Analysis
-
max time kernel
155s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
12-10-2023 19:16
General
-
Target
2023-08-26_13e6d0b934ba7e616c91b56480774ebc_goldeneye_JC.exe
-
Size
180KB
-
MD5
13e6d0b934ba7e616c91b56480774ebc
-
SHA1
ec0e0d80b0a27d3c9217affd1d89eab72bd8f2b6
-
SHA256
4938200e569d7106411424af464e06e2ecf7a42204f6afbfb95970aa9e25fc17
-
SHA512
26d7842654e836c7c71a08d23f41cc0e3b201ff08f651dcf1d58d32104b6712f75d6e994318abb2ec0d6be6b8a2fb7ac581b9216e6ac031bf915bb854cc0097f
-
SSDEEP
3072:jEGh0ozlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGJl5eKcAEc
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-26_13e6d0b934ba7e616c91b56480774ebc_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-26_13e6d0b934ba7e616c91b56480774ebc_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31CD1D2D-C336-4eeb-984B-4219749F3123}.exeC:\Windows\{31CD1D2D-C336-4eeb-984B-4219749F3123}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{51F03B9C-634F-4f25-BF57-F7B3C248599E}.exeC:\Windows\{51F03B9C-634F-4f25-BF57-F7B3C248599E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F7F1FEAA-0BAE-4469-966D-0A775E821514}.exeC:\Windows\{F7F1FEAA-0BAE-4469-966D-0A775E821514}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D571EA6-0A4B-4620-8A61-E3DDCFAD294F}.exeC:\Windows\{3D571EA6-0A4B-4620-8A61-E3DDCFAD294F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C1B3AA9-D0A4-4a57-B07E-0C0049C77AD2}.exeC:\Windows\{6C1B3AA9-D0A4-4a57-B07E-0C0049C77AD2}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{006D290A-9ECA-481d-A271-A049492C6FE9}.exeC:\Windows\{006D290A-9ECA-481d-A271-A049492C6FE9}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DC9BB52A-A9E1-46c1-BB64-E26D9BE3CFB9}.exeC:\Windows\{DC9BB52A-A9E1-46c1-BB64-E26D9BE3CFB9}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D40847CD-E476-4995-9190-BBDCD1572984}.exeC:\Windows\{D40847CD-E476-4995-9190-BBDCD1572984}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{447A9B75-17E8-403d-9362-96A4873CC93F}.exeC:\Windows\{447A9B75-17E8-403d-9362-96A4873CC93F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7641C22C-0112-4c10-941E-0F20A5684438}.exeC:\Windows\{7641C22C-0112-4c10-941E-0F20A5684438}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{208923E8-BD13-4530-876A-41123C33F17B}.exeC:\Windows\{208923E8-BD13-4530-876A-41123C33F17B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5326E849-6414-4dc4-978E-0C0A5D24DCC8}.exeC:\Windows\{5326E849-6414-4dc4-978E-0C0A5D24DCC8}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{20892~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7641C~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{447A9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