Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
19/02/2024, 05:03
General
-
Target
2024-02-19_a0ed88629cdf2f6b9e422a4762d7d3a2_goldeneye.exe
-
Size
168KB
-
MD5
a0ed88629cdf2f6b9e422a4762d7d3a2
-
SHA1
a58825ef820cd9c0c1ffdd52a6cbfe86a8fa4195
-
SHA256
8e9b9843db40b8a14ff257be3e03daedc0683d3cf78578a7414f11a0c8f9faf4
-
SHA512
9b1e014257ae28444a843588a6f5f78b16e15cd4e6bb1a4da02fa1fd08952fa74c44ddfc2b310b5d9a0305e4b4a0cd49fa0d33b48c619fcc7d44731d92f56d78
-
SSDEEP
1536:1EGh0oUClq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0o/lqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_a0ed88629cdf2f6b9e422a4762d7d3a2_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_a0ed88629cdf2f6b9e422a4762d7d3a2_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4BF478D4-A6DA-40ef-8838-F3A0BE017C92}.exeC:\Windows\{4BF478D4-A6DA-40ef-8838-F3A0BE017C92}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D21E165C-5268-4b2d-9DBB-D62361B4FD0E}.exeC:\Windows\{D21E165C-5268-4b2d-9DBB-D62361B4FD0E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D21E1~1.EXE > nul4⤵
-
-
C:\Windows\{A574FA16-4F37-4101-BFBD-67470BB4C26B}.exeC:\Windows\{A574FA16-4F37-4101-BFBD-67470BB4C26B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6043EE97-02CA-4d5e-9D2C-B601EF1DE578}.exeC:\Windows\{6043EE97-02CA-4d5e-9D2C-B601EF1DE578}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F55BD880-C5CA-46ab-9C33-B06FAD3E0E46}.exeC:\Windows\{F55BD880-C5CA-46ab-9C33-B06FAD3E0E46}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1EE36A15-F127-4e72-977E-B6743744A584}.exeC:\Windows\{1EE36A15-F127-4e72-977E-B6743744A584}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1EE36~1.EXE > nul8⤵
-
-
C:\Windows\{E6FB7EA5-BA77-4e38-B68E-FA1358207397}.exeC:\Windows\{E6FB7EA5-BA77-4e38-B68E-FA1358207397}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4452C26A-B421-4053-9315-7A16E334AB65}.exeC:\Windows\{4452C26A-B421-4053-9315-7A16E334AB65}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5D4C6386-D7D7-426d-B886-EDEEAB6B833F}.exeC:\Windows\{5D4C6386-D7D7-426d-B886-EDEEAB6B833F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7753DF7E-8A17-469d-B7FC-D23DAEE3DDB1}.exeC:\Windows\{7753DF7E-8A17-469d-B7FC-D23DAEE3DDB1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BFF5F798-07B1-4153-B8C9-B2C12601AB95}.exeC:\Windows\{BFF5F798-07B1-4153-B8C9-B2C12601AB95}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6B7E91B2-D5E9-483b-AE38-15549D7F15E8}.exeC:\Windows\{6B7E91B2-D5E9-483b-AE38-15549D7F15E8}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BFF5F~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7753D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5D4C6~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4452C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6FB7~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F55BD~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6043E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A574F~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4BF47~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD578977f2c9a0f2977ccb0f15df7d521ea
SHA15c63b7026c347004297ee72197bf490308805ed8
SHA25669e99e4c557b7d5ad2d87676bfc58210f8b63d25c1f63a55e04afe50dccff99b
SHA512f71c105ba794636ceb9a550b568dfaa43f528a32f551316cdfb684b8b66cb62b8e187e57515430f429fca73642314ce1592590ae08c8dd61ada7c6ac9bf7dc1c
