Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
27-01-2024 19:31
General
-
Target
2024-01-27_675805472f71a27c70e43c8451bf2131_goldeneye.exe
-
Size
380KB
-
MD5
675805472f71a27c70e43c8451bf2131
-
SHA1
8642c22c36087adbf38321f4c0177d5868116850
-
SHA256
6785e5448df4114c11ce961df33622545e4c06f4381bea27f766168b28253c42
-
SHA512
2a10295e26aad2f7a7437481701ecb971ee270f1f41c27b2108288e63f56356b238e5192bb058c6318d427b92b66e65b825b22e20659b2a3efeff41c8fc8c2ab
-
SSDEEP
3072:mEGh0oWlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGsl7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_675805472f71a27c70e43c8451bf2131_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_675805472f71a27c70e43c8451bf2131_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DAB9183A-30EE-4a90-B9F1-4F826010100C}.exeC:\Windows\{DAB9183A-30EE-4a90-B9F1-4F826010100C}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C7022548-10A9-423a-B01D-F4A620833753}.exeC:\Windows\{C7022548-10A9-423a-B01D-F4A620833753}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E3E6C029-308A-4542-BF5D-1CC8C6D30546}.exeC:\Windows\{E3E6C029-308A-4542-BF5D-1CC8C6D30546}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E4C85171-F8B8-4071-A9CD-7D57AEF25451}.exeC:\Windows\{E4C85171-F8B8-4071-A9CD-7D57AEF25451}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4166BD14-EBD4-4b9b-B8E9-6893161F4B8E}.exeC:\Windows\{4166BD14-EBD4-4b9b-B8E9-6893161F4B8E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{009A1C82-7783-46c6-893C-209F3BD05318}.exeC:\Windows\{009A1C82-7783-46c6-893C-209F3BD05318}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{009A1~1.EXE > nul8⤵
-
-
C:\Windows\{0AE2AEB5-92C8-4c0e-B2AF-30988F5167DE}.exeC:\Windows\{0AE2AEB5-92C8-4c0e-B2AF-30988F5167DE}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6DA72A8F-5355-4d8c-86C1-7AB62F1D2EB6}.exeC:\Windows\{6DA72A8F-5355-4d8c-86C1-7AB62F1D2EB6}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8AA90812-E711-4cb5-A69D-7ADDF6990B0B}.exeC:\Windows\{8AA90812-E711-4cb5-A69D-7ADDF6990B0B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8AA90~1.EXE > nul11⤵
-
-
C:\Windows\{D51E272C-EA34-4be2-9D32-648860FC19C3}.exeC:\Windows\{D51E272C-EA34-4be2-9D32-648860FC19C3}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8ED1DDCB-8354-4c16-A244-AB937C0A0EDA}.exeC:\Windows\{8ED1DDCB-8354-4c16-A244-AB937C0A0EDA}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C70D418C-1108-4087-8C6E-E70FFB322E00}.exeC:\Windows\{C70D418C-1108-4087-8C6E-E70FFB322E00}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8ED1D~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D51E2~1.EXE > nul12⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6DA72~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0AE2A~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4166B~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E4C85~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E3E6C~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7022~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DAB91~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD5b63802f691f4899de6470c08fc89d3f0
SHA198c0bfdaaffedbdf6444d4d46658fc3df6bd7794
SHA2565518e96b8d2fd6a4ca98b8e7c9f53fafc8a1f41ab39e0a5c10081132d70dcd70
SHA51240a2202bc3332f130c01fe6c318bacc4dda3d1591f5113ee2580f762d2d4c9749898031e677445a96feef28253da962765aa7a1890494b710a20cccc13808172
-
Filesize
380KB
MD59b0da1ff217f12c16c3f42a4054692e7
SHA1315f7e93eddcd2d1e35c6acfee45e2eff824cc37
