Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
06-11-2023 20:26
General
-
Target
NEAS.2023-09-25_91f00239143da54e5ce6f99dddfb8933_goldeneye.exe
-
Size
408KB
-
MD5
91f00239143da54e5ce6f99dddfb8933
-
SHA1
92e85c819bb2b71d5411c9cd442ec7f02a5bece5
-
SHA256
62cb4ea3c8937e54ff8b33294e6e4f17625263712bac36d6497195aeffc11f13
-
SHA512
762f93a938e25e604f0d4d1d8b9a835acaaa44dd1a1b420e12447c128a29259209ba4834f0d8cb41d5072a14a430a98fd27268d8a885706e948abd19764bff44
-
SSDEEP
3072:CEGh0oGl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGEldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-25_91f00239143da54e5ce6f99dddfb8933_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-25_91f00239143da54e5ce6f99dddfb8933_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{58B2A862-3FB2-4b58-8F8B-1156A8C1BD1C}.exeC:\Windows\{58B2A862-3FB2-4b58-8F8B-1156A8C1BD1C}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4B25A7F3-EF50-46b9-ACF9-78582310ED10}.exeC:\Windows\{4B25A7F3-EF50-46b9-ACF9-78582310ED10}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4B25A~1.EXE > nul4⤵
-
-
C:\Windows\{DD4484FC-7986-49b9-8A74-201CF7D0A5B5}.exeC:\Windows\{DD4484FC-7986-49b9-8A74-201CF7D0A5B5}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EC7A21C4-E906-4284-BD63-D978502FABC1}.exeC:\Windows\{EC7A21C4-E906-4284-BD63-D978502FABC1}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5F592206-099C-45c8-85E1-8B4DD7E73192}.exeC:\Windows\{5F592206-099C-45c8-85E1-8B4DD7E73192}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D0784667-DB2E-4358-9F4F-070C38E827FF}.exeC:\Windows\{D0784667-DB2E-4358-9F4F-070C38E827FF}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{29D332FF-F38F-4fa3-8BD4-647300A1B0C2}.exeC:\Windows\{29D332FF-F38F-4fa3-8BD4-647300A1B0C2}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5F481049-04CC-4da6-B0BC-D09C96629B29}.exeC:\Windows\{5F481049-04CC-4da6-B0BC-D09C96629B29}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0CE6846C-25E3-4632-8C11-02DFE2116A7E}.exeC:\Windows\{0CE6846C-25E3-4632-8C11-02DFE2116A7E}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C80DEDA-2517-47ba-A6DC-1456F5CAE70B}.exeC:\Windows\{2C80DEDA-2517-47ba-A6DC-1456F5CAE70B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D853CA9A-2E4E-4873-AFE3-2259F8667A5A}.exeC:\Windows\{D853CA9A-2E4E-4873-AFE3-2259F8667A5A}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{38DB3CED-FC97-4048-B8FE-1F32FE8996A5}.exeC:\Windows\{38DB3CED-FC97-4048-B8FE-1F32FE8996A5}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D853C~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C80D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0CE68~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