Analysis
-
max time kernel
156s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
12/02/2024, 06:12
General
-
Target
2024-02-12_ebb4139bb66669a1d18ab98ffc823485_goldeneye.exe
-
Size
180KB
-
MD5
ebb4139bb66669a1d18ab98ffc823485
-
SHA1
21072d5b896d370d88a1bee68b5ce6e08b78b580
-
SHA256
f46c8797f741fa69370e7cd3af92d66d44b5e1364327fb81d0f21e0257995b90
-
SHA512
18f5649d04615837053ec01c36f7b00fc0be6dfce59ce8b540d6d471d95561f55d4c22a1d28fcf534b6e746f3ceac3e6ee6b35b44e828d7ed6650f99864e154e
-
SSDEEP
3072:jEGh0o3lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGVl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_ebb4139bb66669a1d18ab98ffc823485_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_ebb4139bb66669a1d18ab98ffc823485_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A7A16C71-3F84-400b-89EF-2A671E22BAF1}.exeC:\Windows\{A7A16C71-3F84-400b-89EF-2A671E22BAF1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3CF027DA-F786-4899-B1E5-B6D4DB1B31FA}.exeC:\Windows\{3CF027DA-F786-4899-B1E5-B6D4DB1B31FA}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5BCD1FC5-2900-4d83-8DBB-A767717A7518}.exeC:\Windows\{5BCD1FC5-2900-4d83-8DBB-A767717A7518}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{242EDDE9-E3F9-41c2-B993-B935CE8B94AB}.exeC:\Windows\{242EDDE9-E3F9-41c2-B993-B935CE8B94AB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2D22F416-466A-4b5e-AA14-87E67A6A97E5}.exeC:\Windows\{2D22F416-466A-4b5e-AA14-87E67A6A97E5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{709B517D-4FE3-439a-9DDE-01DFCE7AA778}.exeC:\Windows\{709B517D-4FE3-439a-9DDE-01DFCE7AA778}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0538E112-6800-45d9-AF8F-5993AD91358A}.exeC:\Windows\{0538E112-6800-45d9-AF8F-5993AD91358A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4FDF65A2-EC30-43cd-9AEE-BA33725D0675}.exeC:\Windows\{4FDF65A2-EC30-43cd-9AEE-BA33725D0675}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4FDF6~1.EXE > nul10⤵
-
-
C:\Windows\{9D92428F-25D9-42a9-8081-77088C0CB679}.exeC:\Windows\{9D92428F-25D9-42a9-8081-77088C0CB679}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C3FD02A5-C392-418c-9C24-7C915E9BC5C6}.exeC:\Windows\{C3FD02A5-C392-418c-9C24-7C915E9BC5C6}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DBBBF544-8F78-463c-8EA1-4D97DAFD9D01}.exeC:\Windows\{DBBBF544-8F78-463c-8EA1-4D97DAFD9D01}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{AB63F225-AA06-4165-9D40-20C0F9001D92}.exeC:\Windows\{AB63F225-AA06-4165-9D40-20C0F9001D92}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DBBBF~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3FD0~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D924~1.EXE > nul11⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0538E~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{709B5~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D22F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{242ED~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5BCD1~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3CF02~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A7A16~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD50f3d21fdac38333f50437f61e373804d
SHA19234fd29558a6bf33a3329f4abccce8caca75d76
SHA2566920ec7d7f0b283f26e169c4b5d78c8ee8e37a7f563d2be5ba19cb1eeb9ff874
SHA5123e2bad421c7c615f86292c5ac8ea6363fb3a75b98729402ee8a2b5c0649cf32de67691ae4dcdee349c048c346cd479e58b44c133a451768985d6b4229a7059c2
