Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/01/2024, 08:24
General
-
Target
2024-01-29_371d81a5c737f681b1d109f250d18c5d_goldeneye.exe
-
Size
180KB
-
MD5
371d81a5c737f681b1d109f250d18c5d
-
SHA1
6517b318b1454caa33e3db2c4f21c7ae2159622e
-
SHA256
58a238b55b7077fea744225632b62e92ec3f69af49366d46ba54725c4313cd2f
-
SHA512
ff84132e04e7b82903135a676d6d89f18492d5a25ba2f4a12555bd2aac1e9aa6a0ce231190d09ed54b818175e5ab5bc000fe4e660e6b6fb7517668f9436f44b8
-
SSDEEP
3072:jEGh0o/klfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGWl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-29_371d81a5c737f681b1d109f250d18c5d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-29_371d81a5c737f681b1d109f250d18c5d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F90777F4-C3A1-492b-B09B-867C19CE8131}.exeC:\Windows\{F90777F4-C3A1-492b-B09B-867C19CE8131}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9077~1.EXE > nul3⤵
-
-
C:\Windows\{68441D49-4745-41bc-9485-FF3844112F27}.exeC:\Windows\{68441D49-4745-41bc-9485-FF3844112F27}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68441~1.EXE > nul4⤵
-
-
C:\Windows\{828E75AD-771A-4315-8F3E-98DEF2C5CC2D}.exeC:\Windows\{828E75AD-771A-4315-8F3E-98DEF2C5CC2D}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{828E7~1.EXE > nul5⤵
-
-
C:\Windows\{3B4AE3B5-E6FE-4900-BDBE-B6AE9818E187}.exeC:\Windows\{3B4AE3B5-E6FE-4900-BDBE-B6AE9818E187}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B4AE~1.EXE > nul6⤵
-
-
C:\Windows\{DA6A50E7-85E6-4fee-88B4-7210F473E39A}.exeC:\Windows\{DA6A50E7-85E6-4fee-88B4-7210F473E39A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2185001A-5541-4649-8651-BA35EB8612EF}.exeC:\Windows\{2185001A-5541-4649-8651-BA35EB8612EF}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D359615B-124B-4f67-B086-63A7484D7987}.exeC:\Windows\{D359615B-124B-4f67-B086-63A7484D7987}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9A765841-84FE-4f34-A827-F523D06F1DD1}.exeC:\Windows\{9A765841-84FE-4f34-A827-F523D06F1DD1}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9FCA09F3-6C3B-44a3-83F9-07FE7375B2DB}.exeC:\Windows\{9FCA09F3-6C3B-44a3-83F9-07FE7375B2DB}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B8B72E78-647F-40af-BCC6-B86E3D8F862D}.exeC:\Windows\{B8B72E78-647F-40af-BCC6-B86E3D8F862D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A7532852-3595-4349-BC0A-4062DB46EB2B}.exeC:\Windows\{A7532852-3595-4349-BC0A-4062DB46EB2B}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B8B72~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9FCA0~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A765~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D3596~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{21850~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DA6A5~1.EXE > nul7⤵
-
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5fc006ffd3be04e8bb348291a2bf442b3
SHA1b63120a70043faa2791e776b60ded2f05d04fa79
SHA256b3633c51d2e006659d572cb76ac2b3c6d9217155c406318d7a41e4da3985d5d6
SHA512b944b53d261d5c6f02211ef380ac918cc9b91df95d377c13e92973f327f064483e585fda563ae90cfa905b462fe18b92084325be267430a5821e3322d1f99144
