Analysis
-
max time kernel
63s -
max time network
69s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
05/01/2024, 05:39
General
-
Target
2024-01-01_208b646c7b92c68ecd40ca6cb2fb70eb_goldeneye.exe
-
Size
408KB
-
MD5
208b646c7b92c68ecd40ca6cb2fb70eb
-
SHA1
e7efd508fe79cfadeb03877fe7a68de6d3c38f1a
-
SHA256
78c521e3c236dd3a0916d3f36a3f3ec80c1a0ac601af2fc9d01d69584268b933
-
SHA512
7683ad19738c1a5d380c16f2c105efe63531395854bf5cd5429aca9ab1621b489242949ff1fcce6b88ea69fcdb495874038c5f0c0f4f0db18dc724e40fde510c
-
SSDEEP
3072:CEGh0oRl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGnldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 10 IoCs
-
Executes dropped EXE 5 IoCs
-
Drops file in Windows directory 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of WriteProcessMemory 30 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-01_208b646c7b92c68ecd40ca6cb2fb70eb_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-01_208b646c7b92c68ecd40ca6cb2fb70eb_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Windows\{9A47F802-503D-425b-B9D1-7BEC65FB90CF}.exeC:\Windows\{9A47F802-503D-425b-B9D1-7BEC65FB90CF}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A47F~1.EXE > nul3⤵
-
-
C:\Windows\{BC0C0700-ABAF-4768-B17D-149F34996FFC}.exeC:\Windows\{BC0C0700-ABAF-4768-B17D-149F34996FFC}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC0C0~1.EXE > nul4⤵
-
-
C:\Windows\{D627675A-9CBC-4d92-8327-5FD4D675EB40}.exeC:\Windows\{D627675A-9CBC-4d92-8327-5FD4D675EB40}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6276~1.EXE > nul5⤵
-
-
C:\Windows\{0F56DE8F-BD71-4d38-9671-F2B80F63B858}.exeC:\Windows\{0F56DE8F-BD71-4d38-9671-F2B80F63B858}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F56D~1.EXE > nul6⤵
-
-
C:\Windows\{90A09BA7-CBB1-4171-A5C6-3823A684DDDB}.exeC:\Windows\{90A09BA7-CBB1-4171-A5C6-3823A684DDDB}.exe6⤵
- Executes dropped EXE
-
C:\Windows\{B899C3ED-9BDC-48b2-A929-000F9F036CB6}.exeC:\Windows\{B899C3ED-9BDC-48b2-A929-000F9F036CB6}.exe7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B899C~1.EXE > nul8⤵
-
-
C:\Windows\{5C6D43B6-0906-4f11-82DC-57905F9C6412}.exeC:\Windows\{5C6D43B6-0906-4f11-82DC-57905F9C6412}.exe8⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5C6D4~1.EXE > nul9⤵
-
-
C:\Windows\{6F2377ED-DC38-4b2d-932B-80397BDEAA05}.exeC:\Windows\{6F2377ED-DC38-4b2d-932B-80397BDEAA05}.exe9⤵
-
C:\Windows\{9C95663D-9741-4eb1-A33E-E3210F8346F0}.exeC:\Windows\{9C95663D-9741-4eb1-A33E-E3210F8346F0}.exe10⤵
-
C:\Windows\{37D92E9A-91B5-404b-9190-4E6C847AD93C}.exeC:\Windows\{37D92E9A-91B5-404b-9190-4E6C847AD93C}.exe11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{37D92~1.EXE > nul12⤵
-
-
C:\Windows\{D9954E40-A3D6-4c8a-828F-EBC31368D2D2}.exeC:\Windows\{D9954E40-A3D6-4c8a-828F-EBC31368D2D2}.exe12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9C956~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F237~1.EXE > nul10⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90A09~1.EXE > nul7⤵
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD593e0325f43036ff8dbfa0ce5b9f81d52
SHA10547db84561d2b553df75beddd5ba25780f32c78
SHA2564f7dbaadcee2b660e08e0ef8308475b1ff78acaf0bc139df800dd315f272d4e9
