Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/01/2024, 14:25
General
-
Target
2024-01-25_1ae09e21086541e8bdba42c3abdef102_goldeneye.exe
-
Size
197KB
-
MD5
1ae09e21086541e8bdba42c3abdef102
-
SHA1
51b295a33ec89053a3637fe40c1b325fd91ea03f
-
SHA256
b1f35a3a1f42ba940dd1d2af345963b6c96d312bd2c95edf0a6b25e97793a097
-
SHA512
8addb071998a116f6fec1a69451b90d3adff391ad929052e1a8e8f5ae7cebf93033f294e647c45ad8079a1f8cad3174c107309a956dbac89c33fb73d09b10615
-
SSDEEP
3072:jEGh0ool+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGqlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_1ae09e21086541e8bdba42c3abdef102_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_1ae09e21086541e8bdba42c3abdef102_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C1C071B5-32F1-4ab6-ACFC-4B2A544C83DB}.exeC:\Windows\{C1C071B5-32F1-4ab6-ACFC-4B2A544C83DB}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5FE93482-9795-472c-80D8-833E8FE1DE1F}.exeC:\Windows\{5FE93482-9795-472c-80D8-833E8FE1DE1F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C708357B-C8AA-412d-B612-1C8A9B2FA85B}.exeC:\Windows\{C708357B-C8AA-412d-B612-1C8A9B2FA85B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{81F4F8ED-A4BF-4f74-95EC-77D4BAB9B56C}.exeC:\Windows\{81F4F8ED-A4BF-4f74-95EC-77D4BAB9B56C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1AD4417E-57A3-410a-A9AB-E667AEDC9E3E}.exeC:\Windows\{1AD4417E-57A3-410a-A9AB-E667AEDC9E3E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D3BC196B-B4ED-43b7-B290-6C8FB6564BEA}.exeC:\Windows\{D3BC196B-B4ED-43b7-B290-6C8FB6564BEA}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{826C4DDB-7C11-46fe-81C3-64C7872A87BD}.exeC:\Windows\{826C4DDB-7C11-46fe-81C3-64C7872A87BD}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F52D07EB-6374-4553-B202-76995AED6D40}.exeC:\Windows\{F52D07EB-6374-4553-B202-76995AED6D40}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EA9DEC90-C5F8-4202-A5D8-CC018207F648}.exeC:\Windows\{EA9DEC90-C5F8-4202-A5D8-CC018207F648}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{32832589-EEFA-421b-BD52-3CB0D7CDED51}.exeC:\Windows\{32832589-EEFA-421b-BD52-3CB0D7CDED51}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BA85DFA7-8702-4aab-91D8-CE5103E00930}.exeC:\Windows\{BA85DFA7-8702-4aab-91D8-CE5103E00930}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BA85D~1.EXE > nul13⤵
-
-
C:\Windows\{635935D9-196B-4097-AE26-645505314352}.exeC:\Windows\{635935D9-196B-4097-AE26-645505314352}.exe13⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32832~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EA9DE~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F52D0~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{826C4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D3BC1~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1AD44~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{81F4F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7083~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5FE93~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C1C07~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD53c0e299e73f94da079c0c41d73a0f031
SHA176e166f8fd64b7a84962ee041d4de9c512e55e98
SHA256fe20b155f7dce39c9d03dbb883faca64f6881df24ca7711ffb293256e0f5fb4e
SHA512d2008f2fb18d2da63ebedb02ac435225f08ed6b4a213f0e6d34bab8d3e9e429ca02e121ef924c84f3f203ab1d03e798269a636b657a0e3346d7ab436586856b2
