Analysis
-
max time kernel
150s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/01/2024, 11:24
General
-
Target
2024-01-25_386057845b1cf6cb6bb2135e02f1b81b_goldeneye.exe
-
Size
197KB
-
MD5
386057845b1cf6cb6bb2135e02f1b81b
-
SHA1
600d0cbd701643815c26eaa246ddce2aa37cab44
-
SHA256
1c79a8b69b7bbd2045fe0be9b51fcbe008c28a8e60be0188489e04ad12261b3b
-
SHA512
3941e616d9f4958726f29e69fbb64158b753fcc5d8a8d900449b0251ccccfd1c3cdac4c3c6eec9e7c190e4adb613463d0f0279281662665f285a4f1e684e706f
-
SSDEEP
3072:jEGh0oJl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGDlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_386057845b1cf6cb6bb2135e02f1b81b_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_386057845b1cf6cb6bb2135e02f1b81b_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4663981F-96F3-4cab-8966-350EAEE6DB27}.exeC:\Windows\{4663981F-96F3-4cab-8966-350EAEE6DB27}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AE6D3478-8B5A-4b2c-B1B2-3A827E16E25D}.exeC:\Windows\{AE6D3478-8B5A-4b2c-B1B2-3A827E16E25D}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AE6D3~1.EXE > nul4⤵
-
-
C:\Windows\{543E0744-2C8E-4576-8BC7-3A2E7C8829CF}.exeC:\Windows\{543E0744-2C8E-4576-8BC7-3A2E7C8829CF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F53A72A7-3F94-4e4c-A18C-6BE87CAD9228}.exeC:\Windows\{F53A72A7-3F94-4e4c-A18C-6BE87CAD9228}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A5B4EB5-6A12-4515-AC66-8572CCE37F3A}.exeC:\Windows\{0A5B4EB5-6A12-4515-AC66-8572CCE37F3A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F61DC6FC-B5BE-4d8d-83B2-0CE2705DC491}.exeC:\Windows\{F61DC6FC-B5BE-4d8d-83B2-0CE2705DC491}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0E589FEA-CE49-4878-9F17-C3F1E44ED192}.exeC:\Windows\{0E589FEA-CE49-4878-9F17-C3F1E44ED192}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8599FAD8-E74C-470e-AC64-D3ED15BFAC8C}.exeC:\Windows\{8599FAD8-E74C-470e-AC64-D3ED15BFAC8C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{52AC4D5F-5FE4-4c4b-8D32-731DB44F9476}.exeC:\Windows\{52AC4D5F-5FE4-4c4b-8D32-731DB44F9476}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{26A88DE2-0996-477f-AA0A-1D550A99CC86}.exeC:\Windows\{26A88DE2-0996-477f-AA0A-1D550A99CC86}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0E3BC451-EC91-40c1-9DBD-A2F6E1596535}.exeC:\Windows\{0E3BC451-EC91-40c1-9DBD-A2F6E1596535}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{26A88~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{52AC4~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8599F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0E589~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F61DC~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A5B4~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F53A7~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{543E0~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{46639~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5e696a42652314b157d4f82d2f1dc11f0
SHA128c858e91e88700a4d675b2c0e1551e1fa0ee7b5
SHA256fb69d717ec38ffc52efd9545946cd6f1c11701eafa6b7e9ee0eb42ca627e48b1
