872b3a7fee

                                    SHA256

                                    e05125d6307aa96b930b030f38d24d0714d4f3aac7af1af85d9b63c8f1b4a2bb

                                    SHA512

                                    8fe8fdfe891d39b9fd55c63433bad15629d5655ef49107a558e582725b3c601b95bbad302d78caa1578aeddc74dd4e2fc503519d8a8c18a23249d1be537d48fc

                                  • C:\Windows\{98075325-87F4-413e-994E-9E604F590B30}.exe

                                    Filesize

                                    93KB

                                    MD5

                                    b6affccceafc8fd8904801ccd7192aba

                                    SHA1

                                    e99ee2d68a360ba6d8537a5c50d807e3dbadfdcd

                                    SHA256

                                    333ef86c138c3ecdd00b36b75531b835be438f85a77032cbc4578ccac76a7d85

                                    SHA512

                                    530eb08ad4f05a9251e5e44c631eacd50cff27db6f61f48517c92188bb59b5363064d66d8ea6a2299bab02fef1af83e8501756441bb416b711248a632498ff48

                                  • C:\Windows\{A09E36FB-B648-4a2d-90BD-33A0E55A1985}.exe

                                    Filesize

                                    92KB

                                    MD5

                                    3109afd8b54ab2d1c9f2bfb06bb582e4

                                    SHA1

                                    2d8a64778a213d87f5fb713a6fb0a5d955395581

                                    SHA256

                                    f7601e93ef99e93c270ca4e04224db5d5b20f2157bdfb92ffc94e56aa5c45c2a

                                    SHA512

                                    241aa3952aee0c3d72111e9a14a073e6d48fe06240b111fce543d30dd2a3e1f9b0e012c345dd871eb32411509100e25d4bd57c51b8de754a787c9195a00d9291

                                  • C:\Windows\{CE0DE8F3-7DDD-4d4d-9FB2-C7DD6AB48834}.exe

                                    Filesize

                                    380KB

                                    MD5

                                    6f18a06a5fa9e9a250708871dcc95b81

                                    SHA1

                                    ca7e9299cf16a37bbba47d8f165e2301e6727dfc

                                    SHA256

                                    2a279da836c29bf239bf8cb062ea5f80f6cb9032f54f672a33ad9789042651a2

                                    SHA512

                                    688aade79650d30cdbb98fd3c9cfa735759e131b410926e3846e18ffd7c9024c8319ae0da2092464689cfa0637dbe61890733d5938222fdd5dc61749d259d5d6