Analysis
-
max time kernel
156s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
09/01/2024, 06:46
General
-
Target
2024-01-08_aef0af34175c78a47d7fe7a36d591e33_goldeneye.exe
-
Size
408KB
-
MD5
aef0af34175c78a47d7fe7a36d591e33
-
SHA1
bd17e1060482d0ce604c1cdf1abe791c0bd598c3
-
SHA256
80dbd9df3bb5289c5b468c3705855756996298ce4bbb1760a15ed189a3e7fb38
-
SHA512
5a4bfc676608b754c2c7443310361cecd50e069f45e82c4aa116f84914f0061dc4c697682ec4203e9c753d754466f6ef9463132d93e5a184244a0d9b8804e564
-
SSDEEP
3072:CEGh0ofl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGlldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 20 IoCs
-
Executes dropped EXE 10 IoCs
-
Drops file in Windows directory 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of WriteProcessMemory 60 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-08_aef0af34175c78a47d7fe7a36d591e33_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-08_aef0af34175c78a47d7fe7a36d591e33_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{05C08DEE-EC83-483c-AF47-26AEE5FE06B7}.exeC:\Windows\{05C08DEE-EC83-483c-AF47-26AEE5FE06B7}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1C48D2CF-7D8B-4832-8D3B-6C15BCCB1419}.exeC:\Windows\{1C48D2CF-7D8B-4832-8D3B-6C15BCCB1419}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{983B1BA8-EB4D-4f1f-A348-7266963DC22F}.exeC:\Windows\{983B1BA8-EB4D-4f1f-A348-7266963DC22F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{91C281A9-E631-4d60-A53A-883347BDC347}.exeC:\Windows\{91C281A9-E631-4d60-A53A-883347BDC347}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A9C3EF1-EF92-480c-B90C-DADCBFA43B63}.exeC:\Windows\{2A9C3EF1-EF92-480c-B90C-DADCBFA43B63}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A9C3~1.EXE > nul7⤵
-
-
C:\Windows\{FFCF746E-0B7D-44e2-A50B-411DF74F2974}.exeC:\Windows\{FFCF746E-0B7D-44e2-A50B-411DF74F2974}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{19ADC476-737B-447a-9EB7-98D699E445E8}.exeC:\Windows\{19ADC476-737B-447a-9EB7-98D699E445E8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0CBD7012-6C66-433e-A5CB-E780E1276258}.exeC:\Windows\{0CBD7012-6C66-433e-A5CB-E780E1276258}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{45ED952F-18F1-449b-8D1F-596DA8165D83}.exeC:\Windows\{45ED952F-18F1-449b-8D1F-596DA8165D83}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A439914-2C7B-489b-883A-617057D4630C}.exeC:\Windows\{0A439914-2C7B-489b-883A-617057D4630C}.exe11⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{45ED9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0CBD7~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{19ADC~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FFCF7~1.EXE > nul8⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{91C28~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{983B1~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C48D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{05C08~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5d5057cda6f9599e721c26014483b3954
