Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
27-01-2024 11:43
General
-
Target
2024-01-27_e0c52b168c4d2b29d3740e92e218cf24_goldeneye.exe
-
Size
168KB
-
MD5
e0c52b168c4d2b29d3740e92e218cf24
-
SHA1
e937be973538132439cbe85d9f8de4bea34971a2
-
SHA256
97c89a5155ae3ade2206c61f62f5fdf430c206f1de545ec11b751d88968eaff2
-
SHA512
4a237e00ff080e458c29412b37bd95671fcdef4f28fa8399c63e3cd650037e7b488d48ec2da5fd4e3b78a2da87e0b81a0a61be3c87d7fbdacc6449d437d4c1ce
-
SSDEEP
1536:1EGh0o/lq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0o/lqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_e0c52b168c4d2b29d3740e92e218cf24_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_e0c52b168c4d2b29d3740e92e218cf24_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6D0C64FA-E8EA-4738-A9E0-6740ECA7B9E3}.exeC:\Windows\{6D0C64FA-E8EA-4738-A9E0-6740ECA7B9E3}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD77CDF5-1A85-4356-990A-4B72E6A407AB}.exeC:\Windows\{FD77CDF5-1A85-4356-990A-4B72E6A407AB}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD77C~1.EXE > nul4⤵
-
-
C:\Windows\{435DE377-EF85-44b5-A8B9-86B65A3476B9}.exeC:\Windows\{435DE377-EF85-44b5-A8B9-86B65A3476B9}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1FFDBE83-C70B-4241-AD72-D6615BE0729F}.exeC:\Windows\{1FFDBE83-C70B-4241-AD72-D6615BE0729F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DA7463FD-9AAA-4bcc-BE04-AA86E05A3B60}.exeC:\Windows\{DA7463FD-9AAA-4bcc-BE04-AA86E05A3B60}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4BABA56E-94D8-4fd1-8EA0-5BE68E488101}.exeC:\Windows\{4BABA56E-94D8-4fd1-8EA0-5BE68E488101}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ED92F3C6-E162-4928-9710-4BD821FF75DF}.exeC:\Windows\{ED92F3C6-E162-4928-9710-4BD821FF75DF}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{95AA0AD7-124A-44f1-B7C8-0D6BAD25D8CA}.exeC:\Windows\{95AA0AD7-124A-44f1-B7C8-0D6BAD25D8CA}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B59DC790-04A9-494f-B02D-F7962E631E2B}.exeC:\Windows\{B59DC790-04A9-494f-B02D-F7962E631E2B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B59DC~1.EXE > nul11⤵
-
-
C:\Windows\{7644918C-32EE-4de2-946B-A2E0392D5E03}.exeC:\Windows\{7644918C-32EE-4de2-946B-A2E0392D5E03}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DCED4E57-03A7-4432-AD95-05537625C26F}.exeC:\Windows\{DCED4E57-03A7-4432-AD95-05537625C26F}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B285BF06-282E-436b-807F-E00722D1C8F7}.exeC:\Windows\{B285BF06-282E-436b-807F-E00722D1C8F7}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DCED4~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{76449~1.EXE > nul12⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{95AA0~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ED92F~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4BABA~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DA746~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1FFDB~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{435DE~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D0C6~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD572256f6ef72b609915c80325e7a5c4a6
SHA1db53afb2970e84ba878ba6cbffd36e0f77136cbf
SHA256ed251c4d4efab43f6d07811a05c1b0b8d6d6ea3b3b0e7c18ed374971466592a5
SHA5127b391d7f37766bba8141e25e97d23f2a9468c4c2f0b3e3a3a10efd1241ad6bfb79ab742f60d3f2a7fd9ed3b0d12e2b8aab5a934a75c5cb0592957e4bf71cd030
