Analysis
-
max time kernel
149s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
18/08/2023, 13:25
General
-
Target
260d55fae0454dace2916e186630c528_goldeneye_JC.exe
-
Size
372KB
-
MD5
260d55fae0454dace2916e186630c528
-
SHA1
387907a30f78295e48bce4b7a2c9215f3afbfdc7
-
SHA256
9ba86c9da9fcdc7c89c10903395f11491e2c2ab651caa0e48319ea34eea61f7e
-
SHA512
52c66883d7172bd2541b630dd47f19d2f7d21138e0b9b01704299a9dd50a6af2b9d049725ff2c34c95178b31f4c1a83e65c8c35c1b1ba4b479bb81884af21ef7
-
SSDEEP
3072:CEGh0oymlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGVl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\260d55fae0454dace2916e186630c528_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\260d55fae0454dace2916e186630c528_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{54156136-7AEA-4fcf-BB0C-C68FB921E6E7}.exeC:\Windows\{54156136-7AEA-4fcf-BB0C-C68FB921E6E7}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0BAFB547-8932-47c9-B92F-34BD9B8F8224}.exeC:\Windows\{0BAFB547-8932-47c9-B92F-34BD9B8F8224}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0BAFB~1.EXE > nul4⤵
-
-
C:\Windows\{3049094B-3747-4684-946F-366DCC5B3141}.exeC:\Windows\{3049094B-3747-4684-946F-366DCC5B3141}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CD23EC01-64F9-4bff-A86F-A2B5ED42FC88}.exeC:\Windows\{CD23EC01-64F9-4bff-A86F-A2B5ED42FC88}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{703EB53B-61C9-4594-B65A-9AE2E470922E}.exeC:\Windows\{703EB53B-61C9-4594-B65A-9AE2E470922E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EB07C044-390C-4d5e-BD62-8636613C7417}.exeC:\Windows\{EB07C044-390C-4d5e-BD62-8636613C7417}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3E186F91-D8AD-4694-8A82-DA3E0596C120}.exeC:\Windows\{3E186F91-D8AD-4694-8A82-DA3E0596C120}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{969E592C-4F3A-4af9-B10C-255532BB8E2D}.exeC:\Windows\{969E592C-4F3A-4af9-B10C-255532BB8E2D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{62232DE3-A503-46c8-9C17-CA61D0BA7BEC}.exeC:\Windows\{62232DE3-A503-46c8-9C17-CA61D0BA7BEC}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D59CE0D2-66A7-4a7e-84FA-6D1059AE5E26}.exeC:\Windows\{D59CE0D2-66A7-4a7e-84FA-6D1059AE5E26}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D59CE~1.EXE > nul12⤵
-
-
C:\Windows\{3EFB1015-1044-45e6-856B-A2DE76AE0DCE}.exeC:\Windows\{3EFB1015-1044-45e6-856B-A2DE76AE0DCE}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{103074C4-D716-4b1e-8ACB-53BE46B7A81F}.exeC:\Windows\{103074C4-D716-4b1e-8ACB-53BE46B7A81F}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3EFB1~1.EXE > nul13⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{62232~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{969E5~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3E186~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EB07C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{703EB~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CD23E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{30490~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{54156~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\260D55~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5f5b44d011b16ce089ebfe2cd13d8eb60
SHA10dae035eed75f078ae48e2072b28317b481185a9
SHA256eca8ee18b1d1b4a173a78c5209c49365315bdeddd6d638b16d25fcb02cea1e95
SHA512cd0513106cebe611f8966bc28d88c21be360841852fc87113c0ea92b204af0706227128d169b4b7a1f43f1bb7bc9a9e4f0719dcf12648d01edf9d3c332cca0dc
-
Filesize
372KB
MD5f5b44d011b16ce089ebfe2cd13d8eb60
SHA10dae035eed75f078ae48e2072b28317b481185a9
SHA256eca8ee18b1d1b4a173a78c5209c49365315bdeddd6d638b16d25fcb02cea1e95
SHA512cd0513106cebe611f8966bc28d88c21be360841852fc87113c0ea92b204af0706227128d169b4b7a1f43f1bb7bc9a9e4f0719dcf12648d01edf9d3c332cca0dc
-
Filesize
372KB
MD53ecb08eb62b6ba06b611604e6f42854e
SHA1b4205526b339254a6e46d39375a2db5f8d11cf86
SHA25671b4a3ab43cb232312850a87e2cceb57219964944e59199d3e961f08c56b795b
SHA51205e335009215216d2c3d55b2c6342348da3d4422233bbcf5117eb8ba9578b84e16295dc8907c70ed6490f8ebc9ec6f5074d5bf639a217a9e804c6c420d495e69
-
Filesize
372KB
MD53ecb08eb62b6ba06b611604e6f42854e
SHA1b4205526b339254a6e46d39375a2db5f8d11cf86
SHA25671b4a3ab43cb232312850a87e2cceb57219964944e59199d3e961f08c56b795b
SHA51205e335009215216d2c3d55b2c6342348da3d4422233bbcf5117eb8ba9578b84e16295dc8907c70ed6490f8ebc9ec6f5074d5bf639a217a9e804c6c420d495e69
-
Filesize
372KB
MD53d9e43d0d6c39350ce192a0fa84d53cd
SHA124e966df3effb11a7c11e99bcea30a5995a35d35
SHA256567ccf0494a23ba4265c9d6ccf3c70c146d91d01728fd17808b90703416b9498
SHA512c3410b7ff7426068cedd13fab0ef68be148b63203089aa85b8be516db0907c011e30374940d346f337734910d616240519a0f3c403757282b8d66682af727b9e
-
Filesize
372KB
MD53d9e43d0d6c39350ce192a0fa84d53cd
SHA124e966df3effb11a7c11e99bcea30a5995a35d35
SHA256567ccf0494a23ba4265c9d6ccf3c70c146d91d01728fd17808b90703416b9498
SHA512c3410b7ff7426068cedd13fab0ef68be148b63203089aa85b8be516db0907c011e30374940d346f337734910d616240519a0f3c403757282b8d66682af727b9e
-
Filesize
372KB
MD53d9e43d0d6c39350ce192a0fa84d53cd
SHA124e966df3effb11a7c11e99bcea30a5995a35d35
SHA256567ccf0494a23ba4265c9d6ccf3c70c146d91d01728fd17808b90703416b9498
SHA512c3410b7ff7426068cedd13fab0ef68be148b63203089aa85b8be516db0907c011e30374940d346f337734910d616240519a0f3c403757282b8d66682af727b9e
-
Filesize
372KB
MD5f90f3b582dd2185e8b96c3184091774e
SHA13dfc322a53443ea6424ead4e58ff1ba0364257fc
