Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
-
submitted
02-09-2023 15:10
General
-
Target
2023-08-22_1b469edab6a3711c4b683316922b2682_goldeneye_JC.exe
-
Size
204KB
-
MD5
1b469edab6a3711c4b683316922b2682
-
SHA1
89959f6e1db8590257fecf8f01d43f39c52f9ed7
-
SHA256
d8eec230a8ef23a2c449a2ad61c435df320babf3e31a2061d695e2fc3dd96da6
-
SHA512
a0261c51dcf60aa98835fde49c673c373c6a03a4587027b90142da3056dd273fb0bb1d8463726c75f6fcd1679f513683c75661af3d78a985c1ebe8370dc5c31f
-
SSDEEP
1536:1EGh0oWl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oWl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-22_1b469edab6a3711c4b683316922b2682_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-22_1b469edab6a3711c4b683316922b2682_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2D3119DD-D9A1-4bd4-B0E5-E5AE4C33B808}.exeC:\Windows\{2D3119DD-D9A1-4bd4-B0E5-E5AE4C33B808}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2151D760-F618-4087-B8F2-8324968525E4}.exeC:\Windows\{2151D760-F618-4087-B8F2-8324968525E4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2151D~1.EXE > nul4⤵
-
-
C:\Windows\{CAD57F42-585D-415a-AB68-ACEE5A0C80FF}.exeC:\Windows\{CAD57F42-585D-415a-AB68-ACEE5A0C80FF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{333E55F5-FD21-42dd-AC42-54821ABDDA60}.exeC:\Windows\{333E55F5-FD21-42dd-AC42-54821ABDDA60}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{03226E57-779E-4ef0-92A2-60F8D182D504}.exeC:\Windows\{03226E57-779E-4ef0-92A2-60F8D182D504}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{97D144EB-DA16-495e-B78F-1C55A1F0B686}.exeC:\Windows\{97D144EB-DA16-495e-B78F-1C55A1F0B686}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{411FB178-D843-4305-BAF0-4D77078DE0A3}.exeC:\Windows\{411FB178-D843-4305-BAF0-4D77078DE0A3}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4FAFFF5C-2869-4144-BFBA-49C80400F43A}.exeC:\Windows\{4FAFFF5C-2869-4144-BFBA-49C80400F43A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BB7D4481-D35F-4e4c-9B1F-7CCE41DC5898}.exeC:\Windows\{BB7D4481-D35F-4e4c-9B1F-7CCE41DC5898}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CE389C7A-9C2F-4042-BBB4-78702365BA0C}.exeC:\Windows\{CE389C7A-9C2F-4042-BBB4-78702365BA0C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8A0A61CE-6777-41f8-B1CF-05659C5C333B}.exeC:\Windows\{8A0A61CE-6777-41f8-B1CF-05659C5C333B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B7A263E0-8D2B-473b-AC55-F532EE407C9B}.exeC:\Windows\{B7A263E0-8D2B-473b-AC55-F532EE407C9B}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8A0A6~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CE389~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BB7D4~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