D4084~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DC9BB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{006D2~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C1B3~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D571~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F7F1F~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{51F03~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31CD1~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2023-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD54d96688099bf1ddcb1438a155c0ef7e2
SHA102011970ca3b542b9b2c0f78cd7211a6253e99e1
SHA2567a8189f5ef3e4d5127cd989f746bad041a2f8b2db59755a920be6a3bf47966ea
SHA512734b3e73cf94139cba98fc13f26abc9c4b63a507ef8723929a0e80e99e7c150d41ebec14d96dfec467b2bc522d18afeb78b08793f71294b1d136a1aa2c425b7e
-
Filesize
180KB
MD54d96688099bf1ddcb1438a155c0ef7e2
SHA102011970ca3b542b9b2c0f78cd7211a6253e99e1
SHA2567a8189f5ef3e4d5127cd989f746bad041a2f8b2db59755a920be6a3bf47966ea
SHA512734b3e73cf94139cba98fc13f26abc9c4b63a507ef8723929a0e80e99e7c150d41ebec14d96dfec467b2bc522d18afeb78b08793f71294b1d136a1aa2c425b7e
-
Filesize
180KB
MD528c6811554b9f2bd7185e48285855993
SHA19f3a16fc39790d331312a7749de214a58bcab783
SHA256c70be86e00f1b23fe389879318605abc30542c94047421f7db5c8644d1911b90
SHA512fc641cd01e9e3ad6280fe5b283d967b38300f70f5e2e14056ccfb6f73546ccfa1a8656c76c3810f004328cc4989577760cef594f493025277f9f4b1efbaa4d19
-
Filesize
180KB
MD528c6811554b9f2bd7185e48285855993
SHA19f3a16fc39790d331312a7749de214a58bcab783
SHA256c70be86e00f1b23fe389879318605abc30542c94047421f7db5c8644d1911b90
SHA512fc641cd01e9e3ad6280fe5b283d967b38300f70f5e2e14056ccfb6f73546ccfa1a8656c76c3810f004328cc4989577760cef594f493025277f9f4b1efbaa4d19
-
Filesize
180KB
MD5d7b6dcfd53f395e9b443f6076f2b7b12
SHA168d21e826906f8a3507ec542196b3004982d1e46
SHA256059071b91bbfab40112751ae34540e45bad41e7eb15e2f6e9577f19590b86524
SHA512bcb56deaff8e945720e0a3b0362441fc62e5e2fb5b1f62a02b5f35179a775eac6f38f22998aae7ac7a61a79988b9c2665627803e01c4d61e35bb523ad47fe67d
-
Filesize
180KB
MD5d7b6dcfd53f395e9b443f6076f2b7b12
SHA168d21e826906f8a3507ec542196b3004982d1e46
SHA256059071b91bbfab40112751ae34540e45bad41e7eb15e2f6e9577f19590b86524
SHA512bcb56deaff8e945720e0a3b0362441fc62e5e2fb5b1f62a02b5f35179a775eac6f38f22998aae7ac7a61a79988b9c2665627803e01c4d61e35bb523ad47fe67d
-
Filesize
180KB
MD53309f0dbb68efda60f5363ce914dc693
SHA15d131842ee0f4f6587166e1673dd5bb9628a4179
SHA25600b8e727618eb2f0ab494541d9efc47919ffb9df8ff68124f5b799b3b4116336
SHA512ba8c80baa9f5263d6b7c244806a7d099b42c7ff14f7a190d9fac1a98d3d0dcbcb1d032347c5c8dedf58c000e827b5c9b2ea38d1479ba86091a15d6b0f2dd4b4b
-
Filesize
180KB
MD53309f0dbb68efda60f5363ce914dc693
