Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
23/01/2024, 18:44
General
-
Target
2024-01-23_f6c35742c3da621137d5b64c96b2f02c_goldeneye.exe
-
Size
408KB
-
MD5
f6c35742c3da621137d5b64c96b2f02c
-
SHA1
e11e5270efad8079987e6ea519734787dac503bc
-
SHA256
564afe36d46e6b2be13ff04c022d4a4acc51947a159a24af30334b91b4d8363a
-
SHA512
ce8ce61a022add13ad1761196448689a6b9630d933b873d376aa585610b9cc9c7ee21cb3c6d9c1b8e27edf6cba584ecd2ca4cf38eb0b10a8ab5d8e7fbd8dbca4
-
SSDEEP
3072:CEGh0oil3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGoldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-23_f6c35742c3da621137d5b64c96b2f02c_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-23_f6c35742c3da621137d5b64c96b2f02c_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8F9F3E77-6A21-4b5b-998F-38ED2F351F87}.exeC:\Windows\{8F9F3E77-6A21-4b5b-998F-38ED2F351F87}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{70BE5376-38AC-42fe-B5E8-89138D97B4EB}.exeC:\Windows\{70BE5376-38AC-42fe-B5E8-89138D97B4EB}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{60894DE9-A94E-495f-BEF9-2A07AAEB2099}.exeC:\Windows\{60894DE9-A94E-495f-BEF9-2A07AAEB2099}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{989F1C13-88E1-494e-8F59-7DF504F7E86C}.exeC:\Windows\{989F1C13-88E1-494e-8F59-7DF504F7E86C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E0875F9D-60A0-4b8f-A8CA-904083720594}.exeC:\Windows\{E0875F9D-60A0-4b8f-A8CA-904083720594}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C0DBD043-2A12-41c7-9283-F74D8F388798}.exeC:\Windows\{C0DBD043-2A12-41c7-9283-F74D8F388798}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{396E974C-3BA4-469b-96EA-037ECE5D83A6}.exeC:\Windows\{396E974C-3BA4-469b-96EA-037ECE5D83A6}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E5800BC3-3EB6-4f4a-ACC6-C7DBFE1AF2E2}.exeC:\Windows\{E5800BC3-3EB6-4f4a-ACC6-C7DBFE1AF2E2}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A7B879D4-FA0A-4229-94B1-4F479B9BAA52}.exeC:\Windows\{A7B879D4-FA0A-4229-94B1-4F479B9BAA52}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D18C7955-003F-477b-BDE4-C81F3ACC9C99}.exeC:\Windows\{D18C7955-003F-477b-BDE4-C81F3ACC9C99}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{08407D76-EBCD-4f1e-85C0-EB1ED9549186}.exeC:\Windows\{08407D76-EBCD-4f1e-85C0-EB1ED9549186}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F4F3A449-2505-428a-9487-BBD147480897}.exeC:\Windows\{F4F3A449-2505-428a-9487-BBD147480897}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{08407~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D18C7~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A7B87~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5800~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{396E9~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C0DBD~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E0875~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{989F1~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{60894~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70BE5~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F9F3~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5fee6c301fca9cc6ee9411fb0bac1de05
SHA1e9aa6702c6aa6854958d8c0d8e7ea9116c8a55e4
SHA256997760ccdb383fcfc155caf3f26499d3a0884815a572904a87f5fd6dfe970fac
SHA5121f0992e9407374b82c4b131f192d27e029a56ed6e798258a3937bec01fb14544bada925cb0fc3dd513baed014edf725e225dc86ff4b6b96cffc272b4982b5808
