Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
11/02/2024, 13:34
General
-
Target
2024-02-11_8d258646807568a133177ae894ec4019_goldeneye.exe
-
Size
197KB
-
MD5
8d258646807568a133177ae894ec4019
-
SHA1
92e35ae009764fc31fc44d6de546dfde293d3d57
-
SHA256
5be47f6cfa23c963c5c5b95cf30bf4d5822fa55df5b629858e6b0b681c0b2c6f
-
SHA512
01be30b5536ed9ab5c331871e0b9fec9c0daab8b4e23ab5d3bc33df9cb76bdd0da37cfa98af61d23b429efa6174a803a9612a1aa8c2d908a13e9e377a8be4333
-
SSDEEP
3072:jEGh0oel+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGklEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-11_8d258646807568a133177ae894ec4019_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-11_8d258646807568a133177ae894ec4019_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DC6CAF4E-AFF2-425d-A241-9089A99B7E66}.exeC:\Windows\{DC6CAF4E-AFF2-425d-A241-9089A99B7E66}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{042AF6B2-5A0C-4c50-A749-08A7CC38B84F}.exeC:\Windows\{042AF6B2-5A0C-4c50-A749-08A7CC38B84F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{042AF~1.EXE > nul4⤵
-
-
C:\Windows\{90DBC6F7-F571-4328-A1F1-9C31FB1B9457}.exeC:\Windows\{90DBC6F7-F571-4328-A1F1-9C31FB1B9457}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B93B409B-DE50-4a6b-B2FA-71891C83A62E}.exeC:\Windows\{B93B409B-DE50-4a6b-B2FA-71891C83A62E}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{68434D02-64E7-45d7-A7E9-8BFA31F7531B}.exeC:\Windows\{68434D02-64E7-45d7-A7E9-8BFA31F7531B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{09B92D3F-5244-463c-90E5-7527742197B3}.exeC:\Windows\{09B92D3F-5244-463c-90E5-7527742197B3}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C981D3A7-27D8-4da8-AF72-9069200D44CD}.exeC:\Windows\{C981D3A7-27D8-4da8-AF72-9069200D44CD}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA7C71D2-999F-4fe4-BB4E-E5E49C363569}.exeC:\Windows\{CA7C71D2-999F-4fe4-BB4E-E5E49C363569}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9307A8B2-8D7F-480f-9760-A84BC64FFAAC}.exeC:\Windows\{9307A8B2-8D7F-480f-9760-A84BC64FFAAC}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D76756A1-675A-4370-83E5-D4DFC0F67AC3}.exeC:\Windows\{D76756A1-675A-4370-83E5-D4DFC0F67AC3}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EFA06B3F-99CE-4622-9D5A-CC8461455C87}.exeC:\Windows\{EFA06B3F-99CE-4622-9D5A-CC8461455C87}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EFA06~1.EXE > nul13⤵
-
-
C:\Windows\{E736341C-1F8F-462e-837D-291DF0C336D9}.exeC:\Windows\{E736341C-1F8F-462e-837D-291DF0C336D9}.exe13⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7675~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9307A~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA7C7~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C981D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{09B92~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68434~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B93B4~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90DBC~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DC6CA~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5c72182e577080eba23f3e24b3737a597
SHA1df79a9b4c85ae27689b3e704454a14f1ddb14e70
SHA25632331152f0d0c5ed47e23462b2f1893faee01ccfe86850c1196f36a7085a53a0
SHA5128bfa1e8a452d8944f021e038ae25593f4a45e158fd29feee7911554f832c34907e0d4298d7ddb709de63ea3e00d74567865fcef160d06dae93654f31324280a2
-
Filesize
197KB
MD58718d18f23ea60e7777a381aca348af9
SHA1cc3c1b7e325f66dec7cae9b74fbac6fa904b0ad8
