Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
01/02/2024, 09:13
General
-
Target
2024-02-01_78cbcd75e6c4e88a09a884deafcf91ea_goldeneye.exe
-
Size
192KB
-
MD5
78cbcd75e6c4e88a09a884deafcf91ea
-
SHA1
5216368a125b0ea31c8e846c3def2e1343569781
-
SHA256
2f900865acdf9afcb741c5a3c0e0412486029271d37ea5b76c49a4d4ac6272f3
-
SHA512
9961a4aba89b809a500df1d46b9e4748419d2af172a0bffd8bba29cd8312ea66769829473031731378ba2324e98b54a5fd429e2c8b738276634268c199ef1c88
-
SSDEEP
1536:1EGh0oJl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0oJl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_78cbcd75e6c4e88a09a884deafcf91ea_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-01_78cbcd75e6c4e88a09a884deafcf91ea_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{86E30E4D-BD4F-4415-A01A-DB2719F4058F}.exeC:\Windows\{86E30E4D-BD4F-4415-A01A-DB2719F4058F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{86E30~1.EXE > nul3⤵
-
-
C:\Windows\{3B78DC48-7126-4270-9061-8F352E57A6E4}.exeC:\Windows\{3B78DC48-7126-4270-9061-8F352E57A6E4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B78D~1.EXE > nul4⤵
-
-
C:\Windows\{281AEA18-8E66-472c-ADEB-3E4F5053B8D3}.exeC:\Windows\{281AEA18-8E66-472c-ADEB-3E4F5053B8D3}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CBBD1D72-5A4B-43cd-B26F-5B728E02B7E0}.exeC:\Windows\{CBBD1D72-5A4B-43cd-B26F-5B728E02B7E0}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{47D05E3C-8CC8-482e-8F73-32619226292E}.exeC:\Windows\{47D05E3C-8CC8-482e-8F73-32619226292E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{47D05~1.EXE > nul7⤵
-
-
C:\Windows\{17000271-B611-4b2f-90B1-4AE4E715F6FA}.exeC:\Windows\{17000271-B611-4b2f-90B1-4AE4E715F6FA}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{38F6DEA8-1459-4d07-8C72-24769D2C9DD1}.exeC:\Windows\{38F6DEA8-1459-4d07-8C72-24769D2C9DD1}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{17DF028F-DC73-4d51-ABE4-09F40E52FE1A}.exeC:\Windows\{17DF028F-DC73-4d51-ABE4-09F40E52FE1A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{17DF0~1.EXE > nul10⤵
-
-
C:\Windows\{79637051-AFC5-471a-B396-B23CCE26D905}.exeC:\Windows\{79637051-AFC5-471a-B396-B23CCE26D905}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4110594F-13E0-4db8-9187-29097C30E5DE}.exeC:\Windows\{4110594F-13E0-4db8-9187-29097C30E5DE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5BC4947D-454F-4b20-A7E3-B1016BF40754}.exeC:\Windows\{5BC4947D-454F-4b20-A7E3-B1016BF40754}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{73B06912-9E94-430e-8AB7-6B68F8DD1115}.exeC:\Windows\{73B06912-9E94-430e-8AB7-6B68F8DD1115}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5BC49~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{41105~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79637~1.EXE > nul11⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{38F6D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{17000~1.EXE > nul8⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CBBD1~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{281AE~1.EXE > nul5⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD5930d04fb7447cd9c79a8e802e119ac0f
SHA149eb8a117d29fa52cc7b34d8204a35546467b6a4
SHA2568913dcbd366a11fe1d3d1557f48670c5fd7bc54cabca2517dc0ed4e1375c07e5
SHA5121a38334ff5f722fe92a9cb1c5dbe067b08009efffa98521903830895b944f692d6ead12d9c5fd89dd411138ebd581c9edac2f9ff3098d6744ee9d22683d18d78
