Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 02:52

General

  • Target

    2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe

  • Size

    380KB

  • MD5

    6d567ac7a66fe4ff2118501fe126bae9

  • SHA1

    133a6c80f2401f94d2646b7839f88606d8bc967a

  • SHA256

    2d9369dc9317b9d668139c100f78be2db8979ad4c67a3c62b91185ece6601adf

  • SHA512

    5665592a36e8c13be5ce5bbeaef83ba0ea7f8f905ff679d09240416e29fa70f9e481fbe1bdad9e78c0aff149b0aca1442fc582aefa5d5c74a473308502847926

  • SSDEEP

    3072:mEGh0oNlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGfl7Oe2MUVg3v2IneKcAEcARy

Score
9/10

Malware Config

Signatures

  • Auto-generated rule 13 IoCs
  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4296
    • C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe
      C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4524
      • C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe
        C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4516
        • C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe
          C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4144
          • C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe
            C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3036
            • C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe
              C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3476
              • C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe
                C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2052
                • C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe
                  C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:452
                  • C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe
                    C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4724
                    • C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe
                      C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:776
                      • C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe
                        C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:3104
                        • C:\Windows\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe
                          C:\Windows\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:4576
                          • C:\Windows\{9B765254-8B15-443a-8483-3F95CAAED4EA}.exe
                            C:\Windows\{9B765254-8B15-443a-8483-3F95CAAED4EA}.exe
                            13⤵
                              PID:3696
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{F5D55~1.EXE > nul
                              13⤵
                                PID:4712
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{115D2~1.EXE > nul
                              12⤵
                                PID:4200
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{6915B~1.EXE > nul
                              11⤵
                                PID:1656
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C9AEA~1.EXE > nul
                              10⤵
                                PID:5064
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{F30D2~1.EXE > nul
                              9⤵
                                PID:4720
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{3DAF9~1.EXE > nul
                              8⤵
                                PID:1064
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{C5F48~1.EXE > nul
                              7⤵
                                PID:4916
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{FEEA6~1.EXE > nul
                              6⤵
                                PID:1516
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{4FFCB~1.EXE > nul
                              5⤵
                                PID:4876
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{B9C79~1.EXE > nul
                              4⤵
                                PID:4796
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{2EF4F~1.EXE > nul
                              3⤵
                                PID:4624
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                              2⤵
                                PID:5088
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
                              1⤵
                                PID:1336

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe

                                Filesize

                                380KB

                                MD5

                                a105376e4cffd62ae4370502068f9b64

                                SHA1

                                6c29f5e16170572fa51a0cb3eaed2726eeefd68a

                                SHA256

                                d27febe4422f8b52ec8e9db8d8e6df8233938914061501fe6ac09dc0b0158a01

                                SHA512

                                f5bfe0ec52663a46296928f1e7da3a4087048f37ae385029438f4d97aa6d4a8892579755b4dd905f63eca18c8912b02680c8e4484e13d727cef95578103c2d06

                              • C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe

                                Filesize

                                380KB

                                MD5

                                509194960e32e1e3677fb350549cedbd

                                SHA1

                                a1f00449b69ef2eca8d6ba5ab602abcfe358703b

                                SHA256

                                1f0df1208bc996e1a7165f887e5d4b5e1fe7db36e9f700b1ee171f8b3e5704f3

                                SHA512

                                95efb27cabf1f0a08778a37ab78f082c5ad88fabcf9b67d368f8c8c2eac53ce47462b71a6a736102b18eb080826ee5927d27c7ab8d457e1be734239acfc0247c

                              • C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe

                                Filesize

                                380KB

                                MD5

                                b133a395152a574aef68ebda3df3f7c1

                                SHA1

                                e3b921dbf44897c925ba8c130e34eaa982f0e39c

                                SHA256

                                41277493cb685edb1ebe777067ba642730ebc63cb96f5459892f612ca9639e5c

                                SHA512

                                0f0073b248228ad42ec23ca892df74ddf76e44a59e86e8e0d9bc4b15c9588009c7add83fdff86dce81ecdc5d8e5b1741c805c6bb546217460f5b95eb7bda9859

                              • C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe

                                Filesize

                                380KB

                                MD5

                                dfeb09425ab5cccd2df5c17685153f5d

                                SHA1

                                e23ae3638077fc928876ad694bf25b5c656c877d

                                SHA256

                                2946231b0127c898ab37137ae93021a951ec27dba782c94498d32caf8c798166

                                SHA512

                                50754669896fef7e3dade01b5740172188ce3d8c390a6e16d8b12fa95df58d6f94f6d0a22e84a72be9ce778a5e173154a65d2cfd3f963917a478694777319ab8

                              • C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe

                                Filesize

                                380KB

                                MD5

                                94a700766612c95b9e917a3872e2cd1e

                                SHA1

                                b4155c868206d4489535fd6d2dd89671b0462275

                                SHA256

                                295cc22064c817b331476f10065928099ed408818d1e8e36b3bea7dff32d33c9

                                SHA512

                                86d578548abe92ff164eb3d5bee38f4c57249f679d7b90a1ba86939f5849494aa43c5994fb2aaea2a67ddfcebe7cc4a095d2a6373c5e0a8a369dcec10845e7d0