SHA256bb389ba863b4a2268d5eb6304aee82077e4b9fff7be241655ff4cb052772ccfe
SHA51286c3c96195c402df26630197d995b330cc68b4f817f0aff9e58f80af8a9a7c08d2b3d4fc7b6b9b484b95aed11ee727d9919af5d0ae58cac9b2bd8dab60c0dd8c
-
Filesize
197KB
MD544844ae4b8a9ba16e7118d66c6113c6c
SHA17be8c581b22132c458b3f286673811f45fcdcb6d
SHA2567a895edd493016c2de7cdeb46028b9e6c824e68f7af3467a406c68410e22f0df
SHA512aa23d08a8931d4b8e8103eb22474abe66e3a7e774bc3f23538aca4175c35c0cb8e216589041d3db9e1dd539b8940b5efca5c125a9d65a41ed3da64412a2f7ef2
-
Filesize
197KB
MD50b16ad064ffb386148e1d04dc963defd
SHA1568ff82e6f510ad849a1c70162b3010f3047b26d
SHA2563ed1df555b8c616386de2ff0adb8694afdcadbcb8dd4259d6a6ebdea0e0c709a
SHA5127a449a71f6c83f1efc78687f18f5ef82382ddf8c92c6da50964234c4b7c7f1aea5f909539537b111a306fd0098921f44068810aab05224ac9cd0e61f5a4ef8e1
-
Filesize
197KB
MD560b28596c33bbad4f56154bb1c94ad68
SHA1bf3941cb165750fe93dd121f8f06ebe5637c2dd3
SHA25640e06aa2ff9dc07fa2b3084666c31f7ffefb63f24d6c0bdd7fd8c554d829903f
SHA5123807271c2765d554da1396d66468ad29aee5ee2665c71a4cc9d0fc30e3d38f3e22824f55d871baf5ee7e205177856e93fa079ae85cabddaec4074f66b58e0617
-
Filesize
197KB
MD5c955fd2ec873feb1c73a208fc455a098
SHA152cf7771b67bcf015d6dfd468b80b48def9f72e7
SHA2561bda969045613e0f38df0a27bc2fff39274479f716630998eccea43213ff492d
SHA512480a64172fed6378e891fde329bebc7d83f268346d84c726c8e6e01716d51e80238b6a99050d61632762a26e147f85249e0b358ee19133dcb306b737c59ef510
-
Filesize
197KB
MD55f86d4eb8b1a4494acf59ef9d59de66a
SHA1eb4047fb93c8d421a7695e712ffdc3a721f583e1
SHA2563f6e417bf414d0c1cda9c0a73cb328a8a81a5e73626a3c931c07449adb9335af
SHA512b965919c609b2fd503032f61b77cbcad06835c23018c52e678647b7b0863e83462797b9f9f7e7f904c42d8ebc37079a912f6da9743f1ebb4a282f7af9083163c
-
Filesize
197KB
MD5b18e608eb3991a75d382315238631ac5
SHA18da1e8dc3c24f2ba9bb18056f14dd6b9e6af7896
SHA2563f51eea2ef6233b546ecd9cb1b8c862305a66efacab481266163a51ba825bc98
SHA5121877859f4a7a00c52bc51830babc203f662c627ef029975706c5a266a7c4238e2fe9e7595117d6aaf0aba1b1bd568c81710cb82b7415bf1a444e575b35710796
-
Filesize
197KB
MD578e83cda2c39c3a30ef36ecc8bd140b6
SHA1cac94757ca45f75acd951d0dc6f04c42ef4dd465
SHA256f19bba0129bf5ac0058cae053f9502309fc84d0f3171a4037892dcc42988a48a
SHA512e8a143e53d2f67482ded0c9827defe429149f1397d008b5bbeec354546498acaac6e5d6676028b66fcfd4db4914d8e00c94f38f7a9aa711dcf2ba66950fd5cee
-
Filesize
197KB
MD5808a3a5291ca5e3bb6dca02f6273a482
SHA1a090faea33ab91735ea32254a927e67a3354ae65
SHA2567e7ac08f67ac1ca6d8ae4ca5e5ae61710cc72e3a09823c4d73be51969d13adb8
SHA5123d272185650fdefc06ff0a3bddbf15eefbfd2e8d6b2323739ffe2eb75fb9d25852cb2975af708bd36e7a2ef9fd8a00aee73a480c4063653b0761bf0f77b60696
-
Filesize
196KB
MD523e5a62cf797af50547692e25665365d
SHA10def5306765c5e67d13ee635a6285958746ca527
SHA25612d059d74926037094b79944684016f1b822a01575aa7df2a84beb4bfa0567d3
SHA512d61d81994e27c5fe60b526fc0da2dc26834d759b00c4faacbe17d0f53b245088686ca64b7efc56c835bf2241e384fc65940a8380a53721315c0aee4a396fdce6
-
Filesize
93KB
MD510f37220cefab76d84acce41da7cb736
SHA18a987aee22e1a6a43667d223c636a47835826155
SHA2560b956cc4b3d9ff354d154fc02e3d3c66a7b4ee692cf399156f3aa89251ae5316
SHA512d490194f8f35133518dfe986004f1e50a1d333a3b74315b5755b8fbb7896457a36222f183dacfc346be8f00f35d5496dde4f3729364b0afb60fd4ea6c14fddb7
-
Filesize
197KB
MD5d5a95b4f49443c3f003885c6f7ce77c4
SHA1844bb481b57ea517bb81e959a5a788fad5b7fc3f
SHA256a2a6b3d278485c7069baf5a32ea8dffd48d1784d44d6827c5ac0138431b252bc
SHA512c0bf5cca26bce179751f26796b5c6ea31168b2819bfa81cc1d8e4d6d96bb66ac00517275533d30f5391411d462c661444e66c735f53d8992b10fef1208c98e71