Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
27-08-2023 15:54
General
-
Target
afd4389748dd02cdfe81f7b66ca126ff_goldeneye_JC.exe
-
Size
372KB
-
MD5
afd4389748dd02cdfe81f7b66ca126ff
-
SHA1
95cfaa74ba9a7fc93da1233db155b62fe3bcc3a2
-
SHA256
876beec99ed057e50de1ee13df4eb2931387d4f4fb14b03813a813838647480d
-
SHA512
a3371f462ce1c799ad75e30f0d08727384fe76508266e4cebd57aac94cebba12aa979049686e8dd9042b491c11e47b4c2335a15511d87d98996d4dd9ce9454cb
-
SSDEEP
3072:CEGh0oymlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGtl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\afd4389748dd02cdfe81f7b66ca126ff_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\afd4389748dd02cdfe81f7b66ca126ff_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{12E9C728-808A-4b4f-8359-D0D40ACA0F64}.exeC:\Windows\{12E9C728-808A-4b4f-8359-D0D40ACA0F64}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DDE5C22B-B6D8-4f47-87C9-D937182365B6}.exeC:\Windows\{DDE5C22B-B6D8-4f47-87C9-D937182365B6}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{87D78E63-EC0B-46d9-AA7E-6B6AE0D47C1D}.exeC:\Windows\{87D78E63-EC0B-46d9-AA7E-6B6AE0D47C1D}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D0F081BD-79A1-4533-8148-399F9413B8ED}.exeC:\Windows\{D0F081BD-79A1-4533-8148-399F9413B8ED}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BFEBDA24-D92D-4f30-82D0-E2ADE583B300}.exeC:\Windows\{BFEBDA24-D92D-4f30-82D0-E2ADE583B300}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{69E3C77E-176B-4e57-B885-17F668AA324B}.exeC:\Windows\{69E3C77E-176B-4e57-B885-17F668AA324B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{465C704E-56F1-4b53-AA22-02C9A6D55D1F}.exeC:\Windows\{465C704E-56F1-4b53-AA22-02C9A6D55D1F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A3B79376-8E36-40db-A11E-9B36E7EBC2AE}.exeC:\Windows\{A3B79376-8E36-40db-A11E-9B36E7EBC2AE}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{13BAAC6F-CA83-4a44-9EE5-D4463F819B09}.exeC:\Windows\{13BAAC6F-CA83-4a44-9EE5-D4463F819B09}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{45470A22-F335-419b-ADE6-E432B2D5A767}.exeC:\Windows\{45470A22-F335-419b-ADE6-E432B2D5A767}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DF02B8E5-9D13-4447-BF27-9C72D9C23379}.exeC:\Windows\{DF02B8E5-9D13-4447-BF27-9C72D9C23379}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F93E866F-BBBD-4a2c-90B9-5FD9482B0AFD}.exeC:\Windows\{F93E866F-BBBD-4a2c-90B9-5FD9482B0AFD}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF02B~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{45470~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13BAA~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3B79~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