-
Filesize
180KB
MD5545646d5c14da226147e27e6f7402952
SHA170339ce4b22b5bc1ca986327e7b1d0edd18a5156
SHA2564237b41335378baa6d78a0fbf95d66e07bb4d7490fc9967e021090d0f7ed4dee
SHA512b38b413708203a5a15d4ca6ef9c3b0c925e7401f095a98d21e69d453c8490fe7c20470b02a3ab74a35ee41e8c853886a2726572d1e1c0d334519d56869470ab8
-
Filesize
180KB
MD5dde29e4a77092104d015008ec1393dc6
SHA11f85c5012d289fc6382809ff7498129168cb6b8f
SHA256b882996e6f3912053e321ac88195d2850e1609ee9ceaf9622859403cb2488a8d
SHA512bcffe96264cc3350488e4524d8701a93e2f9409fbf13466816dc7d143b30138ff2227e274ab8a8bc7065bd5eb32b35cbc20d298eebf0fdba622992526bdc1ac0
-
Filesize
180KB
MD51be5dccc9895a24f19ab5e3a94b8c295
SHA1630f1c5e1c3ffa147a3539b0b063724e9a6f4178
SHA25662826c958c001943baf4eb3bc986fffeec151b31440e53862e1f2f141fb6e0f8
SHA5122af9d9f70281c37571dcf5e6ee4197d526d83503ca6017f7f258376b25aa7dadc17281756f2d4792ee1e55a20e34cfd4763a2f7a8ea9d5666527325b57ea355e
-
Filesize
180KB
MD5174a51394234435abb0f60c468dbdcfb
SHA1206925ab6972a2fab9d66ede946d78341e685f23
SHA256207a8a679094b0f2967d85076eaef5078ac2a1e6a1d43537dd31429d7c1bff96
SHA51278ef2a77d90c7668e7d6cd514d960aa8ea15b04bf51eae9d3f093e3a01fbf9540825ee2c405e17ec7f60b775c051ba8ead2f5ed8b57a330278a62db81066b00c
-
Filesize
180KB
MD560567c144d38f7e9e2ef2d46e3ae8bac
SHA1a7c5787b10f2b1f2d1cb7ee0eea540ce7fcada5f
SHA25616eaa98d6790dd95dd4a1da40d0e94dc1204ef80c4c5ee1b74179c9d06a6b08d
SHA512ee58cc4104021c5212c3aa75ce194c77acd9698ca81203db69b136d65ad3073ac2a0e61ee429b7a3d6990897991d183cc6b26bb7c11d5e62ddaea0c8c664d291
-
Filesize
180KB
MD56dc2af7f0673fefdf6b830aff5dbb5ef
SHA1e538af6b0104166528aa8769d0067fd61f906c88
SHA25611d6606054bfdf6b0d821ff230a58437a998ec892df0119c2580678c0508269b
SHA51207464d4900c6ee08d958ffbdb2c05a4c88863f527308b998391c5a8efaa18affa24ffbaecbd59e66c646c51a6061067b47b59fe422c120db4b3271c6445680e6
-
Filesize
180KB
MD5cd56f5ff051bff428afa6a565c81e69a
SHA1304484e8dd9ae9898058cd1ab3158ed87f5e7391
SHA2560c440f44fe7e6f676b570990130f86bd991692cab206e65f592dd8e32abcf099
SHA51285004127c28e6b8350f58a9ce24ca8741a016b539bafaf6c81a86bca99434de880dea6e8a8c5602165ddf000a60d6525c7d4813d9a717a5483d62e1b959eac54
-
Filesize
180KB
MD5a8e60be83bb0b25388a8600ea330e6d6
SHA156c752007950fb4a208765fe1b8fcbf46696fb03
SHA2560116b61080a289bbee93fa215c93d6e3326e75c82285a1189e11ac6092af3756
SHA5125d96b5b134302c56ac9b1617beac375467521b8998f14b76b686d7119212efd17ff0ac1e5570acc19eb6d5f79796e6fcc76f86833749dc6b857f9db86b3debbb
-
Filesize
180KB
MD5176ebe607f1003f3b9413128a4fe0b9b
SHA14466b60fe6611a6e7ff06485199d8ba849e8d701
SHA25672f66508d8cc9f71326bd63e10a7fcb576937430e7e50b302888b12013f569a8
SHA5122657d09f2ab0ed530a148c231db99aa41e785848422d16f2a0a41abda987a5067dc82ba2491e9900122597892f7468e26fe94fc991f85ab9ff5f45c08149890a
-
Filesize
180KB
MD5fddb60ce6dc927b3090f3b4c34e15617
SHA118c452c05fa9d3b50b4ddacdca3dcb216caa2b27
SHA2561ba7a42417a23a3c07eeeacce3de29bfebde4a9365bf90d88d4eca0a8f5835db
SHA51294bc487b06274b804858f68c66558c8aebd4b9a45b572f6bf7c46de1acd8ca9cf53e624a692e3e2240f276bccb61ee16d23825713c6202192b80edcd4a97a133
-
Filesize
180KB
MD58784e65b94e9e5e7325edd749aaf0a8d
SHA1127b75337a616ec0ae94176e133b7d691b684922
SHA2564362ff30459bad72501489113b733259b0c0c78055d4812606c2618103581ee3
SHA5129d08e05a7003e1f7bfe8182dfcb6e10efd2fd27c62cef41bc1f55c8989201c73c131c5358f2af82962337bde2a71d8bfacea2eb0425226d98b3f5a77d0a95dcc