Analysis
-
max time kernel
155s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
27-01-2024 11:33
General
-
Target
2024-01-27_7a74af8273ff547010a7a1ac14c05e45_goldeneye.exe
-
Size
168KB
-
MD5
7a74af8273ff547010a7a1ac14c05e45
-
SHA1
36f26deca1ca2092f8567c0cd75b40a84c57179b
-
SHA256
a40060d3bcc43af3123b2b90f4d1e775190f3df626b866411ccadef5a0a9f5e6
-
SHA512
1b3eade4501ddca0f9ccf93391a1a9039cd3537d9eacd8a3f14895b3fcc2c2c9c535b4b63aca5e74f2c1442e1c3adf625d9e34326ad710fd6e6aa7b4cc020549
-
SSDEEP
1536:1EGh0oHlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oHlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_7a74af8273ff547010a7a1ac14c05e45_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_7a74af8273ff547010a7a1ac14c05e45_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{474EF86F-7221-4042-822B-EF9446E7003E}.exeC:\Windows\{474EF86F-7221-4042-822B-EF9446E7003E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4A02F349-A640-4bed-B2FF-6D7D403EF2C5}.exeC:\Windows\{4A02F349-A640-4bed-B2FF-6D7D403EF2C5}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F45DCC7D-E003-495f-B06A-173A320CF8D0}.exeC:\Windows\{F45DCC7D-E003-495f-B06A-173A320CF8D0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3115A2F8-12DF-46e0-A8EA-9E4026874895}.exeC:\Windows\{3115A2F8-12DF-46e0-A8EA-9E4026874895}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B8E7C5CE-4563-4366-9FE6-CF963BC85BF6}.exeC:\Windows\{B8E7C5CE-4563-4366-9FE6-CF963BC85BF6}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E732AC3E-405A-4271-829F-190D6837D035}.exeC:\Windows\{E732AC3E-405A-4271-829F-190D6837D035}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AD26297B-9CCE-40c6-B690-D6189440560E}.exeC:\Windows\{AD26297B-9CCE-40c6-B690-D6189440560E}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{524B982D-6BCD-4ff4-A615-0E0A5823E7BF}.exeC:\Windows\{524B982D-6BCD-4ff4-A615-0E0A5823E7BF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD3750F5-021A-4cae-9F29-FA129EFCBFB9}.exeC:\Windows\{FD3750F5-021A-4cae-9F29-FA129EFCBFB9}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{03BBF717-B84D-42ef-B3C3-A1B5D7CED47D}.exeC:\Windows\{03BBF717-B84D-42ef-B3C3-A1B5D7CED47D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{201E6EF5-1273-4652-85FC-A4F926F0DC5D}.exeC:\Windows\{201E6EF5-1273-4652-85FC-A4F926F0DC5D}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{03BBF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD375~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{524B9~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AD262~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E732A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B8E7C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3115A~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F45DC~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4A02F~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{474EF~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5660cbd9ede67d722efe02b958d5757ab
SHA1a94df7208b4dfd783ea7dd98c4a174316e8aea8f
SHA2565cdff6328385cfdfe8e26a4db5c5d618ae8b056f9304e406755f9d62692bc56b
