Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
17/02/2024, 19:46
General
-
Target
2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe
-
Size
197KB
-
MD5
5485695f8bbc60562998d1755b1248ad
-
SHA1
ba77ee5ad1c669989a4788c0caa20fac70aff9cc
-
SHA256
520e7dd5ea39aa84c837fc3ec9ebfaeb5503d3e4400a0f77507e11ab809711c8
-
SHA512
43e4f71bcef2ba80cbbcd032120f0d6cb76e67df53b81f45e5864cec5c3902a88898f3e161936c807550db6f99a94edc3d27ade0f8ca83610be1a3178a9fcd15
-
SSDEEP
3072:jEGh0oWl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_5485695f8bbc60562998d1755b1248ad_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B744663C-D908-4786-975E-BCC2438F7341}.exeC:\Windows\{B744663C-D908-4786-975E-BCC2438F7341}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EE2DD947-A97D-4969-804E-029C25C7775A}.exeC:\Windows\{EE2DD947-A97D-4969-804E-029C25C7775A}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{09A8122B-39D6-4ac9-8D01-45AAF1854059}.exeC:\Windows\{09A8122B-39D6-4ac9-8D01-45AAF1854059}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CDB9B907-E61F-4c90-8F09-B8B3CF243665}.exeC:\Windows\{CDB9B907-E61F-4c90-8F09-B8B3CF243665}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{38FFE92F-67F9-47ab-9530-539394AA1161}.exeC:\Windows\{38FFE92F-67F9-47ab-9530-539394AA1161}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{04890196-498C-4385-943A-6426384A41AD}.exeC:\Windows\{04890196-498C-4385-943A-6426384A41AD}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{076BBC40-7236-45b2-8C0E-58D54E79B808}.exeC:\Windows\{076BBC40-7236-45b2-8C0E-58D54E79B808}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{076BB~1.EXE > nul9⤵
-
-
C:\Windows\{CE9D16FD-7469-4288-92C6-555A7C89CD54}.exeC:\Windows\{CE9D16FD-7469-4288-92C6-555A7C89CD54}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6497B3CA-5E05-494d-AFA1-A64F23DC4CAE}.exeC:\Windows\{6497B3CA-5E05-494d-AFA1-A64F23DC4CAE}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4DB301AB-25E3-4bd8-84DA-41DDEDCE62BF}.exeC:\Windows\{4DB301AB-25E3-4bd8-84DA-41DDEDCE62BF}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4DB30~1.EXE > nul12⤵
-
-
C:\Windows\{E394F1C6-7160-4601-80E6-7E9F76DADEEA}.exeC:\Windows\{E394F1C6-7160-4601-80E6-7E9F76DADEEA}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9F6046A8-1F3A-4948-B7C5-B573693930BE}.exeC:\Windows\{9F6046A8-1F3A-4948-B7C5-B573693930BE}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E394F~1.EXE > nul13⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6497B~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CE9D1~1.EXE > nul10⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{04890~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{38FFE~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CDB9B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{09A81~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EE2DD~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B7446~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5a115860b5b0d76f583f2d5fa575ec721
SHA126b19c0f25fa87726ea0b2cd054137ed2d5b8a6c
SHA256623d000b8912ba0bfe0929e0e45a6940ec3497d2bb956ad72f18e73116005892
SHA51254d9babbca76e7deb25ec6be441d7a31ed5105c8c3b2dcb01b0f7a56618a09e0faaa23b412b3a365db3cc1396a6438261c2d74bbe094b2150d21e68ed7f0f4c4
-
Filesize
197KB
MD5db3f2bc18e1ddc3538fb4c17a82ef492
