Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/02/2024, 02:48
General
-
Target
2024-02-18_dca346791d85552a75a876387fc36147_goldeneye.exe
-
Size
197KB
-
MD5
dca346791d85552a75a876387fc36147
-
SHA1
4fa413a57506a0e30a41f05ef23221d4fe5cd188
-
SHA256
efb66c234a094d6c1f6c6740de9adecbd0a0cee76c28135a5e54e144e5b2949c
-
SHA512
063a54e8a73ef8f07449fe65d40aa1b4dc51a7460b903eab3c3ffc77ee86495a92ca9decc20302d47cd29c8c67ab2a9e92d12545c0c70ae554e42cfb2857e376
-
SSDEEP
3072:jEGh0oPl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGZlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 14 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_dca346791d85552a75a876387fc36147_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_dca346791d85552a75a876387fc36147_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BCDE40BA-BA88-419e-A8B7-AA927A39902B}.exeC:\Windows\{BCDE40BA-BA88-419e-A8B7-AA927A39902B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D12399FE-56F3-4be5-B835-3FBCEEAA3BE0}.exeC:\Windows\{D12399FE-56F3-4be5-B835-3FBCEEAA3BE0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A2F87CDC-9336-49fa-BC3A-1547B509F589}.exeC:\Windows\{A2F87CDC-9336-49fa-BC3A-1547B509F589}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C45713DB-348F-4434-80D0-02B6D7C03548}.exeC:\Windows\{C45713DB-348F-4434-80D0-02B6D7C03548}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{841AC65D-97EA-48fd-B2E7-BE8C7A98B935}.exeC:\Windows\{841AC65D-97EA-48fd-B2E7-BE8C7A98B935}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA52A91F-39CD-4599-9C9B-4E4130653D20}.exeC:\Windows\{FA52A91F-39CD-4599-9C9B-4E4130653D20}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8840AEDD-2B7E-4d4d-B514-95CB64947ED2}.exeC:\Windows\{8840AEDD-2B7E-4d4d-B514-95CB64947ED2}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A45C47C-6EC6-4c39-A829-7B47C9340B8A}.exeC:\Windows\{0A45C47C-6EC6-4c39-A829-7B47C9340B8A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A45C~1.EXE > nul10⤵
-
-
C:\Windows\{0C1A8A42-954F-43b7-B48F-BA87A68A71D8}.exeC:\Windows\{0C1A8A42-954F-43b7-B48F-BA87A68A71D8}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0C1A8~1.EXE > nul11⤵
-
-
C:\Windows\{1B885624-253E-42c6-B9DF-0C1F75549201}.exeC:\Windows\{1B885624-253E-42c6-B9DF-0C1F75549201}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{880D14C4-0ED4-4dc8-91A8-B747AB379815}.exeC:\Windows\{880D14C4-0ED4-4dc8-91A8-B747AB379815}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3A7319FD-9331-4bfd-BB34-117F0F2E6064}.exeC:\Windows\{3A7319FD-9331-4bfd-BB34-117F0F2E6064}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{880D1~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1B885~1.EXE > nul12⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8840A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA52A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{841AC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C4571~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A2F87~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D1239~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BCDE4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5f87c0fadfa808995ce4e095594fa26c7
SHA1a117a60530483204fba1a2b9a39426bced06e5c6
SHA25634a5fe4312940c2285c616c95144d85f0d8a6c596a51455b85e1be5d6a2bc8e7
SHA512fb85536d287dce5e70f104d0d4d970ae085721d9d4c0cca3608e6523db9dc8f34c0daf64fabe78c26a100ee210afdbabcb37c5d360247cfb0afcf71f93331413
-
Filesize
197KB
MD5a09d2f277defa7f55984957c627e3914
SHA18209c9d98978641dd2375ec6faf824d6b113dd5e
SHA2561d879c7a670da0c5c55d4a210af9dc8b159df2d928e85e9cf2a34c8e7fd050d9
SHA5125a789af258e5e2d1dab6fb0e88c5c68d96bfd4b18367141be676504bf80200e1460b96dd8fbd398be4112ad46ab64dd237b97da29cf6f111af7c9a5e8418a58a