SHA15d131842ee0f4f6587166e1673dd5bb9628a4179
SHA25600b8e727618eb2f0ab494541d9efc47919ffb9df8ff68124f5b799b3b4116336
SHA512ba8c80baa9f5263d6b7c244806a7d099b42c7ff14f7a190d9fac1a98d3d0dcbcb1d032347c5c8dedf58c000e827b5c9b2ea38d1479ba86091a15d6b0f2dd4b4b
-
Filesize
180KB
MD5288520fabf95e6c49064127b445e23f3
SHA1c31137339880584d8ea4e996491cfcdd27d4f844
SHA2560a28168778874611fc9d8f81c9d13a39590664462a4847cecd0bec1f77d8d51d
SHA512d2dc3aac5b051430ded8b89bbc037d89c141e06ce33ddf147198b25983dd6a87dbe2068a8a281a6be1838a58df25a54fdf624a02ebdff26f94f7b4eb4fd2217a
-
Filesize
180KB
MD5288520fabf95e6c49064127b445e23f3
SHA1c31137339880584d8ea4e996491cfcdd27d4f844
SHA2560a28168778874611fc9d8f81c9d13a39590664462a4847cecd0bec1f77d8d51d
SHA512d2dc3aac5b051430ded8b89bbc037d89c141e06ce33ddf147198b25983dd6a87dbe2068a8a281a6be1838a58df25a54fdf624a02ebdff26f94f7b4eb4fd2217a
-
Filesize
180KB
MD53366b70fff728e48694908ae8bbb05f6
SHA1417aea42bc876f994c3d81766c3dc6aa94303d50
SHA256e4c555c8ef5b4e100be1de58b7ea92266423d1f6c1e3c6dc3259ea6dba3cd9ef
SHA512d52d88e69f4752b0f13afa1655f46ac978a9dac286d527c6796264362b215631525e57482037fc5ea582344b92886fe15e0db49d23f171f18cdfb46ff9f7a620
-
Filesize
180KB
MD53366b70fff728e48694908ae8bbb05f6
SHA1417aea42bc876f994c3d81766c3dc6aa94303d50
SHA256e4c555c8ef5b4e100be1de58b7ea92266423d1f6c1e3c6dc3259ea6dba3cd9ef
SHA512d52d88e69f4752b0f13afa1655f46ac978a9dac286d527c6796264362b215631525e57482037fc5ea582344b92886fe15e0db49d23f171f18cdfb46ff9f7a620
-
Filesize
180KB
MD54d1869d2b780fdb6aec4731cbdfc5828
SHA1994d9f071be19525b58ce3f6d0e2fa2845fccb12
SHA256febd10a238ff9b0e4a12b0dba6793f5f47b271ae2df27842740eb5b4dc7ad27e
SHA51219d3ab850145504e6e7bc2d39c3e7b117c6efc8a35e582ea41e272db60417c3bfdee58be65151cce62e88234100eab2c22867fe01e0d0abee470e2d3dec0ce8c
-
Filesize
180KB
MD54d1869d2b780fdb6aec4731cbdfc5828
SHA1994d9f071be19525b58ce3f6d0e2fa2845fccb12
SHA256febd10a238ff9b0e4a12b0dba6793f5f47b271ae2df27842740eb5b4dc7ad27e
SHA51219d3ab850145504e6e7bc2d39c3e7b117c6efc8a35e582ea41e272db60417c3bfdee58be65151cce62e88234100eab2c22867fe01e0d0abee470e2d3dec0ce8c
-
Filesize
180KB
MD50b6c091a2bba7f68e597f3f4bc70deb8
SHA1576f77794f8f6a94c96ccbf1d5d51eb8e3cceff4
SHA2569c7c4b2d1fbc76e3f840a596f20e37c79ccb0242bea565be6f5f8dcab2f08111
SHA512d2cb8e6a6b5fb93d65b8ed8dde82df1dbf0f4965f4dbf8b7ef171e5cd80b278c52b783b0eeaea63546e4a65647840f60c3d6406090cc86642b0145484182a44d
-
Filesize
180KB
MD50b6c091a2bba7f68e597f3f4bc70deb8
SHA1576f77794f8f6a94c96ccbf1d5d51eb8e3cceff4
SHA2569c7c4b2d1fbc76e3f840a596f20e37c79ccb0242bea565be6f5f8dcab2f08111
SHA512d2cb8e6a6b5fb93d65b8ed8dde82df1dbf0f4965f4dbf8b7ef171e5cd80b278c52b783b0eeaea63546e4a65647840f60c3d6406090cc86642b0145484182a44d
-
Filesize
180KB