4FAFF~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{411FB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97D14~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{03226~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{333E5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CAD57~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D311~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2023-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD573d320ef743f85ff197bf255255307bd
SHA184d3143b461b752b1521d0c3a9b4c938775e2163
SHA25634c8a6feacc963426b3bf18c1b2e76e4a3ede2807487a2430e288f90c6fa7dad
SHA512814426897f21fc532db459d18dda751273433601ccaa028d46770ecf882c4a8851d69b190066a10b2bee48df5443bcbb598babdb10c65010c9e918a96cf10e3a
-
Filesize
204KB
MD573d320ef743f85ff197bf255255307bd
SHA184d3143b461b752b1521d0c3a9b4c938775e2163
SHA25634c8a6feacc963426b3bf18c1b2e76e4a3ede2807487a2430e288f90c6fa7dad
SHA512814426897f21fc532db459d18dda751273433601ccaa028d46770ecf882c4a8851d69b190066a10b2bee48df5443bcbb598babdb10c65010c9e918a96cf10e3a
-
Filesize
204KB
MD5a52618ca25d7e0b264b4624bd5d8876f
SHA12337f41a99b9b9a6d53137c35ce8a621ea8968f1
SHA256285813e4eee771274c6aeebc94e2c235bd1f352a331ab8e7d0c48221599b7ccb
SHA512b883948fec3a51241ed6a5b6e039817ef590a1ec7b7791c7be34d39a1a6ffaed8a16a2222653fe2859f08e767fed71e647fc5fb86ce79cb0a8c07ae2e1286696
-
Filesize
204KB
MD5a52618ca25d7e0b264b4624bd5d8876f
SHA12337f41a99b9b9a6d53137c35ce8a621ea8968f1
SHA256285813e4eee771274c6aeebc94e2c235bd1f352a331ab8e7d0c48221599b7ccb
SHA512b883948fec3a51241ed6a5b6e039817ef590a1ec7b7791c7be34d39a1a6ffaed8a16a2222653fe2859f08e767fed71e647fc5fb86ce79cb0a8c07ae2e1286696
-
Filesize
204KB
MD5399a223eb50384edaf12a635c374e086
SHA11b7142a84562097c609b5a591749cadf6bb3ae84
SHA256357c65337e3aec490f060ef94b2f9765d16a2132acffd16dee3ae9b385ad3ac3
SHA512228b61c84f1a97ac2c87ed1c404374377d0623802e32cdfb25af3e63f8f031bf93e2a898142e0476b41100b1005a2f8747e8363bf139ae17b8ae94eb95832bb4
-
Filesize
204KB
MD5399a223eb50384edaf12a635c374e086
SHA11b7142a84562097c609b5a591749cadf6bb3ae84
SHA256357c65337e3aec490f060ef94b2f9765d16a2132acffd16dee3ae9b385ad3ac3
SHA512228b61c84f1a97ac2c87ed1c404374377d0623802e32cdfb25af3e63f8f031bf93e2a898142e0476b41100b1005a2f8747e8363bf139ae17b8ae94eb95832bb4
-
Filesize
204KB
MD57e2d7842953d7f9bb250185344b262be
SHA146fbd335383d0dd9845cc33f9a9ee59beb311f6f
SHA256f50d028e48e73628d0a9beb7f876b65fe64b5f3a677c9d3955d6033d2c42792e
SHA5129d5b40e21274e4f70272aa88b88f914a07a6c4c0e4c23d5f8d2878dc0ca9ba9eff8d03f0e9743659b1501094da4231e9d5bec946931090562789046e2920f958
-
Filesize
204KB
MD57e2d7842953d7f9bb250185344b262be
SHA146fbd335383d0dd9845cc33f9a9ee59beb311f6f