-
Filesize
408KB
MD58373eb046d0bd90d7c6d43a4befd63c4
SHA153511139876ca5093ddf5d324a170213c97b8621
SHA25607c9db31cf8bdfe6b9ec9994abeec5789b26c3db3e3eb2552a9a7dc4a89ecaeb
SHA5120a1d007fa92309f7c8fd1b5069a9652c70b21e9a6c7b47f1f8bb56fccae20947f31133ca532e16a11d13469d9689bb99ebe4b09320ee48c795f2782f80ddadf8
-
Filesize
408KB
MD5b37844a76aa9bfbfebd0d9c2200b120c
SHA18d683f365e9cb3d7b76ee60a63c95db451900fa8
SHA256469d5160a2d428a5849fa6b9c7136db399ef83066978f37ad59938913fd11ca1
SHA512520f1ebaadcb89405f93136581a2e6d6cb10bbbf7f3d50cf56fa2c88ec057cf5129ab3f5408aa7f20fcd62b127fe6c95143a2e42bf707aca6e70328096ae0186
-
Filesize
408KB
MD51b8fcffbccccfe79f24be978534441d5
SHA1ab8ba94f7efe10616f83e47f9c96cfce2a5f96f9
SHA256944565dcc5bdb780e06e52f83c808f2af309924ed83e54566ac597d1d2787b15
SHA512a2459804adc22ec94402be18f76ee9336aa5c7ee8c6099d8a21c3ab644712f3c4c505b4cb88f75f8e55f743abff5ed972ecd8bb91b36b89c056004fde4ae1bc1
-
Filesize
408KB
MD5a0a24bc8f0c7c290a38b2186ca7f5544
SHA11965a129dae8e8a392b70993ad4d473eac5f942e
SHA256fc34224be7f808765a827e9b4d0bd561d6c028617f26deeb5f40be1e6e33a7ed
SHA512b84864f445bdc7fee3275b4685a81055a74453782fe9c76d4456a13cdcd7ee8bc98988ee938b333bd45201714f79b8ec3c1f3c8631d1ef9c128b168ab172ec9e
-
Filesize
408KB
MD5c8b7b78f78bc9913e2a37747a56b49fe
SHA1b9d25c49ec28b7ed57c348984077e9f2c41a7d8e
SHA256aab3bce9fb507a89a61c987433cef32ad7d9718e69d8f0f83ae7df06135ee12b
SHA5129b568d9876bd2fcfb60ac8609083e653bb7b2a031607ee7c0ababb48020ed800a8604718fb709633833a654f8a4731b8b206c96f60a7f8a11be0329f0aa259b3
-
Filesize
408KB
MD5cc890cbede39e40c9cc8653029fa370b
SHA1649df63bd68edddc63553c25308bc1786191bc8f
SHA256c2369fe704e7b4f3709bdc64a539c0d68abaa6ecd60924a974f892edecefa78f
SHA51288d3deb34b16872a11b0735f4d2b5225add929d595a5adff248a806712b3c3b357a6f899dbbb71d9785b2825ebbd5b5890ef7016993410e337e0783eee455f44
-
Filesize
408KB
MD53e705234076489c0b98ab9986d4e324f
SHA1496c7fc12839e6e08f3a7a6da54bffee2f794579
SHA2565f7e94467f317cf53f5f359a6562e249f57849ae06fc39a457562c7f74b9229e
SHA51267059968a264080b890ae3652523ce4e8153722a826a0f561b19275096fc4c5b3f7a7a12830551896ff203d91e81d8f2ccec3b5886903a1c1e70a3be99112883
-
Filesize
408KB
MD54ae6877ff6c575d57c8828f7b98dd17d
SHA1f353f9169cd25bf439f938e583ad43899e4c2125
SHA2568f378f741a4bca5a70d617eb98947dc5824d28601df4d623ae4f65beaa1e1530
SHA512b92d18e1d3b6c85e91a16259d47c04476c752f535ec4a7f3763131199ace22c85e9912921df4ad0cca6f5396789f55078d05b90a46d7c7d77491504b397f4c7f
-
Filesize
408KB
MD5b55baf4fd121eb0d5b6689c8a65d86ec
SHA1a3064a9e5c99476a449f08472d294ca57c11737c
SHA2567ff8832d24aee4ea7ecdaf2266b4272d34dc76887707fb5b33eeca0a8866ff02
SHA5120f052c75bbb2c450cb303711fd0b32b4c58c67f374215649cafaf705ff4c81509f6f4cfebc760e1d46f3092927332199ccb43d3eb3b1316b3640d86db5d23c0c
-
Filesize
408KB
MD5ed80df20a649d43a9499184e5f38c061
SHA19065b4adc9ed2b662a406ee2f230785aacd88195
SHA2567f454af7f47cab43ed50041453d7397f9a8d212dc344c207e302f3ab8c87306d
SHA512487197b63af5ab68286ba699d9d1a5b815f2fe2e81327ee824b94e342ff64f402266e80e1730a367f29d6581b6ca38378e0d53c969a515805f561063067428b4
-
Filesize
408KB
MD59f52db5152c0cf15a7f782e95b67198b
SHA1c46d5ff70bf61250836e4082a5df6d5d2c643c69
SHA256174bb5a930400f6ec57ac6341c3562d22c4e18151c4a257d4d308c4689578146
SHA512ae652121e46300ef3cc835f8d572e8c9cae992423d7c3b284e97ac9639d562ec1e52f9b75bcbca65a229aa5df30560cca39c724b8145571903756a2201c47627