-
Filesize
197KB
MD599accac2b99a35628014091044a09bf1
SHA17858218d82852006511c0ec66f7d5475cc36ccca
SHA25676e227172f109b52dd7c30ee8996c8d141c78e9481853648ceb1f0486347d05f
SHA5126bb905bcde184d66c6446d791e9540265a306ccebea3809f0061ecb9c65970f13f1ad19507915db6efa82d95f268faa38c600898ae07257f71354a69dda7ec6d
-
Filesize
197KB
MD5f78a67191ccc2032b03ce03d10ea0ae6
SHA193752818d121271b37ade0439be8b0aa8cff79db
SHA25602eeca737260df984effe98cb87a68d5fa7cf7ceb9ab9962af3ae6c8c1f3fa5f
SHA5121f459d973a2cdb713eca1dad6500899da983ce7237b19add0740646198c742f8b68299f293eb0caf62b9f0f97abbce48324cd377848c323c310501a0881f827b
-
Filesize
197KB
MD585bb3f88632911e89e4d6cf2023b8eea
SHA18edcad8102c3c88e213d3b5716a9fc627aca3170
SHA256f971cb068d58a850bb4e040c06aa9665461e5bb501490664021de0113c917d7c
SHA512cb1b6d30c4c3a12749e98d6aac3c6c3a19608a62f5a2c70d2da431d1fd8f622cd86f16ee769c303684a2ff97214a68310001073c3f08a35cb7d437b95cb496ef
-
Filesize
197KB
MD5e49dbda42cf9116e0a2504edc3996c3d
SHA1d00b2220c213b1d46955be1a34ed220651a64ce1
SHA256685a818b7b600f8a7c26f209a1c954774a3b84c31a716824111be73fad1363be
SHA512694b753b64917a3fa7745bcbfb1a4a84a19c05276be423dc9c9a8b74901fa2ffcbef6bd775afcd51d295e3317c8bee44d4ea3c41220f8e7af49a4860ebd34f1e
-
Filesize
197KB
MD5827e048f2e61a12ab0a93f16b1fdb0bb
SHA1c0367b67d81fded8678538a17bdf9a5304b49511
SHA25637decc4025aacb9e089f212690fc7e419de6ef76b0543766a4cf016d6ea8e8c2
SHA5122880165d6e9779a64f67a1cb156a9b302f0b954d2c35805d4a8992b67febd44356283bc0303e990f34bbe73acff2f9774e98f3904eab2d2556652dfb454c11e6
-
Filesize
197KB
MD5bb45e2f70cdd1ff66aea9cc1ae074259
SHA17e811cf91e34e0d22abf94255224548aed1291a9
SHA2565c89797abb5d2c5616156348adedbe3758e833085de5cbe95eaaf78038cada90
SHA512f7a7af0ba29f746a59f5938fc688b715919c8a9e428316d79d8f3ddca5434b32dba92ace0f95b62010df71861f69e10d973e40f4a14f437fb4bf63906695d4a7
-
Filesize
197KB
MD5dcfc5e74cc01392624f7848b12b38aa6
SHA10083522dd53f87470e20afdfa28101ee0c0d5af9
SHA25614c83520b3a26bcb184d98aebc83b625e2326f542c3dad91dc4389e4a0c1e1e2
SHA512a9c56c2a4efd61f263879520f069e699542d711af96e79249dfe55bb960996534f82ba22271c9a1d1e8cc956499a52ce8b7717224a0396a2036c9b484fbae25f
-
Filesize
192KB
MD5a957a53cf61504f1e517b352b7bac20c
SHA1b92bf01c81f65b1ea3ea40ae891c71daa1fc10a1
SHA256dd814fac6eeb878c7cc07b8be7ea1a3d4e8ab8e6fadaffd2e24e5275c5041ea3
SHA512653a978adc915e4ae130ff9c2dbe57dff805ece6ed3bce523528a7219f741432bd325d7fe382c405aaacdfee6d9609e186981ea6dc4da9b07c8a1e39c5f0fd92
-
Filesize
197KB
MD540ee73984c400342f46c2cc1c074af00
SHA1bffcecc7cec02b2ee13d26232c1483ce21729ef0
SHA2566ade7e07a1d1d74e242e1db1fe33364a077c305d08f85fa0237fd33032b44095
SHA512dc835c1fc8e4e2adb6929c12e1873989a293859a61459d50c22f23b0826ab5acfd94b93ef9561d59e5d31914521e40b512becdae4dce795e8ddaf1a4249551e7
-
Filesize
122KB
MD5f1e770e0dbaca324cc93ce778fcc5d3c
SHA16a9cdc65f9a26f0464c4f98c41e0147522836050
SHA256a9bb594a8f7194b55bc9a42c69a9b17b7a71c6f90547b7f4eff52c45c48ca4d6
SHA512a3939daf040f04319b1387b81bb6377762212682def205a94f6317002d1e8a06071bc10b0f1f47a5b8346c34ce2b540bc48653c8a4e68ceb373390be1bbb8b9a
-
Filesize
197KB
MD58b4ee9066dba7fd4d7b5e7e5ac6ec680
SHA1955c23d90d72232acd91dc9523b6d6c43baf4698
SHA256ad18e0b9562c7d7bbe8166e1e712b6140fcd6d13de024ecc0757b9d29a13de0d
SHA512a51230576eef75929e3882d635d859aedb9c3634a95d0f8a29796b9322759075d8a0bd75923e65df780372a19d9ae74bdbb222e02034521ae8047a8c3b997cfb
-
Filesize
197KB
MD59ba6a5aef541d098c7051a40787befeb
SHA1485927c6dcf27666b045c5a235b0283b07b9797e
SHA25633f882e64e6482e0305c6b0aaf3994de5f164e36a81e18d47315bedb16f49b05
SHA5127928ce05c4f685c97f1a509996755dbf5e13fda1e32d12145e0f54149e48bf8b4ec6f80980d55af184245f28dadd2921d4189b09cafd5b4b0fd41ec2dede9878