SHA17f4d8d9df17d5bcc086cc9d08fc6794f8865c7a8
SHA2568da629b3ae92ea9c0b43072bc2a1c29c2d3c5596cecd5b27eb5e1a30506bdd1f
SHA51273b6d87740fc26152a131ce2b722402644dbffcc782ff9c9d771b889596f801a1df1f512561ff1da50f4eef835c0794f7e9dc4da2082166a94339432a1b707c6
-
Filesize
197KB
MD55fe1c486b7a869574fbd935a64f096e2
SHA1a0053ec5ad6dac9286eddfdab998033589766b3a
SHA256ab8747eccc87cf9e6a1dda4e577f940fa5fffb1058bf2c80e32f256399dc0c49
SHA5121bd299f568c7b707dff10636aa5cc37eda778f78c17131ae8cfc6505fb003cf2a6aa574cb4d8f7181ee35f17f19b4f9001ec5cbbd50b7cb5f36bef5a854f06b1
-
Filesize
197KB
MD5ffcdb5b579382c7cff462c89691b45bc
SHA192b05de2d858ca0897bd7943136969793658ec0b
SHA256f4beccc8b17374667ed4f5d79eb3b67d9afcc2f071f9cbad20a7e68abc22f349
SHA5120b86b57d03ef5c2faeb993bb9a777b0317093c045fa21b3ec17c8f5a9dcacaf4afc4a74e32611806ebb961f695893eedd297e102b5a073681d20a5c2624ad607
-
Filesize
197KB
MD56113628a99c426d64c7c8adc925f4d3b
SHA1ee2838599a1a119c02757fd820f128e35d9c67e2
SHA2563d0eea84a0b111f0586498c27ada76bd0be43c428724a77da7c2683732e1b0ca
SHA5124c267795147b2d96b84ea2b34da7e9908d0acd2ad318832e3d7dfcbe8477a61f90e81e8a0f8bfc6a9a9f2e021612532f71a3493d58877be76d1bff0b221859b3
-
Filesize
197KB
MD52db2e2fbf3b4b4c080619c7f79a3e402
SHA1b335e4a0a496951845a2b41444c790ac8de36244
SHA256b951ade41eb3071a5d379add46bec9d9ebf0b3cf1db4269da74ff6954378006f
SHA51288e9f5f23f7abcbd171f845f951278cee2c92ddb6016b1cc363d89054edb599bb4d34db8db3f6535131e6b490409375cc43c5c1bb16a58bba718d29fa60da331
-
Filesize
197KB
MD5dcc4c17ace228ae79e335dfb6e6f0d04
SHA16c9fdd46f22c7406f290e19300697e31b1f1141a
SHA25648d006a23acbc34c19648653ec12743adaf11fbd5545e2b72125538fe500ba6b
SHA512c79d72a5dbd532642061eedc4fe57f1af18ba69125b2e001a308290d1f6860b3ff0985bd5e0fadd5746309484c8bccbefd5876e44b0948ed09dff73b3c23ebf1
-
Filesize
197KB
MD541fa90a94c83649dc8fa7c3fc75a4d4b
SHA1a6d60726576352fda4e11de233a226ec613a95a0
SHA2568284bce116d47a532f4a3a126b70bf682dd854d7c4423c013af362853e114a91
SHA5121ee325980d98213e8a479b5eb236bff28d470cbfe9a3f7a343e0e7458e92411f19e1dde04d2e322295c031d5165baee2f758ca0fa54512a0dc8c61ec9fa75e4a
-
Filesize
197KB
MD5ec7c96c49cbc3c4e8f85c46a20250e7d
SHA12e7bec3496d7b9c29ab7dfe0130fca2fc03cf87b
SHA256382beb3554c768005d8155d785cbd78989c84ec05c31680025549aa41eaaaf52
SHA512cbc9c803f98fbf5ce851330961ea4263dc421ab12533bab0eaa8a103f570fb5a7c7e2d1e4231824ff904622dcd905b9de6a86280e0a44d15c091bbc9f4054d3b
-
Filesize
197KB
MD5ccb6954cc7d2c349c430ea0b3652975f
SHA1035584d02e4a3c4534a2b9e69dbc80a4d03b7de8
SHA256d24fc4d8fbed194ac632d614709b6d0841dc557896837c7e3de038f8de7d0d81
SHA5127f58fe1de81229c2d5052388dfec0774ac901f2e9580d2eda7986a4cae73208079f2e35f5f6b2f836d7c9d4f3e006609e7a244abc2c984f0fddd99730a47edc4
-
Filesize
197KB
MD5e008c715d169db8b555feb78d36c678f
SHA10baf539cf082a3cebd218a2a97322548035a544a
SHA2565ac07e3dae26e723f3634fd6195eed8a02a5bfb8c5d74d13a354c6585829d42c
SHA5124d74cc8e26733d3de7c8e0b0ee560f1e14cb0d97577dadbf2532b84b7190ea4f9e7a4f5e9dc173918af2ec3c9bb1f53563e3616568a9d0bd291737b3ab43d808
-
Filesize
197KB
MD5d3d33b17f98e502a42024ed73f867a48
SHA16e4eb493bf8ffc0e0d6839e4f031b7958553d6fd
SHA25605a70a80f631002ecec80d5b1761f78a46cc3e43abd2d30cb824267f03681d20
SHA512b29046d25c68de3d48ca5b4deca6771c7d94143aa646b01014d2587c33e368e8729dd8c9735ca5f53b72faf40b79501707974d0e39355c098116ac4a65e09226