MD54eb2beb3fae53be0ada3adb77d1ded1f
SHA182955b99884085408ef9e05e8600d93d8a537f40
SHA2562d0850f0d0846bec7e524ea8b60327421712a3b0e749e438341e8db7a15c1b20
SHA51205141eab66d5fdb5518936661a758892a1f61024703ab1b8d0ef25910837bb0a37db8756527ba212068bb97436a4403e775c467af4b407c5916407dc56c6f414
-
Filesize
180KB
MD54eb2beb3fae53be0ada3adb77d1ded1f
SHA182955b99884085408ef9e05e8600d93d8a537f40
SHA2562d0850f0d0846bec7e524ea8b60327421712a3b0e749e438341e8db7a15c1b20
SHA51205141eab66d5fdb5518936661a758892a1f61024703ab1b8d0ef25910837bb0a37db8756527ba212068bb97436a4403e775c467af4b407c5916407dc56c6f414
-
Filesize
180KB
MD5df505ab4ae37aaecd0807c719d4007da
SHA1ccb92ceea0750433630b3d5da2c683c3bca42643
SHA256a6fd01c71e239f2f0f54c6896d6d5fa8e0171b7e86968634d16245ca8ac598d2
SHA5122e30ef525b590d9d7982e2fc589ae23d38b5674fd83f5fc69618531ec6925a8ba1f4e18fd7da23cb045e140a48e1089af0782ea95568a6357d6e1381de416755
-
Filesize
180KB
MD5df505ab4ae37aaecd0807c719d4007da
SHA1ccb92ceea0750433630b3d5da2c683c3bca42643
SHA256a6fd01c71e239f2f0f54c6896d6d5fa8e0171b7e86968634d16245ca8ac598d2
SHA5122e30ef525b590d9d7982e2fc589ae23d38b5674fd83f5fc69618531ec6925a8ba1f4e18fd7da23cb045e140a48e1089af0782ea95568a6357d6e1381de416755
-
Filesize
180KB
MD5c10ed1ac85500b73368105695afea283
SHA137ac6fe281e6e9753c2c61a78957009e05ab0072
SHA2562615e1f8e5f9eb7b1aec2043c378a7d20d1689d602502b3a569e4377634f4e75
SHA512908a500079124de57709f545607d1d86130ca595ebba912c805ca2d7cd6bd5223d8fa5aeedf01207ea7f9a685175a0f58b4846922fa2b6befd0bb6844845e3e7
-
Filesize
180KB
MD5c10ed1ac85500b73368105695afea283
SHA137ac6fe281e6e9753c2c61a78957009e05ab0072
SHA2562615e1f8e5f9eb7b1aec2043c378a7d20d1689d602502b3a569e4377634f4e75
SHA512908a500079124de57709f545607d1d86130ca595ebba912c805ca2d7cd6bd5223d8fa5aeedf01207ea7f9a685175a0f58b4846922fa2b6befd0bb6844845e3e7
-
Filesize
180KB
MD598b443f43d3dc70866582679a6b0cd7e
SHA11b9cd76ffde98003cb514e8afca5b09281fc2068
SHA256e539ae30ca5333bffc0586935e4d8c10d53d602cdb05dd82d76244bcc1f4e84e
SHA512ea3cb1c84e6197cb1324ae7ac825f56e78cf94645adea59338ddef982be98f3285b575d541e77da2a5c223b62d0e2757bb28b5471af13afae541cf8e0af847e0
-
Filesize
180KB
MD598b443f43d3dc70866582679a6b0cd7e
SHA11b9cd76ffde98003cb514e8afca5b09281fc2068
SHA256e539ae30ca5333bffc0586935e4d8c10d53d602cdb05dd82d76244bcc1f4e84e
SHA512ea3cb1c84e6197cb1324ae7ac825f56e78cf94645adea59338ddef982be98f3285b575d541e77da2a5c223b62d0e2757bb28b5471af13afae541cf8e0af847e0
-
Filesize
180KB
MD598b443f43d3dc70866582679a6b0cd7e
SHA11b9cd76ffde98003cb514e8afca5b09281fc2068
SHA256e539ae30ca5333bffc0586935e4d8c10d53d602cdb05dd82d76244bcc1f4e84e
SHA512ea3cb1c84e6197cb1324ae7ac825f56e78cf94645adea59338ddef982be98f3285b575d541e77da2a5c223b62d0e2757bb28b5471af13afae541cf8e0af847e0