Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/01/2024, 11:45
General
-
Target
2024-01-29_cb665dd1294543a9d393349cd8627262_goldeneye.exe
-
Size
197KB
-
MD5
cb665dd1294543a9d393349cd8627262
-
SHA1
3cb34170ce4585381cf725c5f4faf16c11abd5a2
-
SHA256
576b5f70cebe56e6cdb1780185193999a4643c32b9f0c401790b1d9b3389d836
-
SHA512
282b4a531114fab0ebc7eff29893c02620431d186cbd80e3f9516c2a7506fba9794d95ee3870f9377740d34ee2228b3117bb6937a5fad61f8bfb33f9946ea3a7
-
SSDEEP
3072:jEGh0o2l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGslEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-29_cb665dd1294543a9d393349cd8627262_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-29_cb665dd1294543a9d393349cd8627262_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D7C34473-EAA2-4724-B898-86EEF3D5371A}.exeC:\Windows\{D7C34473-EAA2-4724-B898-86EEF3D5371A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{80D39051-F0DA-40fe-B207-E1855EB71A35}.exeC:\Windows\{80D39051-F0DA-40fe-B207-E1855EB71A35}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80D39~1.EXE > nul4⤵
-
-
C:\Windows\{18E5B929-1327-49e7-A6A5-7B00D8706720}.exeC:\Windows\{18E5B929-1327-49e7-A6A5-7B00D8706720}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7532ADA6-C7CD-4e10-A377-4339BD4F8FB1}.exeC:\Windows\{7532ADA6-C7CD-4e10-A377-4339BD4F8FB1}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0FB35E47-3BD0-4bdc-929D-073CFEFD3B2A}.exeC:\Windows\{0FB35E47-3BD0-4bdc-929D-073CFEFD3B2A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{88A624B7-C5E4-44c9-9792-558F17A35E0D}.exeC:\Windows\{88A624B7-C5E4-44c9-9792-558F17A35E0D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E1242877-86F9-450a-A7D6-E75F21798D29}.exeC:\Windows\{E1242877-86F9-450a-A7D6-E75F21798D29}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{300E3654-6906-48f1-8A59-73D15DC86E4E}.exeC:\Windows\{300E3654-6906-48f1-8A59-73D15DC86E4E}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F92C03E1-D942-469a-A662-7CC96CA659FA}.exeC:\Windows\{F92C03E1-D942-469a-A662-7CC96CA659FA}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8EE3E439-4C2E-412f-9021-50E96691F063}.exeC:\Windows\{8EE3E439-4C2E-412f-9021-50E96691F063}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8EE3E~1.EXE > nul12⤵
-
-
C:\Windows\{414F4F47-769F-4120-8519-30D60F6FD6D0}.exeC:\Windows\{414F4F47-769F-4120-8519-30D60F6FD6D0}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4B81CFA4-6A06-4459-A22C-ED34B69116E5}.exeC:\Windows\{4B81CFA4-6A06-4459-A22C-ED34B69116E5}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{414F4~1.EXE > nul13⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F92C0~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{300E3~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E1242~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{88A62~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0FB35~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7532A~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18E5B~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7C34~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5d3f905d51004d461cbdf51df65eb7ae7
SHA1793c61d24a8819675f50cfdfb7364c813b68bddd
SHA25603608966d5c77d696411248058a8356c2370a66c6eed62c5520467bdbcb89877
SHA512aedbe04b3eba0f507f5fb51a1bd670e34ac73f50cdf55c32f3c5b600d98cf95629a5da093e1e705d04af6ee429fa9d8672ae517b3476f91b45e8c5cd2875724f