5F481~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{29D33~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D0784~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5F592~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EC7A2~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DD448~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58B2A~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\NEAS20~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5212191982b64f0fb663aec4142c86fe8
SHA12de1c81c8a5680824280eada9fb2b9ab05fd4792
SHA2560259689485f8d61a95fd414382c2065369e9b8d741dbe58ff71340dcac0c07ea
SHA512db03fac4ec561962781cd8adb9d8d603cea2a49a311a02130f1eecb98ad8a310b360a7fcd1fb845f69a9a26ab9b065f2fcd9d5235b0b772116ded63280dada77
-
Filesize
408KB
MD5212191982b64f0fb663aec4142c86fe8
SHA12de1c81c8a5680824280eada9fb2b9ab05fd4792
SHA2560259689485f8d61a95fd414382c2065369e9b8d741dbe58ff71340dcac0c07ea
SHA512db03fac4ec561962781cd8adb9d8d603cea2a49a311a02130f1eecb98ad8a310b360a7fcd1fb845f69a9a26ab9b065f2fcd9d5235b0b772116ded63280dada77
-
Filesize
408KB
MD545124c8537f31cfd58151b9c8e97f429
SHA12e2339a149ad36785ed4d05a12f80af66bcc6110
SHA256d241e2586a3e3d1b754198763ddf85c127e4cb0c8860eaa536b24df397be15b7
SHA51271f28b597b3da7886f85ace8717579bec5c7e95afc9835927281a76e0e73b6e492b5e2b3e5195f101316cb6336c5b16e9fdf2ed7b959336f65a2490593f6d471
-
Filesize
408KB
MD545124c8537f31cfd58151b9c8e97f429
SHA12e2339a149ad36785ed4d05a12f80af66bcc6110
SHA256d241e2586a3e3d1b754198763ddf85c127e4cb0c8860eaa536b24df397be15b7
SHA51271f28b597b3da7886f85ace8717579bec5c7e95afc9835927281a76e0e73b6e492b5e2b3e5195f101316cb6336c5b16e9fdf2ed7b959336f65a2490593f6d471
-
Filesize
408KB
MD52459715e9ccae7c9626ef64ee2958b29
SHA18a6e1d26f872205e4b7d51008afac73e4479012a
SHA2569920ff122f28bfa62ac6894583af4cdf362e7dee894f6552a06817606c4fe421
SHA512c8a254935e791f67b3ee636969553674d0484a14805752cce7a65219a6a0a0eb13fa66ec622210f84041a4e6a659b22f78509008d03faeaee10ae6be1a16bbff
-
Filesize
408KB
MD52459715e9ccae7c9626ef64ee2958b29
SHA18a6e1d26f872205e4b7d51008afac73e4479012a
SHA2569920ff122f28bfa62ac6894583af4cdf362e7dee894f6552a06817606c4fe421
SHA512c8a254935e791f67b3ee636969553674d0484a14805752cce7a65219a6a0a0eb13fa66ec622210f84041a4e6a659b22f78509008d03faeaee10ae6be1a16bbff
-
Filesize
408KB
MD55da9cb8bb9d01ce1ff040c4ed8e7379d
SHA1483fafb263120bec08b08c9beb022da422eb220e
SHA256da57bbf52a4278bbe189dac96765e283c8ef179708ac169be0724ca32fed8882
SHA51214c5b698ffb14c6965e0c7fe37aa6fa5c6d0c70eb8bfada18f54f1103bfd9a682d32958d01dcc5d680ef1120890bbd9a1097e393457b0a68c143a8d3c56dbc80
-
Filesize
408KB
MD55da9cb8bb9d01ce1ff040c4ed8e7379d
SHA1483fafb263120bec08b08c9beb022da422eb220e