-
Filesize
192KB
MD58aa24f29b7a5f9aa162dd0a06a5edd07
SHA19365e099d77af4a668a780e3166e65e2ae9855f9
SHA2568aa6a70b3bcef344e7ccf304068e33916d440d2efb77825117f6862670bfe666
SHA512cadcd187f3367c7afe4b0e65c971b7d43d7786584817811201127d53bf2695ef1123ab9f1c8e6644a4dad69165c7683f922d6f589a8097b7d09623e2e950ef61
-
Filesize
192KB
MD5a3af708da4d31ab80682a907695d2d2e
SHA1e6a814a3d970a7b00ff382e58ad55393d5fec643
SHA256595f8eb972935bf0437a1a55163b49ffe772e1febf17069e8c64134b7e7b25b5
SHA5124e2b384134bdb173f9d3032a26e55346611c1ccfda63c7830840beb72ce8276f8a56e70d33377486076488b380cca8ef6298f782d9fac8fcb65947668779966f
-
Filesize
192KB
MD5ea3435a38e725832a6e5639144909c49
SHA172dab84df4eac335f4de25c8bf59500aeed8e0bc
SHA256fc9758911629462cfe46ad3ce8cf45d944b175616958353b9f19f022574fa459
SHA51259c53243bb0bd5f4e24cbd9340b165cb92550b7426e2d4964f358c5437baf5905420cf92e49f2573d07eb7245453d64cf260f63a7fd13e8bf70a81af36fb9a1c
-
Filesize
192KB
MD59230f8fb6ebd32008461e587f7b025ef
SHA179ed4c7aa13edee7543b1c62584225c58f58ab3f
SHA25616ca061ee12d021fbfc456913edc1503a8566ead455376273887153c2ac9b68f
SHA512d77f84c4c42553a6217adc233e7bb9ad8081d648efafea96c7c3bc10512b20b6910fc6e4871a27d560a74311b00a86c9dbd11c63bf37612f78867fcec095549b
-
Filesize
192KB
MD57f665983a3cef8b6d0397b7f572bd80e
SHA16937f66adf9af8e8839155e3d50fa70100f22c46
SHA256976bc20147a3c2195df7a3ff480c6d4e5373b2a4b1e2cf0bf229d7e6254fbc19
SHA512ee6d65345fbc001d9a7b6d7971dce704d233ae820f1930fa882520f7780782c90084d928faad2a75f80033490b7978e5abddc440e7688577b05a0a1784f50303
-
Filesize
192KB
MD54bd47e6a7f2546e5fcc799778e10b8ea
SHA18610687a22e8ebfa948662cfab8222b4af4a1869
SHA256db21265572bcd873b70638cc1230e55e6ec58979119c8e0f22ca691f107d661a
SHA5125694cc9e948b64e44156f5cd555fe2e95dab33b22e7947ebde4b8539f96ba95811f5e2a56be573979dbe55f7ef7ddc1a6d01a030a9f17c2fa1f29963876423ad
-
Filesize
192KB
MD5a9ef83e865e2c3c65f9098dff6d34f00
SHA14e892c68beda5ca7bdca19d16673724633ca2944
SHA256c2ff38c92294caf240c4aaee78b88a4a45aa6f213433ba167babbbdc2f99cc96
SHA5128d049e5e54fab7950938ebc2ba4e3700e1813c142cc7d1e735e493535cdc184c468786fda284474cc65a089a9efb3f145d8ffe0725a7b8b36463b75ffb70fe4b
-
Filesize
192KB
MD57eb95ad9266ea44d0e06de46e11b2c5c
SHA1a893e51bb1d5c4fe76f849feb1d075264099ce7d
SHA256a3312910bd44fbe3b34d16e4b20f0db2e8e1407294e7bac2cc0e3b7ed8d63c86
SHA512d6fb1de6be431243c368a3949255d5a545151668bdf06ae07eb244d1fb768a4dee2e4af33e2c23706cec63876f5a2a76efce4fc8c9abd61dd40cba242168a3a9
-
Filesize
192KB
MD5c04eec6ee3031135cfcdb218fd93e3e4
SHA197356690fa04f42496fbe0d453cedf0ddceb9805
SHA256a8b2f08c35dd0fcc5072941d6ac2a9e26c7fd3453564bd916be3e0800fa4a955
SHA512d4bc36722803c1ae9eef5674303d461b037689eea3739bce8b49bdc3305156d7aa9d63af1f2839a8153ac72ab4c37ee4ad4e9b52946328edf8310f5e0adad44d
-
Filesize
192KB
MD59715df829f644800b8af1efa178ab297
SHA1c0f2b58714f34f4b712ed8150d447d8795cbae99
SHA256fe9a67f0a8b70aae4a2e698e8138c95e8bf5285ab17f62d5facdbc4918332fd4
SHA512af60ff2559216d2500ce01235d6b09bfaf4e188d03e99a58d3a36fd06c3eef93dd0c000c20d2a6bce884ff2a7e7d965baba6a0666ac931748dd0099ee58587a1
-
Filesize
192KB
MD5494f717b046eebfc1016384f60cdaeec
SHA1f8a69a88a7647a9544eadf864608c6bc2015b1e9
SHA2566c731a2a058bd5d255d33fd6bfa31d9def536e4be2feba385aa51d6ebc0236e3
SHA5122603a71d87fb4830bd0f3c2e1cd03e66d4c74af926b79bec3fa44f4ba0c408c7becfcda94432a8eebe95571f8abb029318b8843df130764b215c0d0e33abdae0