Analysis
-
max time kernel
63s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
09-01-2024 06:39
General
-
Target
2024-01-08_44bb71fa7eef02f8d57aa4ed6a841325_goldeneye.exe
-
Size
216KB
-
MD5
44bb71fa7eef02f8d57aa4ed6a841325
-
SHA1
468a6c2885afeb5bb8e59ba88bba522556d6f1c5
-
SHA256
d535181fe62e30a171a3af14055028c92c2897e3c0563c2faf1d521d9a5da377
-
SHA512
d1bba207c7023d484a023a52f6890c6363cbd3e94327658931b865d53c3659a356648661a6623e41bb95821d30505eea0b5686493e93014a2742f48db10bdde8
-
SSDEEP
3072:jEGh0oel+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGMlEeKcAEcGy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 10 IoCs
-
Executes dropped EXE 5 IoCs
-
Drops file in Windows directory 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of WriteProcessMemory 30 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-08_44bb71fa7eef02f8d57aa4ed6a841325_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-08_44bb71fa7eef02f8d57aa4ed6a841325_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Windows\{18BA8924-19A3-4b1c-9CDE-A4D21C8D6249}.exeC:\Windows\{18BA8924-19A3-4b1c-9CDE-A4D21C8D6249}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18BA8~1.EXE > nul3⤵
-
-
C:\Windows\{0A520DBD-A1CE-457c-B6BA-796567EBB0BB}.exeC:\Windows\{0A520DBD-A1CE-457c-B6BA-796567EBB0BB}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A520~1.EXE > nul4⤵
-
-
C:\Windows\{90E2D5D6-38C3-4ad3-92EB-4A2B5031C545}.exeC:\Windows\{90E2D5D6-38C3-4ad3-92EB-4A2B5031C545}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90E2D~1.EXE > nul5⤵
-
-
C:\Windows\{6D5472CA-EDEE-4f49-87CF-60F10C25B5F4}.exeC:\Windows\{6D5472CA-EDEE-4f49-87CF-60F10C25B5F4}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D547~1.EXE > nul6⤵
-
-
C:\Windows\{51272A4D-C98A-4be3-83C8-B519DF8B25A2}.exeC:\Windows\{51272A4D-C98A-4be3-83C8-B519DF8B25A2}.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{51272~1.EXE > nul7⤵
-
-
C:\Windows\{E680945B-63BA-4f17-8E4E-CEFC3B132B40}.exeC:\Windows\{E680945B-63BA-4f17-8E4E-CEFC3B132B40}.exe7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6809~1.EXE > nul8⤵
-
-
C:\Windows\{D588D714-6E66-409d-81D6-E44D60DCA4FC}.exeC:\Windows\{D588D714-6E66-409d-81D6-E44D60DCA4FC}.exe8⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D588D~1.EXE > nul9⤵
-
-
C:\Windows\{EAD755DB-2B1A-4e2d-97AE-2E9EEF8A0931}.exeC:\Windows\{EAD755DB-2B1A-4e2d-97AE-2E9EEF8A0931}.exe9⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EAD75~1.EXE > nul10⤵
-
-
C:\Windows\{F5211374-E76D-49ea-856F-D642616496CF}.exeC:\Windows\{F5211374-E76D-49ea-856F-D642616496CF}.exe10⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F5211~1.EXE > nul11⤵
-
-
C:\Windows\{0DF1BD9C-2357-43b2-858F-1328E36BEFA5}.exeC:\Windows\{0DF1BD9C-2357-43b2-858F-1328E36BEFA5}.exe11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0DF1B~1.EXE > nul12⤵
-
-
C:\Windows\{9F6FA544-927D-4d7e-BA60-53F46E9E63E5}.exeC:\Windows\{9F6FA544-927D-4d7e-BA60-53F46E9E63E5}.exe12⤵
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD512c9d11ed73de6ef0ffa1af6cdff3fb6
SHA1cfff6ebd7d744dbdf809c20e942d25b3b1e8fcb5
SHA256238bc57469a5213061a082c84fb9bd922ef7917c4a7105255363a26f394ad655
SHA5129508406fd97a19e72b6eb3c45f8068f44348badd0f80355adcc463e6ef8ace18dc53215a4c46a41b923ee83f8b7ba7581eba6f097fa9731dd0fe4209d4b4f1af
-
Filesize
80KB
MD5a07d4f8e43cd685d49be6156255bf199
SHA161c93b5f791ffb6fa0af14edbb9386770698aac5
SHA256eab2de98102c0bf56a06a734ac2ecf7104553a346066c9e9320db6ca2d696943
SHA512a4189482e31239503cbfc48dc9d97642b986381dd2b872d5b9eb9e7499863bfbac163cc2c124b6dd9e2a01ad45244db18eb76970259e7c384a5cbff1012a2c5f
-
Filesize
1KB
MD54bc0c8a9188ba80b6b1d123f1538b01c
SHA1f970f1d1eb981593f5dce6c92a843c45a5c93db2
SHA2568d808b2a37d78acca7fb3cf18ce2a6c378433f6f09a1700955074eec9d0673ec
SHA512c9ee2ff3915c0df23c16a774bcd2e4a8584e4d938b10e998e95e7095975d88c825c7d1d681916823e64f9076d739769afadff629f6aa608e4e14a41b9d5b5bd4