Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
28/01/2024, 08:43
General
-
Target
2024-01-28_d10212723e61ed24909b906e620a767e_goldeneye.exe
-
Size
344KB
-
MD5
d10212723e61ed24909b906e620a767e
-
SHA1
acbd4a21b5e0679d8971151e0092514f6cfe3dc9
-
SHA256
7d969909277d6dc541e11218ab1b447e45d46684efa92ac8d889bfff96c9de37
-
SHA512
c3a371b8266ee8597a24f390b8b3117f088b9534e29ee7b805023c33917888856183d0fd4c755e8d2621c7a5e20ccd58c04c170f9e218109ba25819369fa03b6
-
SSDEEP
3072:mEGh0oIlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGSlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 14 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-28_d10212723e61ed24909b906e620a767e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-28_d10212723e61ed24909b906e620a767e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AF7360A8-6E6D-4a58-9A0B-6CD03D056B36}.exeC:\Windows\{AF7360A8-6E6D-4a58-9A0B-6CD03D056B36}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A52A0877-9C83-4112-987D-3D790C0EE872}.exeC:\Windows\{A52A0877-9C83-4112-987D-3D790C0EE872}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A52A0~1.EXE > nul4⤵
-
-
C:\Windows\{B418DC06-864D-49bc-A47B-84C1326F010D}.exeC:\Windows\{B418DC06-864D-49bc-A47B-84C1326F010D}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B418D~1.EXE > nul5⤵
-
-
C:\Windows\{E876B941-636A-4f21-9204-12EA3ED031F6}.exeC:\Windows\{E876B941-636A-4f21-9204-12EA3ED031F6}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{58C2AA87-AF0A-4896-8387-382F35408FA8}.exeC:\Windows\{58C2AA87-AF0A-4896-8387-382F35408FA8}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7AA6EC20-0ED2-47c7-A78E-8532E08DD2E7}.exeC:\Windows\{7AA6EC20-0ED2-47c7-A78E-8532E08DD2E7}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7AA6E~1.EXE > nul8⤵
-
-
C:\Windows\{8B9DD611-5CB1-4d1e-A874-6E25FABA5170}.exeC:\Windows\{8B9DD611-5CB1-4d1e-A874-6E25FABA5170}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{552A19B5-190C-4b4b-91F4-542FFD9709A6}.exeC:\Windows\{552A19B5-190C-4b4b-91F4-542FFD9709A6}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6FAE7A44-E12D-4c2e-B2F8-9EA481590F72}.exeC:\Windows\{6FAE7A44-E12D-4c2e-B2F8-9EA481590F72}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E800C65E-E28D-4bfd-BF89-BE7B7AA6119B}.exeC:\Windows\{E800C65E-E28D-4bfd-BF89-BE7B7AA6119B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1CC6E494-119E-4103-B27F-8C32333F6DB9}.exeC:\Windows\{1CC6E494-119E-4103-B27F-8C32333F6DB9}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9E74D03B-FC65-476a-90E2-0395B4F5775D}.exeC:\Windows\{9E74D03B-FC65-476a-90E2-0395B4F5775D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1CC6E~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E800C~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6FAE7~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{552A1~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8B9DD~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58C2A~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E876B~1.EXE > nul6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AF736~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD580e965300d73a45a48f6de2766f41d91
SHA1f4e9c45f4644d778361434a3783af81c03ad30dc
SHA256c9a36f9a19c7d0ba4f805522cab675d70a5fe8b8427ba7a2d02a20b2300c53da
SHA5120adf04f9b96d75fc6c8de349af6ef5b2786addba9964fa293b989d040225667be84b6d060d5dd2ffb67bd701a876f4707f94c8bd88bb942198a879e9edbb7ec7
-
Filesize
344KB
MD5663be42c11c70e89b85c5852aa80733d
SHA165950f4712ea0c3dfeac751ce0966a1c0edf7a62
SHA2560c2546b1603b6e7b0b5c8ddf30079403ce729687ab16d530f533c39564c70cbb
SHA512d3354b49dd2469766145a8b9afcebde800701cb7021b8730c0ab438ff02350a0fdbadf687a0153c05e8e2cf619a418614cecbcc5df74b83019b5089f61e3eb32