-
Filesize
197KB
MD5682e434bfb3b98460d7782563145a163
SHA12ad167dd03e5d73f9e4ba05240f5716401d6ca5c
SHA2567475b06ee66ef0202a96c3f271a4a5e5f308fd6821b7f81eb0d335b529bf6955
SHA512db10db96773a160411463913e928e8fb4a43df3d5f6e7a0d35059387f4b4e94b2c9fe7921d84b491fe8b271b04024018ed9fb8f55c5b7cf787ba6090bf8e64a6
-
Filesize
197KB
MD5c022b45da2fc990733780c9401005c9b
SHA1b68abdff60fce940f0dd1a1977f65295268d76af
SHA25645b72d1aca358a1d5a68d7a458ca7606e27df6790b7f9858cd187f49f3c380ac
SHA5126b852de3be3987d61b511ed41473d6fa32227b01d45e0c026e3ebda7b0e751f07f94eb7cad437054edfae1446cb88d35b784c860d78f4d2d259dec0a3894cd2d
-
Filesize
197KB
MD500a444c07122753e353741aa01c11fd1
SHA1efe752534309c560f2f59921fa3a45c5453a8b53
SHA25624af03f0df4c3dbe9ee4204c6ce1168725d3b32bcec2cd14e48634dc3a11d78b
SHA512bed9e4fcdc353eab61eca36fcbd280916f55f00d5c798c9df71474c42fcb065136ece5f49bf0e78d3d5d7a4bb43eca580b2364ef14ab5f8bf3a41610b21230c5
-
Filesize
197KB
MD5b5286d781792ecd5ba11821eed9429d1
SHA1b0923ec9a22a2eefb42cae680f0e2020aba47bd1
SHA256497cba2b8542a4c2d59e15b82c7e35b0bf771211ba36c91fe04de145b24b303c
SHA51202f75f9f9fa15d2fc1acaa1bc6153a76e85bdf246a8ce243088676766506bad0fde44a0d25cdb87198fedae7da362ec9f891e4c094fda7ca92eacb5a4130620c
-
Filesize
197KB
MD5160a9b3f2448d1ffcfdf383fa5f94635
SHA126cebdcbfd59f7e2414bb824c1b3595271c9647a
SHA2566de773e42e7b73f8ca77dcd790e0533db319b22f461feed0074279919f82e03f
SHA5129dc792998d92b4038f850e6016a3855b9d2108deeecd8bc0199d642b602afcd7d0c20d6dd67481f0644c68e9af5d9625c7a945e7913dea0d74ca1885f91ff83c
-
Filesize
197KB
MD5c182506dbfbaa489ebbf042f093f307e
SHA15a542a1b275d5685a2f0a52c69da87e48762e877
SHA2562bc8c5ba62277e2e354a0aac2e252f3ee25c036d8c32c334edb0941593a71579
SHA512fab017b780363cc76398d7c46dadd528f26bf24e9287c35813a35caa70cf8207a9ae06189cf7d5edd7b6f3504188e09795bc5465b63912f188230f76f36d9826
-
Filesize
197KB
MD5208b159d7bd8c911cf2f3d8a4fde90b9
SHA18398a8aa23955ac500396ebceeb8e7768b1836fd
SHA2562f2e3d298a4c0d6497939f2777fcd4f0d679f111243e78c00eb20550f0b226ce
SHA512259d5ed7285337a2d286802a90ae54a908d10e1239a763b211c463d925ba8526b9ac8530aeef3b9f5e05a879aa76f03353fbe2f4965e67c59df12f4b9ffbb957
-
Filesize
197KB
MD5f9d488996d369ffc84152a0600afa746
SHA16243a558e1e519e77ff47c83174ae28504d46888
SHA2562e3a1fe0259355185ac747da1538492334cf49f52dee8c21a2356e3d27139c2d
SHA512296070562d97273620a09d24e670e3648d2ca1614d476baed1b320bc2061a654dace85a5ecd76c03ca00e712925b9c02b2e7e63664f280adecfa198267a78e6d
-
Filesize
197KB
MD5b191eeffc158ec770c927f8b06b8ebca
SHA1aea6029605f0c573a7ab0be4df8da6e6d8314cef
SHA2566b42bb741b75edd17ee870160496bfe30fd40b69ab77e247f2b419b701a9b9f5
SHA5121b1aa7f60c6e70110c6142aa8b8dc89c4f2f470e8aa30b0cc6e68692fe0f5c6d4d6f0983b26220bccb60e76bbdc078afbc8899398ad6190923e300af984cae09
-
Filesize
197KB
MD5d133339d96e401c67faa73b244fab311
SHA1f19a5d227c62cab4bda6357cc77450e0a8e1def1
SHA2562d915880ee4195fd624ede90f135c637ffa2e5094761ed4517031ddcf05d511c
SHA5126458dde18b90a9819563743ff5be57f53760f4723119ab9674a0c2abed731a90b8c7ee0ef39cb3b4c6e1ac7bf0f32ad39202eb68262d1799a1b09c8377c72087
-
Filesize
197KB
MD5e5e94bbbb4728c6d1fe3e9de13dcbc83
SHA1bef9bd099d36ba7144d32de77809e5e9b27f219a
SHA2567211c42129e4c4093e2fddd083e010d3aa5ccf0fea8bbdc50be65802a432f430
SHA512ec68aaf1e2a4200d1321e2091211bd9c78b50f1f3a63450538098ac89ec2dd955605fabf31fe0229c24562da66d89d37cea446de6dd39a5d1c9e33f20ba4cb79