SHA256ccd1cd48b3d6f3b50dd5ab9067864636da75efc52e6b984c2e0a64ddbdf27017
SHA5128eb5c5d8a66cc905906257ea5e55d10bb34cbdc2f5316de0212dc8d8e892c484a7daa71502f0a1ae459f7ca5b611faabd1830eccf120284356351278aae695ea
-
Filesize
372KB
MD5f90f3b582dd2185e8b96c3184091774e
SHA13dfc322a53443ea6424ead4e58ff1ba0364257fc
SHA256ccd1cd48b3d6f3b50dd5ab9067864636da75efc52e6b984c2e0a64ddbdf27017
SHA5128eb5c5d8a66cc905906257ea5e55d10bb34cbdc2f5316de0212dc8d8e892c484a7daa71502f0a1ae459f7ca5b611faabd1830eccf120284356351278aae695ea
-
Filesize
372KB
MD5287a38ca0a0623dbbe947551a436626d
SHA1631b8073354637aba7d91c9a1abea0ddacda8e2b
SHA2563835a920accff581662f0708461e6018d2ed9fa1b1542e184c9dab1bce73a904
SHA512d87448b05689e165870bf03effe9c6f6890b0fb2c28d12113ef861939507ed4aad37830a4197542de18c5b09c85870d110e4b8e4003af91ca69cabeda4d74712
-
Filesize
372KB
MD5287a38ca0a0623dbbe947551a436626d
SHA1631b8073354637aba7d91c9a1abea0ddacda8e2b
SHA2563835a920accff581662f0708461e6018d2ed9fa1b1542e184c9dab1bce73a904
SHA512d87448b05689e165870bf03effe9c6f6890b0fb2c28d12113ef861939507ed4aad37830a4197542de18c5b09c85870d110e4b8e4003af91ca69cabeda4d74712
-
Filesize
372KB
MD512abe3f73834f8868544437d497b49ab
SHA1d6fbf9cdc8779ec96bb5de4a80fd2777e2653fa5
SHA256057c534ccd1f43e5ae6ad9896c6767471c3513b5af7cf5f647cb84e2a9356b3e
SHA512d42f811a613669929940f0a21c5738de6c3c71d9bd614059fb7ad870d12a750960b365bdb6b608ed6a2b9a4420d9cc86e8d36b24d8497419300e7678d40245f0
-
Filesize
372KB
MD512abe3f73834f8868544437d497b49ab
SHA1d6fbf9cdc8779ec96bb5de4a80fd2777e2653fa5
SHA256057c534ccd1f43e5ae6ad9896c6767471c3513b5af7cf5f647cb84e2a9356b3e
SHA512d42f811a613669929940f0a21c5738de6c3c71d9bd614059fb7ad870d12a750960b365bdb6b608ed6a2b9a4420d9cc86e8d36b24d8497419300e7678d40245f0
-
Filesize
372KB
MD54f9395c694d7627211e7f4eaaf04da41
SHA1b91d86480c2153ae14849750809ab18700e46e5f
SHA2565f5d65976785d48f158d9e4a17799217f1f74c3046eb1e29cd6d939d441b0868
SHA5126b0da64a62376d2b720cdf9136ba40cbcbe395a8a41719ac850647dd940b80fbd033b011774d4a9aa6a146219e64d29010b969c11b8b8235f61799bdad6c30d0
-
Filesize
372KB
MD54f9395c694d7627211e7f4eaaf04da41
SHA1b91d86480c2153ae14849750809ab18700e46e5f
SHA2565f5d65976785d48f158d9e4a17799217f1f74c3046eb1e29cd6d939d441b0868
SHA5126b0da64a62376d2b720cdf9136ba40cbcbe395a8a41719ac850647dd940b80fbd033b011774d4a9aa6a146219e64d29010b969c11b8b8235f61799bdad6c30d0
-
Filesize
372KB
MD55257824e452dd8e25d9669935fe22992
SHA1d3b8986767bf2d213ad94630e95c71a3619fbb06
SHA256e7b52cd3ba66856d46367f03de71cb0a9b742c0683e1ef90069c56b7025325a6
SHA51247f47ea83e699dd455a19456e08a301558a1d796b2ff9ca64a73790b5bc6d00c79a293cbf6fed97a356d5158668722a4408fad1d7af5534ac43d69dccb11b858
-
Filesize
372KB
MD55257824e452dd8e25d9669935fe22992