SHA256da57bbf52a4278bbe189dac96765e283c8ef179708ac169be0724ca32fed8882
SHA51214c5b698ffb14c6965e0c7fe37aa6fa5c6d0c70eb8bfada18f54f1103bfd9a682d32958d01dcc5d680ef1120890bbd9a1097e393457b0a68c143a8d3c56dbc80
-
Filesize
408KB
MD5fc47c56b146c923e3c1cfef1c6a3cd35
SHA13a05a7219cf47f6550d7c9276b0c2aa17e5376dd
SHA256bcb8048096c94cb338daa37b7875d0a22946fcfa974437ca35d9fd026cd8a659
SHA512f668f2e94eaf026b4f86debf7dde4ee481472f944af4b39085fdf2b0330afd58bf3fc7a3331e7f5eae428b0ceec9e96ccb9ac22a1e55b08daa73b4cb6322ab71
-
Filesize
408KB
MD5fc47c56b146c923e3c1cfef1c6a3cd35
SHA13a05a7219cf47f6550d7c9276b0c2aa17e5376dd
SHA256bcb8048096c94cb338daa37b7875d0a22946fcfa974437ca35d9fd026cd8a659
SHA512f668f2e94eaf026b4f86debf7dde4ee481472f944af4b39085fdf2b0330afd58bf3fc7a3331e7f5eae428b0ceec9e96ccb9ac22a1e55b08daa73b4cb6322ab71
-
Filesize
408KB
MD5b64dfa730c2681d2faa8e536d81f9918
SHA115bf606c01225c32f77c8539e7ab36b4179f3b5c
SHA256c231699fbdb57d72e97a5187c70295849a3c439cec79c14a9297fd3c303dc441
SHA512ded4d0ccf03321b0bca43f90f22e0441385bc40a71508590d3e647d61ec0248c0173b0aa2f74818ea057c42a926c25e76af0df47df2440fc712f9c5760457f23
-
Filesize
408KB
MD5b64dfa730c2681d2faa8e536d81f9918
SHA115bf606c01225c32f77c8539e7ab36b4179f3b5c
SHA256c231699fbdb57d72e97a5187c70295849a3c439cec79c14a9297fd3c303dc441
SHA512ded4d0ccf03321b0bca43f90f22e0441385bc40a71508590d3e647d61ec0248c0173b0aa2f74818ea057c42a926c25e76af0df47df2440fc712f9c5760457f23
-
Filesize
408KB
MD5112966748b40f11ce7715668f4b34d79
SHA1c37ea2b7a5b26888a0bcdee5fb99480395c9873c
SHA256c57ce63508adfb4581968eff97170858c08e2d29d1fac20399c1e7677d43a037
SHA51279ee6eedea33d0467b60e9592b25ec96e26c473ed50bbfbed18d03535a1360a10c178c221068ed42e0900e4c291c1339ac92a981afcb90bd6332e102a42e1258
-
Filesize
408KB
MD5112966748b40f11ce7715668f4b34d79
SHA1c37ea2b7a5b26888a0bcdee5fb99480395c9873c
SHA256c57ce63508adfb4581968eff97170858c08e2d29d1fac20399c1e7677d43a037
SHA51279ee6eedea33d0467b60e9592b25ec96e26c473ed50bbfbed18d03535a1360a10c178c221068ed42e0900e4c291c1339ac92a981afcb90bd6332e102a42e1258
-
Filesize
408KB
MD54118145594cabd0afce9852db6ba5322
SHA17c2d19c44a590dfbcd984c3f2a2acc0986fcca13
SHA2568334c45df9277abf66e605bfc0d478f9e05abdd11a00f66d2f345daf95840e9c
SHA5123167931202b3dda8d51f9d9c8b3eebedcfc2eeedeabcd410d971e87724ee559245bc91828f8db095562046e972b186aab07ea67084311e3d3d1b181d3956c89e
-
Filesize
408KB
MD54118145594cabd0afce9852db6ba5322
SHA17c2d19c44a590dfbcd984c3f2a2acc0986fcca13
SHA2568334c45df9277abf66e605bfc0d478f9e05abdd11a00f66d2f345daf95840e9c
SHA5123167931202b3dda8d51f9d9c8b3eebedcfc2eeedeabcd410d971e87724ee559245bc91828f8db095562046e972b186aab07ea67084311e3d3d1b181d3956c89e
-
Filesize
408KB
MD51e15b9303da0ec963670264e6b80e0c2