SHA512c596d58c330b80a1a5f82a679588fa4ea74eaa250df5aa7ff85efa06221a736a821ae941ac40535481d8cc74d88543cf9e968d501278d17d3affe1bbf93b0992
-
Filesize
197KB
MD57a24ee894e2f97ae1afb0ec613a28180
SHA1eef91b89aa4d420fc5b29427573232a108e76416
SHA2564f74e78b113eaedabdaf3346c905758b20f62bf616f0dffa3374917c4eb22807
SHA512b290c39997f7387ed72cc468c170668ee90442276f2de19c94bcc78329f247556396cb65e6a2e1ef13856053de35bb53e77ce943c1853e95ac83fecfc1fa8fa9
-
Filesize
197KB
MD5ed79564f27a02cbb20e761bad9b667e9
SHA1da8e9dd7d1e1295aebbf2d07822f302aeab305b6
SHA256f26144cddfa92bbf6fd6c7f927a4804ceb7a63f4b3c89046816423a2f8196ebc
SHA512d435156db46cf12dc07d12f995aa0dcbee041c01ba6e6c5888bb0ce45e422564a3de4c05a6ac5b29515419318eb9e485df1740a13e710226a205f96476e5eac9
-
Filesize
197KB
MD576e14fe30f08725148bf8feac7ac8096
SHA1a41c5883a2b04add8dfd1dca4ff00afbf6364575
SHA25686b91b5c2621bca2f3b7bb5b678d266ae685fe9b9854138e0b7094a6c8639a65
SHA512b1cbc238196ba51b7027e1381c72e0183f909773bd653e52a055d61e72677df2eeabfaa3e3a6f69ce4843730f61660f3654d7bf1888b44f6aa7affe39d66819a
-
Filesize
197KB
MD5dfe2f80aeecc3f213f25e07a9a6efc81
SHA1cdae99e1e072bdbdd2db77b7d8025026a75e33c1
SHA256e47d79425a0c88006d084c774e5ac13720844817c9962ccb6fe49b6769029753
SHA5126e5021e5df13918c72a06de97c0edc92bba6f23cf76de23680522136387ea780e80421dd831c47fa2d68e622b6e5d3ad369ab467882d94d53ba897caffb66e48
-
Filesize
197KB
MD57aea64fca33cb22c22b52813a5563d72
SHA1bee3b05ce3017acc8c94644257457d7991a9f829
SHA25605f84306d3b0df2af5221ff91757e1bf1ad5f3339d2ab268b9ccf11455ac7b03
SHA5128ceb9f011e7fad0311db486f3cfeebefa8227a0f62142708698694deafac4a67303a6ca106af7f395c12786d030d6528dd72d60ef1f4d80c4ae53e7ee5338b46
-
Filesize
197KB
MD55ba4a4f330e14803631bd6a14a9d6f26
SHA1d693a478252aad4a26444613882e3cc404da18d3
SHA256562110814c832ef81ab99a1c8379a9188739a50a472e4d44588f1fdc62bc72d6
SHA51264a61a9badb3cc0dbfa6b4cf585d028105cfce43a055d65a857116a3b4088e37cc584b078c933b4e22d04c517cdd98d4cc99ac10a0a225579ea854094d4bb63a
-
Filesize
197KB
MD5759b5c02ce077311b90b8c60412db72d
SHA1ca9528dfbeddad16a7fa6c959789727e5c22f84c
SHA256f12de04e28e78abcabe79e7fc9f3c3dca93d81d10286bc859a75b1a042c0320b
SHA5128e703198689a655463251783e3e06d783e35fcc970a758c49812e6de50b858e706b57ee578add76176feb9014fc8be970f5532f6c7000feafa986f7dc94c167a
-
Filesize
197KB
MD5484d423f3930755d5d336c402e79d9ee
SHA11f55ce081537104cab60335f60ee2cd1e09a7670
SHA25601e279a07b531efa92f9787aaecb89e8f0013cb90bf6b2e2628ec509be6d0a69
SHA512cd0a4975b65417246fce126101ab2f3c919fc9156799ce391ca00c69eb5d6f11612355d8d0fe809c5737e3670c5d6aa2ef5140cd67a4c0225f4b8c8824b7bdbf
-
Filesize
197KB
MD53ab9fc8258bc6f60568889657dd6ea6d
SHA1cb93bd957213ec280996c230928cf7d86aae0296
SHA2562ff0611815fa79beb863b2507a996a050691ecf4fabde2170e3539edd854e8de
SHA5120ab09cf20f424faf08ce0df5682a728b981367e9b3e2ae235951219d10a4bea550291164fc7e7568fa847cf9486938f0173c65dc0f868ac7b5ab704fef8c2e2b
-
Filesize
197KB
MD5d746becfe77d0bbdbce322cd954a1877
SHA1552988d0500abc9d684183e3b4cc51f7d78f33d4
SHA2569861504720b51a0efcf671114c1d5704b90ccbbfe71d21962834274b7228bace
SHA5121faf370d6362434bec5dd72d6c2059c2b6053ca75dc7f3ff706e6f471196c70f6893917707289983f92ffbb5a9bea4da7418317bb60b175a8afb40d7498f8374