SHA256f50d028e48e73628d0a9beb7f876b65fe64b5f3a677c9d3955d6033d2c42792e
SHA5129d5b40e21274e4f70272aa88b88f914a07a6c4c0e4c23d5f8d2878dc0ca9ba9eff8d03f0e9743659b1501094da4231e9d5bec946931090562789046e2920f958
-
Filesize
204KB
MD5b91faf5c4e1be24d0bd11e36c12f914a
SHA1534a7e332865ae2db2667ed085aa5452e9e10429
SHA256a4a36d395194bb070465cb7b921758a9b847ba5d6ad980ec42ad5501035041b3
SHA5125cae763e5e3d417f10788942a86f397b581d5ab9756c1e5013589c3b206434b114c713446881a7d4d3f4f249304f4982b91622f566d40de9f49415946b616316
-
Filesize
204KB
MD5b91faf5c4e1be24d0bd11e36c12f914a
SHA1534a7e332865ae2db2667ed085aa5452e9e10429
SHA256a4a36d395194bb070465cb7b921758a9b847ba5d6ad980ec42ad5501035041b3
SHA5125cae763e5e3d417f10788942a86f397b581d5ab9756c1e5013589c3b206434b114c713446881a7d4d3f4f249304f4982b91622f566d40de9f49415946b616316
-
Filesize
204KB
MD5a26fc895685ca60e2c054d5eb46577ef
SHA1d2ff28924a7c76fb45dd6b0345320dd3d8d64842
SHA2560c4def9d8a0a1fa73c29f71a648596ee9e19f09c2c2ed19d5957b4f4c15c3c3f
SHA5124b4dcb2c63cda9a2c44bf1bcdf153073c7d4554d58141b28c4c11af2b1dc30f41bc8ccc21c80b8ef44ad4444a9fe13127886d08e63e70b1ce12737b8c5a3d9ff
-
Filesize
204KB
MD5a26fc895685ca60e2c054d5eb46577ef
SHA1d2ff28924a7c76fb45dd6b0345320dd3d8d64842
SHA2560c4def9d8a0a1fa73c29f71a648596ee9e19f09c2c2ed19d5957b4f4c15c3c3f
SHA5124b4dcb2c63cda9a2c44bf1bcdf153073c7d4554d58141b28c4c11af2b1dc30f41bc8ccc21c80b8ef44ad4444a9fe13127886d08e63e70b1ce12737b8c5a3d9ff
-
Filesize
204KB
MD52712b7bdc71d34329bb89429f5feecf6
SHA120267115ad8f364a11632a361d0d7b97b8faae88
SHA256327cc94934906ba936ac3c752b14101a2b30363e851acdfce4b00b9983d624e5
SHA512dec6e36d3bd6794ee169f3f4697655b8885339e4841e0f0780b288b9f0f2d8f6aa7be36c1ea811bf9b5fcca1654c27279cb37a5cf3bde70f1b5525519276cccc
-
Filesize
204KB
MD52712b7bdc71d34329bb89429f5feecf6
SHA120267115ad8f364a11632a361d0d7b97b8faae88
SHA256327cc94934906ba936ac3c752b14101a2b30363e851acdfce4b00b9983d624e5
SHA512dec6e36d3bd6794ee169f3f4697655b8885339e4841e0f0780b288b9f0f2d8f6aa7be36c1ea811bf9b5fcca1654c27279cb37a5cf3bde70f1b5525519276cccc
-
Filesize
204KB
MD5096be05fb4ac0c4b340432dc9f66cab4
SHA1428c48472c4de056899be106e71288186408cd22
SHA2562d12cc325edc4e852e43c6322d4f695a56098d58d90a2b05293fa9f5a009d10c
SHA512ea49dd9004d60de491a0e6a566bc08c40c2d9ac109704f8f9dc0edcaf39cf3f421bd43e90b69ef4ba4728dd6155a2ef6216c8ec8e1f8cf36895cc9b31fe39b3c
-
Filesize
204KB
MD5096be05fb4ac0c4b340432dc9f66cab4
SHA1428c48472c4de056899be106e71288186408cd22
SHA2562d12cc325edc4e852e43c6322d4f695a56098d58d90a2b05293fa9f5a009d10c
SHA512ea49dd9004d60de491a0e6a566bc08c40c2d9ac109704f8f9dc0edcaf39cf3f421bd43e90b69ef4ba4728dd6155a2ef6216c8ec8e1f8cf36895cc9b31fe39b3c
-
Filesize
204KB
MD5a26ec5e36a4cb65583754af7cc042f50