SHA1b36540a7d140a9479fe8608bf21c545d9e894aa5
SHA256b9c6c751d61c9d9957ae8a8ed51bfa079c3b0b5503709f51b6a17210007de384
SHA512065bf6c6224ff82b6cd493081f2e09f00df680c6c68729f735597becb0e154229ede60ba07687a4dd137e506eeebb41ddc1867603e40d896a403b7442c26f17b
-
Filesize
408KB
MD51e15b9303da0ec963670264e6b80e0c2
SHA1b36540a7d140a9479fe8608bf21c545d9e894aa5
SHA256b9c6c751d61c9d9957ae8a8ed51bfa079c3b0b5503709f51b6a17210007de384
SHA512065bf6c6224ff82b6cd493081f2e09f00df680c6c68729f735597becb0e154229ede60ba07687a4dd137e506eeebb41ddc1867603e40d896a403b7442c26f17b
-
Filesize
408KB
MD59ecc9ff6758e014daed745c52cff14b5
SHA1812d3d461c21e5033d05e48e02b017231003a7df
SHA256a2f4f6af52415c310a2b5128527b212d29cc2faa8808c3090d4c14d908ce823b
SHA512404eb7d6368d9ec5a8c2b54d15eed63c0167a0f123b5e28ac5d7a46ca03a20b08d5bb191429f6364989eb41ae29f503f1a5f2941a93b3e57aeda319f0cc8c3d5
-
Filesize
408KB
MD59ecc9ff6758e014daed745c52cff14b5
SHA1812d3d461c21e5033d05e48e02b017231003a7df
SHA256a2f4f6af52415c310a2b5128527b212d29cc2faa8808c3090d4c14d908ce823b
SHA512404eb7d6368d9ec5a8c2b54d15eed63c0167a0f123b5e28ac5d7a46ca03a20b08d5bb191429f6364989eb41ae29f503f1a5f2941a93b3e57aeda319f0cc8c3d5
-
Filesize
408KB
MD546e28811fa32e927921bf02be0c6b571
SHA10b4e7d2ad1c89b9a8d47be5e44be0d7eca37df63
SHA25631d8db3640ff38d7ce9d949fa43c6d1ccf66a924b0b6a1e6a3b79102e482e53a
SHA51280d0d09c70b76a8a152e40f2b81a1c8766d15525e3c7abb1113f54483ea0a7b8148af8cb4759f74782b0b995f7c1caf4c247771d1c8cba88f403de5611aecac7
-
Filesize
408KB
MD546e28811fa32e927921bf02be0c6b571
SHA10b4e7d2ad1c89b9a8d47be5e44be0d7eca37df63
SHA25631d8db3640ff38d7ce9d949fa43c6d1ccf66a924b0b6a1e6a3b79102e482e53a
SHA51280d0d09c70b76a8a152e40f2b81a1c8766d15525e3c7abb1113f54483ea0a7b8148af8cb4759f74782b0b995f7c1caf4c247771d1c8cba88f403de5611aecac7
-
Filesize
408KB
MD546e28811fa32e927921bf02be0c6b571
SHA10b4e7d2ad1c89b9a8d47be5e44be0d7eca37df63
SHA25631d8db3640ff38d7ce9d949fa43c6d1ccf66a924b0b6a1e6a3b79102e482e53a
SHA51280d0d09c70b76a8a152e40f2b81a1c8766d15525e3c7abb1113f54483ea0a7b8148af8cb4759f74782b0b995f7c1caf4c247771d1c8cba88f403de5611aecac7
-
Filesize
408KB
MD563863eed57a36e44c20691db304860d4
SHA1b46f4c271cc1f1d49328a35d17c5cb5ec7fb52ef
SHA256e7b3ddd6e94f670865f5c02e04a609c4acb59fd22f0c878cf3e1f3403beaa958
SHA512e7b9c6f1c53d5dd373674997b312bc5f421da3599caa2f403c02f015f0fd9a2eaf20fa222b21623890e3d899adedf52af2ec4b01b3501fdc99c31ea1580b1aaa
-
Filesize
408KB
MD563863eed57a36e44c20691db304860d4
SHA1b46f4c271cc1f1d49328a35d17c5cb5ec7fb52ef
SHA256e7b3ddd6e94f670865f5c02e04a609c4acb59fd22f0c878cf3e1f3403beaa958
SHA512e7b9c6f1c53d5dd373674997b312bc5f421da3599caa2f403c02f015f0fd9a2eaf20fa222b21623890e3d899adedf52af2ec4b01b3501fdc99c31ea1580b1aaa