SHA512303c2f9102133f39490f3da12b6302fd89db1c3dbca7e9db547d86fd2c310bf4efb6c8ea7ec343f3205a198deb2fc415951ac419c13401e59efb982525b7995f
-
Filesize
168KB
MD52f018259e2aa741accae0021d2fc3734
SHA161577893d3a1e490df4b1b86cb8469389c717387
SHA256649f17acf9202a88e2a97fd5ec3cb876f452f3910c56bdc36778b32fd21a9ea9
SHA512634da54bcf706dcc8fb580792a6bcd568f4a0eef7fd670aca512d7c16f6cbcf0c83eb4a67e5d140e1a28cf5d7000811353d98a43f622351ba1b082f4687df4dd
-
Filesize
168KB
MD59351e2465c9c284e891fa1f330d07650
SHA1d417f4e60f016d7f877c1f50846a6c7c3616a1d9
SHA25666838d0ec1d6b25d4dd7f43cbc17712ed119ff98476cc47f573c8084a73f0f0a
SHA512fdc46bee1f96e3887df6c9ad189212331bcbb0dfcba06e045ff0fd65ef6231a213ea64c92db98eb02e279aa7d530d9044bce2ff42d557b691307177038d836c9
-
Filesize
168KB
MD52c988b16ce18e18a98bb0c4dd6570359
SHA1e330830764207f57428840bc7a5786e85cad3ce3
SHA256e3a4cb999b766ed98cf28ea0d5b380b5974df860ec1ab77c5228ddba9aa1f80b
SHA5127de48d4fdc771781b9f381255c010e4edf1c0359a6e146db79329f42fff32b29eee93e290798fa22f467b2f2935f5fe5c0897200b5153cb976e1ad874f37a583
-
Filesize
168KB
MD57cf1038f03cac5ea7ef0b96a8bb7f51e
SHA167d7331b153760a2fa715f37de60c31c068beb42
SHA2564e18569bdb22cd4557a40527a6e29c217fc8f4fa04e33ecbf0a5c055c6596509
SHA5126be711360b1d69ffc01bb865b3f9477a0903f3ccf40a5f0655c2c962442fad5eb0b46862eecde8fccbd4a3c44075043179d408396f8ed1ff9681fa635f7f8c7c
-
Filesize
168KB
MD53260e643b68263a057a7988e1c76f798
SHA1dc99ff037d041b88a45eb430ed725e66fc9a09ef
SHA256521c55373ad8e92a2f0e38892938d6f145287aefb10ae3203d34e6986fc97799
SHA512265a89d475e7f299b9856d3767001082fc8384e5a7e469cfd1d6e209275dd05855e9e0f61360e2e2e2f43febd951adac6ec0da077c4a4720a7327ce01bb55751
-
Filesize
168KB
MD5eb75ac674da4433704c2e4a6ec8d6b1f
SHA1166e120164de9c1f2ee57e12a136e97dd4da4542
SHA2569ef2357aed48f734b17ca1dce23073168d59eb4dbd6820f3984d25e79973f1ab
SHA512a9817463fd8a45875c6a934458acf9cd8dd44e2f1f5b0a11b467bc5c3688fd4ad448e9a67c660bdecc62a39447a06c86af660c7175c87a48f09146d28328ddbe
-
Filesize
168KB
MD547d6f8e34d5a89cc27a58e6866c4acf1
SHA1aa211739697c986374b42c37c73a93dd9d16044a
SHA2560fa4440e7903d2787a7ea049eeaafaba750ef895e4461c2148bebebd6d5317bc
SHA5126eea6cec1df97f63c0a1a0f484e6d2bdc05f0b56b63fa524fa42ab1f4bb0566764932af672423c08e602840f7e06f03c27b8c60af7ee4904a51567f4b02e8c49
-
Filesize
168KB
MD599221dc08633c3e5060fdb312c3cb8cf
SHA1d14444023c589096227c1197381fcc8e4e6ed991
SHA25608d002c60d441108fbb50716fb00f53bab9efa404e15e8f6c7803648bb7e67e1
SHA512c8db2420d4aca8649faa0a11d99a74fc7994170986d26743ef51befda0507f151c79cc56036b43a86a8733350a6aeff3f36f715bd411d8f777ac0d6f7cb60dd5
-
Filesize
168KB
MD5691c36a6d78fedd5ea5713b060f75d83
SHA1ae1df8cffee4653c8b070d55db693ae1c4a2a9d6
SHA256e14486a017c7a2dec8f3c46b866e42dccab5240741b54b239f2b4e4ca506049f
SHA5129e001252a434c8085b81aee8b241c2a795b93e0c4e23edd0eac9abe43793cde54f359b11d2c7427c90bf5ef0f627f167eeb199cd9f85008dca05c29349d8c362
-
Filesize
168KB
MD51d207cc6aeec8b0bb787efa06e82b81e
SHA1a4edc3e28b22a061811c47efd9f10413a6916e27
SHA256d2b3b19e618d180ac7c83a9ce04379f97e3f1632b0be8c3eb9083705968b627c
SHA5121b0b78e502ea1371e566244b3f50487a04cb34a08c448f08d95cc286099247a2f37efec34f8c564c9e6acf670be30baba51ee590d5c35c4cf4ce7bd8e9254372