SHA1a4cae1aff27cf33f0747eba6b06e44fcafc0a242
SHA256f7a6370876f07e3590e3792f2d40220c6ce9e35921c77ebdbedb1f8fc7257b79
SHA512b5340eae62e9fdde9a6c3c1197b61f0e497ca341b1aa9ef76b2c114a68923c28bce0249a0094ad340f616cb813a67ebac182475c1f2b9a36396f9eb11326a20a
-
Filesize
204KB
MD5a26ec5e36a4cb65583754af7cc042f50
SHA1a4cae1aff27cf33f0747eba6b06e44fcafc0a242
SHA256f7a6370876f07e3590e3792f2d40220c6ce9e35921c77ebdbedb1f8fc7257b79
SHA512b5340eae62e9fdde9a6c3c1197b61f0e497ca341b1aa9ef76b2c114a68923c28bce0249a0094ad340f616cb813a67ebac182475c1f2b9a36396f9eb11326a20a
-
Filesize
204KB
MD58d06756fea7df8f75938f3023ecc68d0
SHA1f7b65ce6630316d1b54bcf2cc9a1c68ed975c344
SHA256e885f45788d7e72fae1495f72d007de5bf97e6f8872769992a8b7139ddb3c58b
SHA512e8528c01a3c208c2d87b3bd411c87042b68d4929e736f15511c726d9a177896cebacf890f2c57f66b8fac72ea2786330c4b79e874dbdeb8c882051f93ffc9754
-
Filesize
204KB
MD58d06756fea7df8f75938f3023ecc68d0
SHA1f7b65ce6630316d1b54bcf2cc9a1c68ed975c344
SHA256e885f45788d7e72fae1495f72d007de5bf97e6f8872769992a8b7139ddb3c58b
SHA512e8528c01a3c208c2d87b3bd411c87042b68d4929e736f15511c726d9a177896cebacf890f2c57f66b8fac72ea2786330c4b79e874dbdeb8c882051f93ffc9754
-
Filesize
204KB
MD5d55933037247e17d4f655926655b89d7
SHA100ce9935882b547ea08eff4cb3cf2183e83b78d5
SHA2565adc6cd86f2eecad14a5f69fc2e9eeabd840ef3b0161c9ed53289fa3a292d784
SHA512a868fe1ccb613f725b13368074b877cfba8a82e6398fd444bd596d579c2d45542a746ab8e50678fa7079b77845db189246ff80b744c521611365e7c57fb30e1c
-
Filesize
204KB
MD5d55933037247e17d4f655926655b89d7
SHA100ce9935882b547ea08eff4cb3cf2183e83b78d5
SHA2565adc6cd86f2eecad14a5f69fc2e9eeabd840ef3b0161c9ed53289fa3a292d784
SHA512a868fe1ccb613f725b13368074b877cfba8a82e6398fd444bd596d579c2d45542a746ab8e50678fa7079b77845db189246ff80b744c521611365e7c57fb30e1c
-
Filesize
204KB
MD5d55933037247e17d4f655926655b89d7
SHA100ce9935882b547ea08eff4cb3cf2183e83b78d5
SHA2565adc6cd86f2eecad14a5f69fc2e9eeabd840ef3b0161c9ed53289fa3a292d784
SHA512a868fe1ccb613f725b13368074b877cfba8a82e6398fd444bd596d579c2d45542a746ab8e50678fa7079b77845db189246ff80b744c521611365e7c57fb30e1c
-
Filesize
204KB
MD59d9cdba40ae423d8d645dfccf4de5fb1
SHA1bd7b5ad8b865f38f8ee8ef86b3fcabfeb9cafa8d
SHA25638b060aa0501745894a1c777ac372c11b5fb1666cdb97dc91aa4173666dc66d2
SHA512f3d591dd9e5b78468a97addf164321b9156cf2efd93333007c21b1b717058bc8a3ec0849f291ebc1e0b492f1b294fc4ffe61011097b1684c27613254e93476a1
-
Filesize
204KB
MD59d9cdba40ae423d8d645dfccf4de5fb1
SHA1bd7b5ad8b865f38f8ee8ef86b3fcabfeb9cafa8d
SHA25638b060aa0501745894a1c777ac372c11b5fb1666cdb97dc91aa4173666dc66d2
SHA512f3d591dd9e5b78468a97addf164321b9156cf2efd93333007c21b1b717058bc8a3ec0849f291ebc1e0b492f1b294fc4ffe61011097b1684c27613254e93476a1