{465C7~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{69E3C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BFEBD~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D0F08~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87D78~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DDE5C~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{12E9C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\AFD438~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD51376d7c289739b5ff9acc77ebcad6771
SHA10251c9db5bde1ee91bbd65fa5dcc96c70732ebef
SHA25612823c4a10d242eb41641196c3fd342f3f413dbacdd4c5e28ebf0b4130e58317
SHA512c45d667407fd6ea3127249a83a5c2fbb55f99cf93ad27334abed4d8cebff4e98d935e1c73f5eea2f03999c1db9759ce9b084000e7287bc9c1d595066f887dfd8
-
Filesize
372KB
MD51376d7c289739b5ff9acc77ebcad6771
SHA10251c9db5bde1ee91bbd65fa5dcc96c70732ebef
SHA25612823c4a10d242eb41641196c3fd342f3f413dbacdd4c5e28ebf0b4130e58317
SHA512c45d667407fd6ea3127249a83a5c2fbb55f99cf93ad27334abed4d8cebff4e98d935e1c73f5eea2f03999c1db9759ce9b084000e7287bc9c1d595066f887dfd8
-
Filesize
372KB
MD52e029bdeb05b148cdb7a0a8af67fe08d
SHA170021c69a4decb12f61a4665501c9d44e472320f
SHA256b3736e52deed6480582eea832738ec3f7b675d4b18f28dd282423e97d519051a
SHA5127ee248560b53c79a6aed92067814b1125f851edf4bb0a848ffcfca601eac0e556eab1d5465f0db8b5af0264e7526867b27364c28e686da28aedd8f3699f64b59
-
Filesize
372KB
MD52e029bdeb05b148cdb7a0a8af67fe08d
SHA170021c69a4decb12f61a4665501c9d44e472320f
SHA256b3736e52deed6480582eea832738ec3f7b675d4b18f28dd282423e97d519051a
SHA5127ee248560b53c79a6aed92067814b1125f851edf4bb0a848ffcfca601eac0e556eab1d5465f0db8b5af0264e7526867b27364c28e686da28aedd8f3699f64b59
-
Filesize
372KB
MD501e0cfb3527d1330fb254c123a6d736f
SHA1b16766794500d2efa45e177f8417ab6e424936dd
SHA2560351bc6078f31f981dc2a684c698638801f61c9557ad37f281196a7298906acf
SHA5126e8915fdd498bba062202d4eeeffb04aa5bfc6914ed019779ca216f50834ad3eeaa87c28ed893a8bcafc9ffb1a423903fd61ff867c217584aa3890a21dd86ce6
-
Filesize
372KB
MD501e0cfb3527d1330fb254c123a6d736f
SHA1b16766794500d2efa45e177f8417ab6e424936dd
SHA2560351bc6078f31f981dc2a684c698638801f61c9557ad37f281196a7298906acf
SHA5126e8915fdd498bba062202d4eeeffb04aa5bfc6914ed019779ca216f50834ad3eeaa87c28ed893a8bcafc9ffb1a423903fd61ff867c217584aa3890a21dd86ce6
-
Filesize
372KB
MD5f6c7e4edcc288e59d9821f09680ac32d
SHA1c2981f8bb6e04b158c37ab6a04df1a06335be6ea
SHA25651f633cdd4ea7152598ed30cdb86b6bd4093d68641fe37d0f4a9b7a18b714dae
SHA512651ca30d2f4c695cd3bea82769a0162fd2505368d93cf0f9ca410727135c8d32c660e59f6e8a7a268a31cf5680c0c30b6f13496cc53e5a1d72376713afb406c0
-
Filesize
372KB
MD5f6c7e4edcc288e59d9821f09680ac32d
SHA1c2981f8bb6e04b158c37ab6a04df1a06335be6ea