SHA256d3402b40868e000b3a53f91a61f69dcfe6097a819011bfab8a74e33e49e145ec
SHA512a2047a45f55bc3eedaa578005b6e87c240ea46c0aee09828ae3faacee8101bda0eb0c1260a11909c56e6891a67209ba5e6d888bc6741acfc3a7986e6c4ad1c8f
-
Filesize
380KB
MD5eb619faf42d78158c9e9cdedb31a976b
SHA113aad340f4c572b53f6d5f7123a0c8aca86bc197
SHA256e808121b0bfe0dc9de62ab6686cd18f1d547f180d859d7fac97d826f108855a7
SHA512227a9d1aa67449aaa665a81f671db198544b35a435461810b90b5580cd2096545806b256d53684b1914e9ca9b13aaea626acd89a9cb8ccc40e769f19fad5af02
-
Filesize
329KB
MD5f6fbb32c98e72f80a213a960f68d18c2
SHA13a37432c98020ecc96333a2cad6749eecedf0e0a
SHA256b80e4d9013e169683984b659daf8f151be3d7fb5d94d5edc26f46693efcfb6d9
SHA512c9e3ddb1777afb482f4a7a65e66e771c907f6433ba9ee234e94ec5901b4bf478f23b31032e35682a5578472e7a4db2fb76db9211776401fdbd39b6c7c64a0010
-
Filesize
380KB
MD5132463575b5edeac50779ee51a848d16
SHA1bb298f98095974244534589b0cca46fe682258cd
SHA256759beee670fd6f72af9b3e296b186b036178f7d44317818095364ccb7a2d70fc
SHA512bc64fd7fbd7c108650a113bb2ba699617b78f70236deb9323ed67cdbfcede68fefa49ed18fb682728854a59b72e26eee040d35902d5c952eceef1bcfe6b7e654
-
Filesize
380KB
MD55b3748d4d3f12b134a8b93ca76069b20
SHA10929bf8e4f590519fafcc529fa9d9039e9423e99
SHA256a072f5a2c8bf6a584d83de54083da153885039c72bb7c343dfad12e1c3c74025
SHA512a837b4c46c55b3b870ad12a31a04e254a0904c5e4e7419950cf4b59089f70f6f0d8e66cd59a2a6715e0d5da62623df55beef767a7f016cad9715819b89525a06
-
Filesize
380KB
MD5cd172b8712f1f060e3730c5499d2661e
SHA1fe9748e69a7618175489e80aad1ac33286a0db44
SHA256276deb60dac045689b8ee73b92ff8898c2436811a2f93fb06493be5811f717d9
SHA512bdde2a382b890434c382fd4df15ad2c3fb87a8ba8d17bfab28b9f609276898b32c90193c18229ca549de8533ddfa29d1bf365a7ce76f0e21701565ff06ca0a32
-
Filesize
380KB
MD5c4bd069488042e272ef7e9c64a3be257
SHA122122dadf899c9a9e4078ad4504a1703802b619b
SHA2563781dc96fb7a0e85d17f7c159012974edfed7afb75def1d06ab7e75a2264e7d3
SHA512d0386e7c69154b753eb50119d0805db55f4682c9cd65a290a65e30e96b9646b2cf38b7130cb26109789e33107739e152e48f6ee5881d5616efaa612094cce5ff
-
Filesize
380KB
MD5a7982ad12fa4cb3b5ec9abf2ad9ec2d7
SHA137dbd85d3e31d16bd10a23bd1b6d8e1b4dc2da48
SHA2563072f27f471898e88fbcc35ef359cd0eec51a85cd4afd95945600d70faaaee4b
SHA512b85a57bd263d4b9c07f76147228f6e3ba5bce1aa57125d07fddd2c2edb3d43c0b9f5bfb51a3e1ce01932d71f37d8868d7bee06a46efc4e6b3501845b307c9670
-
Filesize
380KB
MD5231599a076a7f157c6bfb54de3265645
SHA1e2cf7d7416274cde9b928c067949367bfd20c57f
SHA256605ce12a3155125441a9c9464b552e12f349944fd3c76785e1f890a9e6c1650a
SHA51240592a574b2a5a86c49da7d7426c140f6742c0d8e8d456d6e0c3b4ed73b24f8a6a632e8b7b7eb63db805f58ae9a25f41b8de29351ebe2bb4e72e166019367ccc
-
Filesize
380KB
MD5ba4c7e05ec30e7f7c76374e2edba0d7a
SHA133d2778aee969f089cfe91b866410c32dec72ea6
SHA256c5ac9bbb78fd41e21afa24225963d2c0c13c7f42b865eb5502710375f65655bb
SHA5122e1f124868f09cd8c82b83ef4a4cccc502b3018849aae45100f7c716d5e83811de1af68b883daf4854ed6903cd638e9d559b34b2189efbb48a17862037c43c47
-
Filesize
380KB
MD55b22c2c308a3f54ca0c94edef059aa73
SHA1e0a934661604ec11b27205972e63a75ba6ef80e4
SHA25625b5305dcf70bc880470b09e3a25bb08c87651dfba088581e15d5f5c56dc1b3d
SHA5124082c517841a2dfc1fa21468d8547048e95105f6aa789c00287144ee8b3c08bdb54766dbef6caf7611c0af334c5dce350a5fe619aab6d640db34b318baefc9f9
-
Filesize
380KB
MD5236eb93339d8d84a762b0281f68c3a2e
SHA16ef25e63877da9337d3d0eb3d1b10faa95e8a5e3
SHA2560460b7f4d29a2fe27fc7023adc955f4f25136c2cabe41501dc6d7de759f576af
SHA51252c5294e2c9c99859d3ecac57af63c7637cc4f57e57ba10b43ab42cbe985c43410720340efb8b053c9ab54232f03d6b247a5d509e8cd06381e4b757ed011a9c8