-
Filesize
180KB
MD5a45a12d4ff4ebeafb437ae2d36f1ed8e
SHA18adfd3ddfeb19265c612cf5bdaa983978cfc0ec7
SHA256ce319545c6c5193cfc73a61f3b16a85c68881ac9842549409177b0a12c071a28
SHA512b4fe30b2a5c547df4367560fea901b2106afc71a4d1efd884e9395247befa4eac3807adfa086ae303de635f8dad3e99a93900db8748d28c787a9204ab73dc871
-
Filesize
180KB
MD595f5743b13984b0cbfa406876809fa78
SHA18098f3b274b0116a448e29c7244ce2b429b1ab4b
SHA256e996c0241b62a71fc9ebdeb637dd7e49831751d8c68ea323604e0c1f0785beda
SHA512ac648960146e65918bea51b7b9876c7969f80c86c2bb56e64b0c1a5200ff051003d670fc594c6ae385f9507cac9627b4bc1e2b601cfd26f16dfb88b8ee056392
-
Filesize
180KB
MD5bd917bbc4480b020f3777158e704a9d9
SHA17f73beda727c66fccabcb07c33c4179d0ae50696
SHA2563a13241e3b8c2582762ec1f4b2cd18656c657d60a18b229094138667268f0c40
SHA512a29d1175847e471ff1e6b16680748ba8c59ea53a0f58d400b33fd705731eab3f64cbd965dc71e89c579f950a4d6b253162410b98ea3cb8a63defa556e38fb976
-
Filesize
180KB
MD5c9e9f123dd202547eda5e0b55addd455
SHA171f1a9af20c93b2910f9f6c0fb9db85845508751
SHA256d6ca3216283892ebab7547bea0dc145975f19d95fe158370ab6b6f4088fe10ab
SHA5127b50f2e926c65582ef8c43f1a9b7ef41e696544c5aee09dbd5fc0f34f8da100c73122b9047e998be297663f6219be5769ea9d1298be0dd612fcea60815f07e1a
-
Filesize
180KB
MD5f90eeffa2dcecb90cbc24a7d3c2f126e
SHA1685a126d4d9783cbb196a04a3b7c8295c98ace2f
SHA25639f5642d0e1dcd9ee22196192fd289fa07749f46c3e873e67d08651d2744258e
SHA512dcbff34af33c1023c18b327ae2a09bbfec649ebf94362688171dccb6914f1393b12f2f164bec5b197a2767c54ff6edb3d0426990f9ed8996622a785f3c0611b1
-
Filesize
180KB
MD5a873587922d18f749c83727968d1e75b
SHA1de5562ed2c6923d13576d3df3a386800e17892d1
SHA256a8cff37a01db23be0eae2f5d58399282e89879536c5800a2bb7b5aab4372b18a
SHA5120e9d1abf1befe8a6fb58044e092e9cee445ba5447f5b7cbd74ca24e5c1dfe96efdf0ff9d7e0a5bf2d5fd369e448973513309246cfecedf8ddad828146d5e843b
-
Filesize
180KB
MD5046530bbaa7d5651ad8ebc05c0887c2a
SHA12899d3dc156b78e92353f5cc96e7dcb2df57f43e
SHA2567cf3d89b536aa8d484cb6db40358b20410b7d6f48e6285b05e8e74cdcfccf66f
SHA512421670555039379a0e62f9fc35ca5cfd45b09cbdb43a6e5c70697429f8ded255ad7a1f2d308637eeba7e2968765f9bedbd79057c1eb256e7f5dd23f0b5aa4a74
-
Filesize
180KB
MD5a83f0d4fde64e85ecede269bf6947182
SHA1be1c0132561713a06de04645b949af8950f7f0a2
SHA2566b508618648e6bb3ddcc313afe34dfd9da87fbae9d6196214888f28b7a617f51
SHA51263f88efccdc14eb8ba98eeff458b97a54a243134a7514ca9cdf3b5b5a87b55240a458c0c48515857f4a6a1d96686b549184ac6a04b4ebc70400752905fa876d5
-
Filesize
180KB
MD52afb7971ec72186e9b86db720a225e9c
SHA1e8f9acf5535a75ef0b3c1e88aac939b5ca036ada
SHA2563296973a64f25bbf18426e843bea80a528a86274bf7440f7fc16705442ad50cd
SHA512e257b8c93b8ea58afc3ff46f5c8f6362e33acd4aad1f39928f87928d44beeeced3c0aad3aa326398e6246f5d7c3d04683da6d59a58a303fadd0ed7bb0def5777
-
Filesize
180KB
MD5f1387c06e08177176b674ee58740104d
SHA10d3cef3ca1c032578d0b65ea7ecb12e48157ef21
SHA256d8c38468ec11ccbf56fc162604d3aac96aa8202f1b1a24083d40d06f424fd66f
SHA51252e22721771d5e6c7d3c3c0c7ab2e048e7f2dc22c3ad5c171af096a9fd496ef4fa06432a0f7e69e93056b31f650daf6ce2f50560442fa7761be58f6be627c0ba