-
Filesize
344KB
MD5486671a6ffc2bce4d2050a6d34ab8771
SHA1443ba298f5a1a6157be5c0bee0c85e1b18e22b45
SHA256727f89d2e396943017a3172db990502242aa190268ed22b4d842b4cd08a6fe58
SHA5128db3705c1705c906c8d5584ec09f2b508cb1a88d5c4fa74b0796ecd1e62050b954f375ba1bc7664c3b9cf53e947b8191822591bd9d7bbdb1e516a70f3301cd94
-
Filesize
344KB
MD55e795ea07f2621294d00bb1dd83c18b8
SHA13e1deb8381bff64d9267157ad4877f302275a9c6
SHA256fd13c0b156562c8e4acf10442e7f8ede71233504c27d5077d69944ce78753fec
SHA512e8b0ec53057a0406a4ca23224b02463830b211813d55357ce10cd68e93087f4095aff764bbe3a1e939850d881eea101dc436d0ddc91729dc105609c23e5e3b4b
-
Filesize
344KB
MD51b9dd92f70336a29b9894cb0ae589322
SHA1fd83f983e1526b6e0aeb0426623970ce22529f14
SHA2568bbd8109f386daa6b7cde4eb479af1310900820f6a05dbd96b0e522ec156c1e6
SHA512b2c3b5a227433c4b9082f8f5c29f2543d4e75f9642cb77c94274ff54fe1a3db8bacc4d15ceb2b99d8c774516b989ed0a2c50e05d375d34687b24ff0e650a56d4
-
Filesize
344KB
MD54afbd3905b5c91960227f8fad29de3a5
SHA103cad8a132d3bace5f0ef5a8a6b00c155903384b
SHA256a7c4c819ce9a21f4bf95d538031d95deb39169f9123c8c0623c5c7751945b803
SHA512807ddb8a16942ec3ff562955d972d5699cf5c6bacaf4965d03f32730d3a516b6f94fa8f20875225cd8f982d788d91bca424d4d911fae9f7e6d6cfeac9be24db8
-
Filesize
344KB
MD55542213877a0b321e2c024d525539ad0
SHA1a7f718c21672323d8796633c731133b2fd07a2c7
SHA256fe94623946b737220bb64c1b5a944f17fabbba1b341460008e0f71c121aac779
SHA51246af290b6f72c54a9003679b882dc346f20c2586b5ca52b05126d97a92ba9a0f842c1e9ac6298f8601077fcd642a2f613aa03249e0bde55e5606cad35535e543
-
Filesize
344KB
MD5a6bb4be6c6c29913ca18d462928b9b1c
SHA1301856400452372eb44e5bab59ddedb977eb013a
SHA256b86539a479cda691ffc6884f7dc16a5848207e7399bf6d0b0415db0593860333
SHA5122e2615fef10b1027ae175aba233783b8bca28a5f9130923507b510cb44538ae22d82f6a4b322b2862c2d8cfd45adc4000e9dcd09b409a18454dd78d6b082f2c6
-
Filesize
344KB
MD5af6828701c06ea92048821e45d2a496f
SHA11f3d9676089535ede27fea70507953631c36fcff
SHA256bd095addad02a1db9b680e2e1523790014f1ac1c40792e5e0ae69662fdb18d7c
SHA5121ca8f84894bf794c17e09fb71f9957bd9760bf640aacd69d714e40ca3fadb478f7d084de2e3c7a836fee493e9ddf281ec878003c4af097e54b8d6e18a0a81bae
-
Filesize
344KB
MD5c1944e4f352c303a34d66a9a9bf5b60c
SHA158808e9a3481a7362c9d9ad9d126474db567bfae
SHA2566313c6b29da046b4625ae03da3e7480e786c9d874675eb7ddb4c5878eca42409
SHA512035d34c22dfa59951507d79196a02cb7bcae337e6a6149e61bc7c65b58926cf32f1717c9c45a5d628d45f693d303e02623dbce8c64d832fdf03c335a45ccc48b
-
Filesize
33KB
MD53bb4d0aff650f69f1179c9447388454c
SHA15ee94f039b8e338c41f9d6ed1016f23615c651be
SHA256659274af196056ab5b37387967575cbc6c8c1b68d88b363584f6284b22ca0f21
SHA512194d0bc5773da5be0e81dd22c881b826380cb00901b7c23570cf8a017496af6cbda2f7c52f3f4cf8b6ec770c79178c77e673a0dabce09e0213afed322821fab7
-
Filesize
344KB
MD593ccbba4c83c39cdd6ba520fbc55dd3c
SHA193889c9841fd0573c1cb363c5afe47a1937d4ece
SHA25627a1d82f6b099c9c2664e06d0a258e50aaeeb2a2ae9c4b87bd4ae4ac0a1ce0c4
SHA51210816d37a5e70e79cabd123cf31131270552b76402ee3104d1efdd03d0dc69a7e194921bd09eb27228333b526c24f020c263002902d8970f894c4320fb0dc615
-
Filesize
299KB
MD5bfcf9d589a590da10f6e2a7a76f21e02
SHA13da04f504d1e2637606ca5112d728f5bd3846ae3
SHA256b41fa5803178f603d527d20291eb1681c48a326dcbbc94a14470e6a039c96130
SHA5122db041174ab1aadee9b2e2d59ec94aa6b8397002908aeb738f4c58a4ddc73284ccd1551dabec8966da4ec8e8ff11441afe379f89c0e4fd7f967a34ad83201ea8
-
Filesize
315KB
MD5cac8c56b04d8e1d91e140cf495f49b3d
SHA1d2febe040b84690c5af1c049cd11d2ffb956ac17
SHA256dcf13b898cbf760d8a1b6eb5d329fab531a72583cc98a191f0e0ea37563574e8
SHA5122a039433305c454cedea73a215a96d10c4070e92b5c72cff8c9f1e12700c09a999c17fc371f17399e8fb4e3dddcf693b2de132e05fc7154cf473f9239fcc2e3f