SHA25651f633cdd4ea7152598ed30cdb86b6bd4093d68641fe37d0f4a9b7a18b714dae
SHA512651ca30d2f4c695cd3bea82769a0162fd2505368d93cf0f9ca410727135c8d32c660e59f6e8a7a268a31cf5680c0c30b6f13496cc53e5a1d72376713afb406c0
-
Filesize
372KB
MD576dcc72321052fb2d862751c90f1d39d
SHA1db89fb8fabf94cc27612f176025be0728b7a0baa
SHA256d3667840872264324978ec3bb8e04a55c7a7c38d14825c4002c2c0113d529089
SHA512be34b8f4bfc2e8bddaf55da1f4c9420620c2fb2e59590c0bac010bea12ea53e0b3b05441d9088acc54db4d2e6b9b1e6c4f2901b9e4a01c30de6332adbc19d878
-
Filesize
372KB
MD576dcc72321052fb2d862751c90f1d39d
SHA1db89fb8fabf94cc27612f176025be0728b7a0baa
SHA256d3667840872264324978ec3bb8e04a55c7a7c38d14825c4002c2c0113d529089
SHA512be34b8f4bfc2e8bddaf55da1f4c9420620c2fb2e59590c0bac010bea12ea53e0b3b05441d9088acc54db4d2e6b9b1e6c4f2901b9e4a01c30de6332adbc19d878
-
Filesize
372KB
MD536c71cc3a0b482cdc06eea01b7dbe112
SHA15c6dff44495003651024b79b0315bf54fef780ff
SHA2568f26b359743ca4cfc665dca9c845c961af8cad6795a0aef82c286127b90f8716
SHA512c252aa66eb78029696de28ea739b746258ca6986561cb321821e96bebce2d9f05d6c5b29bf19cb6652c28b97ad6574bc58c19e081692be587401ded69c7de6dd
-
Filesize
372KB
MD536c71cc3a0b482cdc06eea01b7dbe112
SHA15c6dff44495003651024b79b0315bf54fef780ff
SHA2568f26b359743ca4cfc665dca9c845c961af8cad6795a0aef82c286127b90f8716
SHA512c252aa66eb78029696de28ea739b746258ca6986561cb321821e96bebce2d9f05d6c5b29bf19cb6652c28b97ad6574bc58c19e081692be587401ded69c7de6dd
-
Filesize
372KB
MD536c71cc3a0b482cdc06eea01b7dbe112
SHA15c6dff44495003651024b79b0315bf54fef780ff
SHA2568f26b359743ca4cfc665dca9c845c961af8cad6795a0aef82c286127b90f8716
SHA512c252aa66eb78029696de28ea739b746258ca6986561cb321821e96bebce2d9f05d6c5b29bf19cb6652c28b97ad6574bc58c19e081692be587401ded69c7de6dd
-
Filesize
372KB
MD55e4799ef265b3ae506bd9153260dfc5f
SHA14303399d8c730497aefb74111094837326d5c3b8
SHA256d74482f4f394c16e29e74f008df29a509aba9552fc0c8a28e30c978e649bdfdf
SHA512de65b5c1d1f6d5f396586dad39df18ccd1a33b98cbcec58600a9136ef3d7ebda545b14a8875ac29da56eff909f6fa5924336694eda9258d8799b766435b40b78
-
Filesize
372KB
MD55e4799ef265b3ae506bd9153260dfc5f
SHA14303399d8c730497aefb74111094837326d5c3b8
SHA256d74482f4f394c16e29e74f008df29a509aba9552fc0c8a28e30c978e649bdfdf
SHA512de65b5c1d1f6d5f396586dad39df18ccd1a33b98cbcec58600a9136ef3d7ebda545b14a8875ac29da56eff909f6fa5924336694eda9258d8799b766435b40b78
-
Filesize
372KB
MD50c003fb586e335cab12e6a059333c707
SHA1014a1b0cc6f17be2ca8decbe46699e22af07f8ce
SHA256e9d1ec7e6d171425cdf380e4b1c6755cc6030cac75a403a3384a7cccd6631d40
SHA5121ba5061b871d1355ba61db354845ae31dbd2f05d39e0488d840e2a8e51198d1b580b335964fba855c14dafb753567c7b1fd15bc47c771a9549f002265c6b2b6b
-
Filesize
372KB
MD50c003fb586e335cab12e6a059333c707