SHA1491e58fd5f701bac73a0a985eeb2f58a8bf5fe13
SHA2563ebd84a56b8b88a3b3182f8ddb8151466e919c0a720579ff67f1dd111b09e58d
SHA512ff8181e7a89ca4929c88dccb28d9be2ae8788701a32011031d2f9dc07abd6fb2287513e85e8d424097d746ab3a880c1b7155e1dee3f8bf8a60cdc853658c508a
-
Filesize
408KB
MD5798e59fd8d78146465bf101b4a651936
SHA1ca2dbff7217415042a637494d3db3caa7052080c
SHA2563223018f05901fd1593fc6f04fb75f328eae37554d0c37dee563daccc7147b7d
SHA51276a3d995d021348ec12ff4b6e02d6721fe7f89d62d4f3e9f7a03d445ef85501e0642aff7a84719e12593b4e4ce9b531cf3a3ba08bed90b02bd0a985ababa1368
-
Filesize
408KB
MD539b786a15271612540488f1b4835208c
SHA1838cee160a28ddc1a6f57e930343dcd08ecd5391
SHA2567e7c3cccdb42ebc8659c2898a51d3c595cecce55798eb8937e892d906863e76b
SHA512c545829c00e7098a93edfdfca7554fde5f5c2d24e4db3df9e4b8258e334c279543452a3455cd260cc6a88db3dac5f6426446ef064b77e9402a8f8a8eaa17883d
-
Filesize
408KB
MD5a8a2bf1f612968b7399c8951d0def47c
SHA1c6a09615230f27fde3499e68438830ef21988875
SHA25601241fea9fdf18803e651c3ba6c1ac610a5f1c378f30b440eec3ead3c7744a6d
SHA5124155deec2d5d905343d99af7e3b8093a2969296189c8439de93a7de1e599bf8b2b2a4941c50e63b4dc5aac0c2b074eafa06d40b9cee09603cc3abedcf8b3b48e
-
Filesize
408KB
MD5c4e4773f4349661cc0fa942e43a02445
SHA1bf9ee2570d8c884b6aa202e04940196b618979a0
SHA256f1b1c91c6f3270c0abff7d73284e764d0d6d8cadaafa0a67ee35852b1c497d7e
SHA512594f5d0d6a8da02ffcd8f0fd861993b9fd0d99d8e0926bebe890bfaca10e03d982c78e7ecdbf2bbe6757a18b419b43ad6e3e8aa1de685de5b40c147d59b67cc4
-
Filesize
408KB
MD517b036f1a69800f4b6290a0e446e2dcb
SHA1a8e24882b061802838395c5d68da362397b7a7d2
SHA256883d469154ea087f69692d76d2e1ab2fcd393e2f79b935d7ab81a3507c4b74d9
SHA5125dec68b5929c823dd0fa2cd5baf9d1efdfd4700b5043211954a85d4c2bdbf34ad023fbceeb05c2faf1792b3f2faacc58a2909bc0c80875880e6fbba8e26f060d
-
Filesize
408KB
MD58eb00a34d6890ca393f84aa0be44cc68
SHA1d486eb6b9adfea61a50a566ebca3be6a8488d9e1
SHA256b312406366757f806a103e487e094a9fe3e37eb6648d83e110e3cf70b3e05c0d
SHA5125f954adc8f59932f85ff6474a207745a7838e4fd432fdefebd5d809bfa0b3903a84c62751ec319810f0bd03cbf275441b4700b87c95c987777c65d94384ef58e
-
Filesize
408KB
MD571c3f67c6f87fdc7a6e7b87c72ef44c4
SHA1441e783a6af315194babdccf55b43bdb1241f19b
SHA256ceef618c5ac3608570bc4580fa1a812e50dd94ed44ed4ad1495a8f9b072c73dc
SHA512435a38c23b2b95c1fe7c08f67621e5b17ab17444ccd421478f9b86c27451b4cb68cad381d43ba25271f1b2ffe278367fef0a78f02a2690b66725f468141f9fa6
-
Filesize
408KB
MD511e7fdf34d31223cb016c91276d87cb7
SHA1ae0e0d2538594964884ce6531014f2968bb929d0
SHA256041e6c1206cb7958ebd481a7277d7e0364a841a010ca75a7213e5c25d49f46ad
SHA5121b0f8061266d8f273168ebdee771a59e239c9034406af805f22d0ebed337af4a7203ddcfc5561ecfd382509a55bf7271011a9ff12d34835eb58d2453f476eb25
-
Filesize
408KB
MD536ffc3e5b74746140aef181e40653e99
SHA15f01c07e96b137483781e34d5060f3394f9f4e39
SHA256b668d4974723ef4575f3206433c91f34fb7a579ac2639af8b390921c1f87cf99
SHA512ff8070a71e4eb1baa253249456805eedee8693ea163f8b58b1937914875a0130150781bbf16959e0ef88f8528b10856abeb76e56d597bb8714b291ff66d842e6