-
Filesize
168KB
MD53e204ec19ad78a3b0eec39e62c3b83ab
SHA132d8e7d297432d10096f7244c423d812a7a3aca4
SHA25695a62933631f8a690452afcc05d7bf89afc71983d172a15b0e52f232ec8b4a1c
SHA5120229a14136b0f1f245bedc232a8129bd72e0d3f0a78cabe8ea415ed353bc3413d571b0f10d271c993ad61755855a13c29c2923e08051ac03744a47ac12615a06
-
Filesize
168KB
MD54b5a777013e60b49ed0146df720a68bb
SHA1ee6bbca11cc34e2edc764570fa55d5022b7c4e1a
SHA256cb957470959c486d23a759cd98a3f6083e775a14478f1e1795a70d5f2056f9fb
SHA512dc8081bdef6ae24060442d90993db7ef6ff0bf75a2b448e6493850ed13266d083ccfef3574f5e9681c10d7396d2e0e9c10e81e77e3fa9a6846b3236b84f307bd
-
Filesize
168KB
MD5d452caf584091cfb5a6ebda9e01d54f0
SHA1a8a371af3410cbfbd54a0082b70f663f80fa6840
SHA2566b142b0401ecf319876d6d6052ef5187d84e8474280203e042ad26bbc37ddecf
SHA5120d396b40ac0a1b7b108d93f3960a906f47f43da79e17e2df7fec1f04f8e1192c96b4d2ec34c6e928bb3ebd86e4871084831522b3014721c85ad298f002a3f957
-
Filesize
168KB
MD5d54b9883b83dd6681f08fbc6e2453206
SHA16cac18ee2eb288880b25dc907a953386ee701769
SHA256a294f1b88efc822ec34283ab02dbb20f9ff4c458f9313d5c1578e7321eab0cbf
SHA512e9e70a504c8cf51e247c5e6bf9a5475e82bc58b3e1abd351a201c1d9e8a4e41ce4486adc1b88d2eacccb4756b63f281e3c339c0db3076bc6893ab11fde5d0416
-
Filesize
168KB
MD5bde66e3487bb8c5776209a824f8977af
SHA1c5150c59b64f6eea81d5f3a7fa84c1f5505eb7d5
SHA2561828e2cda230d5db140f56caca26a69c9284376e85ea9d9f871e6d047d286994
SHA51233a5707d41f3a9c4b77972dc9b817d8e452618b92f21d8b3d5cd830c98ac97b2c8f49b4f235d830637a90d0c7a28cdc5e4a2e10694750842bc8cc7d3537dc2f9
-
Filesize
168KB
MD5d956284bb1d26770495a1edd13208b57
SHA120201751f18d1a4e6ca69a2cd1af166aed3de790
SHA256ead78bf5e5ce3adcb2a8131f5086c0ee85ed4b041a2371c6cc290e4beae5ffe9
SHA5121292b0ad1d7d0708f3bc5dc17d64af9c10c0a82d6dc832afa97c9f974e53ecfdddac3897086fed7402f958d82b70b5324543744241c6dc9f5c76d0fbb689ea87
-
Filesize
168KB
MD5cfff172ed393d567db09f17c8847f391
SHA1b189c5c9f1446aed9e8cb639f746ac2494105f70
SHA2565a4805562a3aaec3f663496ddac4fe4677431af008c77755dc7d6f4d04e20de8
SHA512fc156ed9014c2c5127472fa3859dbbc0f7fe54d4008839d91ea5383ec01b7d257c297644f3e04028f8c3e4ed0af3ed0bddfa84935652b6bcc02270a9d18bbd7f
-
Filesize
168KB
MD5e2c4870ee9299db1d9818524a75156ab
SHA1d0a138532f1c894977b7732bdd9fd39546b392fc
SHA256fe079b56c76f027b624e30f96e6e4325d976b92dce70b18ef2bbd668049a2d04
SHA51212e2292b305b2a546a384bd3492a20849101ef87fe229baded227295f00aaaabc70b63e2cd3f2a1b5209ce26eba9a8b7c46639e9ec0563c0f0418165c2ac6086
-
Filesize
168KB
MD55c9d4475492d6c3c8a970fa47dce0258
SHA142cb64dc5300ddda8d8f194e2f69fae7fef5bf1e
SHA256d1435c294b7f9bc7d0df19837df2bdb84851c1de502e57d24afa47cfd14e37c3
SHA512c37fb13d687466428798f3515f44c0b768ae90341a70147530cff1e7339074ad1b455b386411c69632856e967a70c01fdb72803b7f00af2c244551d61848150b
-
Filesize
168KB
MD5fe768e287a21c2a92c9995a5a578d712
SHA135a11796eeba5b51b588317f7739e69b637ea07f
SHA2567312485a6e8eed9bbe7ba3ac201ceb657b7e6c3cb50b89cbceae6fbb80f6b4ae
SHA512dddd44fc43b940849a28b2ae18867ad41622ab50a7224d858a392069473955f4b0db853f5245014cfdefd396c2a94ec7f7f35dd1b2295811603793b1eac4628c
-
Filesize
168KB
MD5cb3e7214368f938702f53aea682a5697
SHA11574744d995a31168cddd2ca2df38c2cc0066601
SHA256d50707ac61cab8a834608403c83ee05d88e78112d064635f569ad2fffa8c9e15
SHA5129a21a0145d9209b70181d6162744036cde4e0ebdac144c1e98d45d100c2e8460ddc259bb99cf357086a801495df523c177ce23c4aef5f4f77427f8afb643db59