-
Filesize
197KB
MD50a354b4c66b17d55ce5011668d7ab182
SHA10c02cd7a23a91a3bffa62c8e741ed7be3538edda
SHA256e0a4573d2dd4fb2f853fadbcdbc7fdde39551d670ffcdd1fd922def8bf6c3db4
SHA512720d90a09a66f6c9f56a1277611f669b8eaf13a7180729333ed1744a03df8397ed86b3a1fb1ab3830dd338c1ea75e969cdf3744400b8f368495b9a289c282b3a
-
Filesize
197KB
MD50e72c7c7d077e2b137c8c2d9ea7c1417
SHA1032311226de457eea9ea55d61a8d803b2c8eaee8
SHA256a1f6c552a153abd3904ba5b9b17b70368b14b8c6e55dbde86561ba7d98a238e0
SHA512954dd18b048f0474399e60f504145135d4221b9cebd73ff2436e76a94d1e4d6850529953c71f1106efbdd791d9801b43da6f0ca9ee9d650edab243a94f3f1afb
-
Filesize
197KB
MD51fb19ad772087f46b075b3b1cab0ed90
SHA1e1d3d88631b1e923fab24cb58f8b31bb4b0bbb74
SHA2563ca1f094238c0bcbc26c3fd3e2ff2c04942c659a7c1756a20b63b3c0489ba440
SHA5128a587f79dc4030eb9300804030cde55bf5ac27dcb1a43f4521c622ca374e243910c495fe56e0de3ff9e72384916c4bce6b71d504887d81fdcc349d53ff931314
-
Filesize
197KB
MD5f0b1f62a077a8adc2c80f862596d4c5c
SHA18a16df0f6ee8e9507325183fc0099c5f0c5e4a43
SHA25657a22a70ded0895c96916f3f1dd3ffe96f6a82203c18453795a388abc32da965
SHA512b9f94d9084aa826ede5d707065cd544242ca93611a085cdff228b520b0a60684c151ecfd58966b1d57df2089fcd1789f822f1e4ef4cfdd803b2aed377df832bb
-
Filesize
197KB
MD5081d68db2516bce012a951e5b2c04358
SHA1c74bec56e0f307b85adb301255bac5dc3b9363eb
SHA256d34edb7c74848efb07dd4667e87a90eb89bb4e9f156093062ea9162b0ec93c59
SHA5125126fab64dd9c2354b0bd40afcb7f07abef3ec2a9b2b4f8bfdde5caadd4cc52652bc7deaac28803008dbea10f03247f795831f6f70d191fd089194dcd5a87626
-
Filesize
197KB
MD5f228d4b055fd84b2a12deda8b22aa4bc
SHA1a66e3d066d0b74145781d2794b1baff3854ed5b6
SHA25617d424eabcd2537de885deb6756d2df8958d44322eac2524d4631d32e8dac2dd
SHA51290252f58fa85eb76996104da74d1346f534a13fd5a225f0f5b25cb7bf331010c95e6feb60ace6f062b45756d5c6ea3f551f114feb9b6fb638ce807962ce764d5
-
Filesize
197KB
MD539660644eacd212cc44d1ea5f285ae91
SHA1bfd673fd3d9beb756f1e89e14563a6a0c0364c31
SHA25665b3219bb194b8b444335f061522e1758f5255bc5828fc0bb643352d6944658a
SHA512f71e2490b60fa7618abc1f39279eafe2992c463ad7ec292b066ef0fbe3020674bfa0cb63df19c054b80fcc27eaaf1b023b94de0dee4406f89fd1f7ee7fa9e6e4
-
Filesize
197KB
MD5b883c2216a8f74d25ec64e62bf71bcbe
SHA1e3dc23df935861cc82769f7d8c783a0d092aaeb3
SHA2566df6303962d0b73d46267ddaf86391410f15c111588fcfcd6f356edd3b9ffafd
SHA51250b70350474a2d10313049b79dec530fbe0cab30626e4717a5e06b738ca2f1e2644f494e715959affbe98db0a377786b7724e0f223993fe9e9be13931330ec75
-
Filesize
197KB
MD567fd1156dc1d2d65491416f51ba6a028
SHA19585d23331238f51ff2d7fbedace9467337da334
SHA256ccfd12ea7a2a9567ab73ed150c59fc3914a56c303d833f3233eb494a0b4adc81
SHA5120525678ab27e7bfb189f54c27ef095b9203618329283908ea93e2c1867e39fe4474a406f274a269bbbc6e77e0b652ad0526dc1207fc0d5d44c5096c7e17418a6
-
Filesize
197KB
MD50a4263628369a78620e03f0e59a2fe25
SHA140706306d54c221d4ebeed60042536054fb5eee8
SHA256c781930bb8582216a4fa99ef7413c182fc571940dbd03678cc65312459131c0f
SHA512144254cd504aa9f19d02ef2dcb6c1d01c957143c23777827aa08ca9beaa9b532a6be3253b1fb8cad60c35debe785c5e8cfa6981792cd4f81578bca843d7782be
-
Filesize
197KB
MD57fc836611320eb4cf2c6713e3b2128cd
SHA18b84de9ad9a2cc85a5aa3b4d58268fb46b6e8df5
SHA256bb23fe5f9fe17bd5f4ddeac8bf9ca4759ebc8c92002bc6fb9a8bdbc98b8220fc
SHA51222af26173beb5d8d62196016da300ef2bfc89ab729d148bc05c3a9303ce5656ded1a6675fb8f553dd10b96421f877cb77d440e9da9ba4a1ab40e652ba823586d