SHA1014a1b0cc6f17be2ca8decbe46699e22af07f8ce
SHA256e9d1ec7e6d171425cdf380e4b1c6755cc6030cac75a403a3384a7cccd6631d40
SHA5121ba5061b871d1355ba61db354845ae31dbd2f05d39e0488d840e2a8e51198d1b580b335964fba855c14dafb753567c7b1fd15bc47c771a9549f002265c6b2b6b
-
Filesize
372KB
MD5839d4b4f246467d540c8c212d77d2930
SHA161fb8b6cf380b282278ea5a145fe50daf6c8cb38
SHA25666e342a0e7f26de8b4370aa1344d7274e45df5a020f84259940397cc8ebe51fe
SHA512e713b3ebc080d8de7bbcd53576f944c4f962f02509923b7bae72780dbae9715c029209813b60710c76d62128e0b5035a65576a76945ccc7bc9424ba4d238a096
-
Filesize
372KB
MD5839d4b4f246467d540c8c212d77d2930
SHA161fb8b6cf380b282278ea5a145fe50daf6c8cb38
SHA25666e342a0e7f26de8b4370aa1344d7274e45df5a020f84259940397cc8ebe51fe
SHA512e713b3ebc080d8de7bbcd53576f944c4f962f02509923b7bae72780dbae9715c029209813b60710c76d62128e0b5035a65576a76945ccc7bc9424ba4d238a096
-
Filesize
372KB
MD551b99fa3baec940e98441298fab48347
SHA1fb7d00a7494a528d1a089581e8ddb996e73b2781
SHA256c49c04c6454703219bc4e23f266d27dbd15785d5d326eca838865e9d69d5e7ca
SHA51277c5cc26f2d9c442d3ea7be3f7fe2d4c900d580ded68fb4d96b5ce786b951d1bbc96a127d62f7407d48ae79daba9fa88f90bab05e7b799e742b1fe8af265595e
-
Filesize
372KB
MD551b99fa3baec940e98441298fab48347
SHA1fb7d00a7494a528d1a089581e8ddb996e73b2781
SHA256c49c04c6454703219bc4e23f266d27dbd15785d5d326eca838865e9d69d5e7ca
SHA51277c5cc26f2d9c442d3ea7be3f7fe2d4c900d580ded68fb4d96b5ce786b951d1bbc96a127d62f7407d48ae79daba9fa88f90bab05e7b799e742b1fe8af265595e
-
Filesize
372KB
MD5c4833e9b995267050fc8710810529ae2
SHA149bb4a9ebbd53bff83e41660c679791d558cdd08
SHA256da2daa79c0d1f08e04255120fa3213ee7334a8f7653cdb56d4242c95aa04a4d1
SHA51298cd23d5f6cce87923add13484be7ed58f64d4387a4c871fa63e5a5932cc8ac36f8939c328f12b7c63b7f9a826869fb30e554c74f0aa019defb305732ebad818
-
Filesize
372KB
MD5c4833e9b995267050fc8710810529ae2
SHA149bb4a9ebbd53bff83e41660c679791d558cdd08
SHA256da2daa79c0d1f08e04255120fa3213ee7334a8f7653cdb56d4242c95aa04a4d1
SHA51298cd23d5f6cce87923add13484be7ed58f64d4387a4c871fa63e5a5932cc8ac36f8939c328f12b7c63b7f9a826869fb30e554c74f0aa019defb305732ebad818
-
Filesize
372KB
MD599adfbf9e4d14fd9bb512d2b4ae7da48
SHA1fbd8b60e693aec73f688bcac8f28be7778ba24a6
SHA256e0e0b330ca64c4aa2ac98f066d4b24cf02cda96724399c4f2c857b10ce7057cd
SHA512f5508e890cc60259cbbebe78bf2a225cc68492cd0ef9ec9423c25593b9919bf7c2892ebf878f1d1fece1086f5343f46b7436ec54433f7f285fbc0a7556ac49b9
-
Filesize
372KB
MD599adfbf9e4d14fd9bb512d2b4ae7da48
SHA1fbd8b60e693aec73f688bcac8f28be7778ba24a6
SHA256e0e0b330ca64c4aa2ac98f066d4b24cf02cda96724399c4f2c857b10ce7057cd
SHA512f5508e890cc60259cbbebe78bf2a225cc68492cd0ef9ec9423c25593b9919bf7c2892ebf878f1d1fece1086f5343f46b7436ec54433f7f285fbc0a7556ac49b9