SHA512d0239f3e930d2f2aa2f38e33a4e827c71caf450eb25fbe604861dd9c00d6916728277d31bee7a63962da8d7243b2a8ee154843612614b471e490537644379bf8
-
Filesize
35KB
MD530b83db96111bc566e313726994e80ff
SHA1eb7bc0fc4136babcdabfb883232a2acdf4753df8
SHA256ae61e981e0ecc05bdfbe3673211a5068c0991f3301773df47905ec1dbf62e234
SHA512cfc9c70cfab156742de1c36e5e12067cf9058529a49847e6caab0ad9d32cd06b1c3f16af006f1e8d3f15df7766d8414889b60fbcf6a2188c77c4e4404881f47a
-
Filesize
1KB
MD5e390d5e1c9a5f95b99521de37c76e69b
SHA137cde85109a08b3b0d68aef382e00b09f3768e2d
SHA25680ca884b931bb88ac3c9c819bf370704a34239361066e032d31c01fe2e1ee4c6
SHA512fad1ef08769adc38455e2b5a614e36854b41144719f164202398888d97d387dac4c98de29088b222fb2756fe416ef6deb4fdf88649aa55ea91de4927542f8e69
-
Filesize
24KB
MD50b5431535fe2114fb24bcbba24276bda
SHA15cf1bd99cd23c73596cb853c034462875a223651
SHA2564cbf3c3de0da53b97de41db063d70cceb667f109f614cfec5ab38a9117fd7000
SHA51269a01ecf09fd77be42a801a494cd3c2479f8da9fe111041e692c70b592a779d1579366b66f8b8c0535b54e3e372e66e2f406e791f9ab14c7458fa848b83ed498
-
Filesize
43KB
MD5d83db51dcb8992bd698421864b93ea59
SHA11a874a5b8b81478bb2d084c4b345cbd124230413
SHA256ca824e912c832ea214be8846af56f62873592e3024d8157d2ec5e8e272cc1981
SHA512b5c60f8a31167ba7e8f94286efe882b69cddb0ff45c263db8ebe7ee2f0fbc16b8f669b4f4267a1ccd223296e04fc8b885c5055b37f76c845e568ee29762a64a8
-
Filesize
5KB
MD5a07457e12644607495c5fe79db99202a
SHA1810c15b0dcb8bdcf59594c0b7ecb7e273537a4d4
SHA256f23784e7f0ffec2335e94f1593c7ce216770a21acf448eb8265e92cfa20f8419
SHA512d4a28c032f5e61fc1135b8466d37d7f6a8e34a6385a6d78f7f4e0f0e146eb48821f163854c88e2ff36e4beb92eb5f2b58cb5a2f2994191ccf9fa7789b00f31c2
-
Filesize
48KB
MD583278b28d42a0630389205dc08612967
SHA1127ab7703540a8aecc6e0df822a59b0c9de62c21
SHA2561a567f9a84d997efb43d46e72321f9cd2b976ff73f0440bbf3ef8c6bdcacc722
SHA512247c4b58011abee2eed75a51c02672689635714a4492a96578b63433d260d49ff93c647df2dd052ae6e379b21b766157883b881e42b69564df34e99365cf44ac
-
Filesize
32KB
MD527edb503eb8a703973dd9d6e2c623d1d
SHA1dbbcf519917022ef0c2804a377af94eb06216596
SHA256e00945e2cbac7927ddafab29699592ccd1404a6fd165f3725b1dd926e9ea2db3
SHA512bd843eb5875def050abbeba6120d22ef04e19103da3035e4013328a6947077b9467b5d8299318fe7d643741282d61ce875da1e82dbf76edffa97b0b0368b034b
-
Filesize
17KB
MD5fd58570c8147aa1b2a03581f8f652072
SHA121013adf9ffc80a5453bf588de8a87030a54648b
SHA256a86d1eacbf8d044ede05a9a2d41731bca27ee7f737f521c4e52a7d1d15585884
SHA51227a1b03dec798f6c7113b020e31d7ee7cdaf515a85e4bb41052af02dce8bdf4370af82705c5c988f603d588b513641962a7e338b98568808f4d57cee7e510959
-
Filesize
53KB
MD58c9f31a35299465be90b02efffb50664
SHA133b463d8f8652f02d2084e10ea9f26ffa0b57f89
SHA2566f309c300477cd93d593098af03cd14af433f0e371d92d60451bcb0c9fc14418
SHA512a7e651e575f96dff5af629ee9808e64370a2410f9f641f796ba13f3a578c6e5e54e5b6631d1eb5dc1ffc65135286a3ba0f323daf0aa579f7248997390c8e5f19
-
Filesize
16KB
MD5f6fba2418ded1a89d8881da915817364
SHA197a5369698da5701072de44daeaf66ef9d1ca342
SHA2560ef980e05d9db32fe0d641fc771eb493fdeb9163f2296c70051436ff52105916
SHA512b8b35b0109a0eb9bb0851174dd16644362a9baf75dc12d386ec05d7f3f3b3c1e3a2b456740a0d9afaf3f7bd5542db8b9ce69f368d0118695ad2f105cb98fa4dd