                              • C:\Windows\{9B765254-8B15-443a-8483-3F95CAAED4EA}.exe

                                Filesize

                                305KB

                                MD5

                                d6af5a96dc90688c7abfc1aa58c26a32

                                SHA1

                                425d8898babe3bfe52003ffeb293949ed2f3e0ab

                                SHA256

                                80329085660f9b348e81559dff2e597ba341b4a434054a3166f47bab6725acec

                                SHA512

                                0d2d9272e53f5a04d45f885dd2fe2c97ed3f238577481c9fc2e156c22dc640e82062d8f2ddbb92e6f77049b56c7553ca882c2aeb29a99e157e6bcd9732a69269

                              • C:\Windows\{9B765254-8B15-443a-8483-3F95CAAED4EA}.exe

                                Filesize

                                243KB

                                MD5

                                086d2c94804af2753fa079f39b641ca2

                                SHA1

                                73c9e10472fb8f3d1802b5773ba6e3248ce411a0

                                SHA256

                                501279ace150fc257919fb584ee1b657b3f3e8a705e03a590be2ea14577506c0

                                SHA512

                                1ebb59934fc4fbf7062b850d96d5f6a02937907596940b51f36d96473778e464c7c272c6e3fffae1e4266775677db0db1c5b1f09a43ae85738de2012837a1416

                              • C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe

                                Filesize

                                380KB

                                MD5

                                49d55df98811ccc5a2915e12e6a34b4a

                                SHA1

                                65202f2906513dad966a221a7657b02c2b1d6023

                                SHA256

                                ccf4e40e6aba68d5a45e4681c675579eb8ea7bcd4bfbd6f4983d31fa08d17d90

                                SHA512

                                58c587637505fc6b8ccb1e563ccd5f236f8457cbb279eace366554f7f3d91b2fafbb638028551ed75013dd6eb165d9667703c486318fab4b552887394fec9c94

                              • C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe

                                Filesize

                                380KB

                                MD5

                                4c5a14ad9a398128d9672b99f49ebe6c

                                SHA1

                                3958f472803bd5be896d6e6d0e5b3b9c4fe5a980

                                SHA256

                                440e58d04b9e62604c6a651951500e809156d483e45c34a9c0525d217d6923e3

                                SHA512

                                4db013bc72d5605b142c86161bc73458c8b4d0eb2d016a0b02aab4536e3762fe8d4e94f1139bcdad8bd96ddbbbdc5d2c42f929b05d6c39d1585aa227d151b4d4

                              • C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe

                                Filesize

                                380KB

                                MD5

                                30e9d7e86c9d27d336a925727be48279

                                SHA1

                                570623c239e1846c4801cd8b723cee69cb519319

                                SHA256

                                aaea71ae11f46132128650aa8fef0fe28e333ba6d9866aae5c3ab3525237640b

                                SHA512

                                cccda9a10f522c31a94d342999bdb927c04dffb5e25113684828c859b1773a16026f2f0bb603431d178e50a274e6fd72c22b350ff9de8b0900ef0995c56537d5

                              • C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe

                                Filesize

                                380KB

                                MD5

                                7207e0984edb624194323b4ce56f3ee2

                                SHA1

                                1719c25058024013fd0fba7bec0409fb9d0bdd99

                                SHA256

                                fa6d0855592936c49dc8fe84cb8e3f9c8c116c30a559b7bc886296daccfa5c7a

                                SHA512

                                6f81c19c37660c35b4b9a27711cc937a0296d3add3dfa60b400cba9c3e2b627a147c6b5366198609f965897f5774f9ad9fb54b512588b91d26c6700ac829eff3

                              • C:\Windows\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe

                                Filesize

                                380KB

                                MD5

                                49867ae2470c9bd8dc19dad00c6173e2

                                SHA1

                                16648246a887d00fb8ae785df9590817644074ba

                                SHA256

                                3c8e16e4099b931e79eb26a275b748157ac6c3d1dce550473e6fad8138690e42

                                SHA512

                                4eb1b033565ff266173ec957c60167c30edc72e4680936941fd80e72baeacf439733aff439ae91c91091a0f8e050d0fb853a0f81c7a61c1e50c49b42fc4e4396

                              • C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe

                                Filesize

                                380KB

                                MD5

                                59ed078ef9d21ebb25137b719604537a

                                SHA1

                                bb87dfd5eb264897919cd35fe1436ed0f461f75d

                                SHA256

                                4e2781986606404edd811182cc6d7b782109840367a8e33b5d3c929e9e54e37f

                                SHA512

                                c14752950136e60d11e6e508529a2312f8c03e68c10d1327db8dd91bec9ca46bacd048b990ec72199b1131bd06d76480e6b9ae5810ec5d262e4d66440430c4e9