SHA1d3b8986767bf2d213ad94630e95c71a3619fbb06
SHA256e7b52cd3ba66856d46367f03de71cb0a9b742c0683e1ef90069c56b7025325a6
SHA51247f47ea83e699dd455a19456e08a301558a1d796b2ff9ca64a73790b5bc6d00c79a293cbf6fed97a356d5158668722a4408fad1d7af5534ac43d69dccb11b858
-
Filesize
372KB
MD541dd914a35ea290dbe7cb862cb2533a3
SHA182b93500abb732a6a92620a1156474a0b27d5723
SHA256fd5eeb7fc9b3fa0066b75b269c4fb6b04de996695638db15f12828fd215cb01f
SHA512281b1fe01b9ad2d3809f50a1948ea57cd1e551373c18ec31650193eb98552e682221b37ada921f3849ffa09bc1050ce2aa1dde7f663468010a4d89b03f0bac72
-
Filesize
372KB
MD541dd914a35ea290dbe7cb862cb2533a3
SHA182b93500abb732a6a92620a1156474a0b27d5723
SHA256fd5eeb7fc9b3fa0066b75b269c4fb6b04de996695638db15f12828fd215cb01f
SHA512281b1fe01b9ad2d3809f50a1948ea57cd1e551373c18ec31650193eb98552e682221b37ada921f3849ffa09bc1050ce2aa1dde7f663468010a4d89b03f0bac72
-
Filesize
372KB
MD5d242db20f035b700a86de5252e044cd6
SHA105c57f3ee8be3fe62993e3a32227ab61f9253b1c
SHA256555039aa546c3a1373025719be729f1a703622c4cb14858c7f2c1266901705e9
SHA5127284d761c6cc4a90854826e881e41520d7b7f270a3deb484549a740bdfab1a8b25d776f506891df9b61e51c478f978d681658eba96457e9391e966ced9b2f37a
-
Filesize
372KB
MD5d242db20f035b700a86de5252e044cd6
SHA105c57f3ee8be3fe62993e3a32227ab61f9253b1c
SHA256555039aa546c3a1373025719be729f1a703622c4cb14858c7f2c1266901705e9
SHA5127284d761c6cc4a90854826e881e41520d7b7f270a3deb484549a740bdfab1a8b25d776f506891df9b61e51c478f978d681658eba96457e9391e966ced9b2f37a
-
Filesize
372KB
MD527e9273e7e970cefdb2b0eb68e7298a2
SHA144c7ff68b917ff0ad55b195208af562a7f46e6de
SHA25647da64fea4f68152d0de8016d41dda2170557e8eaac58c60128a30ff6923bb5a
SHA51217384fe946b7e699cfd5cfb7efc71e0fec4e100d4968e6ee4c7f5a1d4309d644ee99fd169080d720326267a7c4463874e7a739ec9a7f1b3e95142e749b4d7de8
-
Filesize
372KB
MD527e9273e7e970cefdb2b0eb68e7298a2
SHA144c7ff68b917ff0ad55b195208af562a7f46e6de
SHA25647da64fea4f68152d0de8016d41dda2170557e8eaac58c60128a30ff6923bb5a
SHA51217384fe946b7e699cfd5cfb7efc71e0fec4e100d4968e6ee4c7f5a1d4309d644ee99fd169080d720326267a7c4463874e7a739ec9a7f1b3e95142e749b4d7de8
-
Filesize
372KB
MD53ab9ddab335ea4b6500f3f4c42061ee0
SHA119d4b41c6f19b2829bc0f3c5bb5a69f1bf2e0365
SHA256090fdb81edafc34a8fa6fbc0dc70dae5d6e834cd80c199550e5ba3beafb26788
SHA5127a9c87265beb56f0f49a5b8ffa8270e82bdbfe267ac83a7d288d17f0622d6df34cd69f03d331a4e1688c3cdcbf2caa4702157eca9ad31d4fdf52d8b95db19a30
-
Filesize
372KB
MD53ab9ddab335ea4b6500f3f4c42061ee0
SHA119d4b41c6f19b2829bc0f3c5bb5a69f1bf2e0365
SHA256090fdb81edafc34a8fa6fbc0dc70dae5d6e834cd80c199550e5ba3beafb26788
SHA5127a9c87265beb56f0f49a5b8ffa8270e82bdbfe267ac83a7d288d17f0622d6df34cd69f03d331a4e1688c3cdcbf2caa4702157eca9ad31d4fdf52d8b95db19a30