-
Filesize
168KB
MD530a2a5f974a984cdcbf433f228df75a3
SHA107f42f0da1969678e1bc4aca4a7d104890397218
SHA2561014e3f4278cd7656a2785b02836ba6a62b05cc3f28e7a15586436095f24f87a
SHA5125efb7e0515dff71334cd650ddf1444eb6e20d79bb181384a2a3f578ba3ce6f4d0c802a9814c121ec9cf6fe184684e327468fa11fcca77f448811034eeaeb013d
-
Filesize
168KB
MD5a0eb0930ee664588c68acee9fba755d4
SHA14fb28c43e7d403b3c2639133a9534db2ee40071d
SHA25663b60018adff2b4eaf29ef3ffbb831fdd2adb3b4124a1cb20a7a0c1017f2b4e0
SHA512d2dc625b8ca039e7494b0a8b346a2b70ba363cba2ce74fbcbb26422ca23b493564d149dbf5629895d6d0f0f7ea68e37696c6f637e899f3d670c6ab091d08d8df
-
Filesize
168KB
MD5fce95f8fabdffe4e72541c5d1e1fb545
SHA1ca893c38f813a42eb172539a3a6b2386a40d5564
SHA2563ff90b0cb7e52cc73745ddd1e76994f63687039bc3632c9ee82881b9c2924cd0
SHA512cbcefd35d556e311524e657be2df27a8a9b0f26ab429e29880f380cae10279a9f771b7c2ffa15323ffad314d93546b9102dac07ce0b2cd6e14a8b97833e262cd
-
Filesize
168KB
MD539eddea3e61e7c28a4aa5fb1f0215563
SHA1de23adfb09def7bba598ea9e58894ecb67482a6f
SHA25684e3e3f7cdbd26906b334f6d1b83e068a63eb279d2321e8a97c714effd0a95bc
SHA512aabf4cdc18acf58f067469cc65cb2a4554792d0079ae0e64e5c87488970e5e8ed53c576f2fb6fce85da8a94682ea14dfed1d3e201c648b7f2590f6d95135a191
-
Filesize
168KB
MD5ed431bb242ea1de2f4a7437a5e6d0164
SHA140a54e164778d4807f5cc1ae4140851068e70413
SHA256d1cd60a3dbe40a1155ad441f0efaff23a221a2f4f77ed69d94c5b0e7bb4a232d
SHA512bf295d2a496c3e728e499c5fb1da9053fa91602cfac6c8b8e457a5102e7ba2d872552edd0754731fdb0197160d89243f2cbf6e7502950f238f500a71f9a4ce33
-
Filesize
168KB
MD50a693a50e31d751b90393448cc9bf9de
SHA1b3dc5bddefc4b20d912a57f5974e76a3c0fdc475
SHA2568d5a3699f6c7514bc2ce780090e5190701993ea58c96ac3a0606158a93145097
SHA512ae9b49b2aed5b2f0a4876b1e75f755a333e2f7a3ea5296ea6be0ca6af93abe49dbd114c25ed52000036354532931aa6c1dc161f2c1f11325121aefa9b7f45a76
-
Filesize
168KB
MD5b7b4f19da3ca91d21c14e30b443aedf8
SHA13569f2cdc2849f4abbe6be5c7748f0d632ad4d13
SHA2569a462c638205c89ae551a9706b558186a9d4b783ca34b137ff99065c33a1b73f
SHA51238d169529c4a625c429a83bc4d5dcd529900c91d4028cfa3b16a5b53171b4fda5df1d304e8dbd14027862228aa74faba465f9fce86c6332572a3fb9b783bb06a
-
Filesize
168KB
MD5a3c48df326eb4cf7866ee2ac17914eb4
SHA13eb3c5bf3d4c4c966952b3094c781368f465b5f7
SHA25610b11408d562aff4b90cb8966dbc41e99cc77bf61a9838460fb56e8f51acadc9
SHA51270aa2b2c5966c8f58395389c79dd894658e58d494b501a3af91817208f8178dca49f5b96a0a8055a2f89f21f8b656ce8337c36c33a748ecd854f7552b396bd1b
-
Filesize
168KB
MD5049057504bb31976fed96fffec04d0e3
SHA1ea821b064407c1c279a77897706984aeb2126fce
SHA256852821ea95000a67f9e3f3d08f46b5ec9ee0a9b0c96b007cf6cb2cf4965d985f
SHA512b968f50743cb134a1d921efa424367683891f888be866b71cfdef551895fb2264ca65c52fd36c14ae3c31939e55b6952c21def4095c33e12017256a3f6fdfbed
-
Filesize
168KB
MD5b15bf4257970462e5772059cede7f18d
SHA1e89f29514d7288a0ea9757ad7f1c31be3f61fe39
SHA2568d1b0f641b12df985f8699f4593dbacabea90c8f9a6f711269ea423187307d01
SHA5122c9310902fbf4027e0a9010c1176b2c79560be69e292443a5a881bb38ebb13e4a321650eef41a2c69cca32fab5ea84c1c43afeb68530c02c7d1980607d11a5f4
-
Filesize
168KB
MD5d062e65c23a5ca5882756ff78f4fe452
SHA170354496251226d4c61806f6c38aeae82519b58e
SHA256a51bbca360e69d439fc9527374fc31d90aa5b151977768849c126a10f0afe55c
SHA512f2d6450629412acfea9301838312b7fd7cc130a4ec959c5850a08856ffc043fd83fd26591efc33c750f43d7bf23a1645827f843ee6d8e1a7cf3823ea5d654ccb