Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23-02-2024 15:02
General
-
Target
2024-02-23_55d458372a8bd43c16bc28dc9fa54614_goldeneye.exe
-
Size
204KB
-
MD5
55d458372a8bd43c16bc28dc9fa54614
-
SHA1
5ca491b141a1ea6fea1a6d9ecc00387984a3a94a
-
SHA256
4b8f3ee9980e3fdb6a802b54f21d3fce79620374d97ca5be272e7dd6ee89e01a
-
SHA512
23cdb561a655a17dbb8f716f83f1e5348ac1671dbca2676999f4c7dd4833952ada2e4b4987964344af978352ef2d2ebf91d4573184bbbfa31629c3740a513efa
-
SSDEEP
1536:1EGh0oml15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oml1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_55d458372a8bd43c16bc28dc9fa54614_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_55d458372a8bd43c16bc28dc9fa54614_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EFCFB6AC-810C-46c0-BB11-C1081A7CF390}.exeC:\Windows\{EFCFB6AC-810C-46c0-BB11-C1081A7CF390}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B1EBEBF4-7CEA-41a0-807B-80D68BFF2124}.exeC:\Windows\{B1EBEBF4-7CEA-41a0-807B-80D68BFF2124}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1EBE~1.EXE > nul4⤵
-
-
C:\Windows\{0D652DFA-0393-4f01-AFC6-3A97AA4AEF82}.exeC:\Windows\{0D652DFA-0393-4f01-AFC6-3A97AA4AEF82}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{28C1DF24-B366-4e8e-8839-C8B44E244624}.exeC:\Windows\{28C1DF24-B366-4e8e-8839-C8B44E244624}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4098FCD2-6C77-4e43-B4CC-51B7D6BCEB3F}.exeC:\Windows\{4098FCD2-6C77-4e43-B4CC-51B7D6BCEB3F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C4A73A6B-56DF-40c8-AA2B-30F111F6B077}.exeC:\Windows\{C4A73A6B-56DF-40c8-AA2B-30F111F6B077}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{99BAA9F2-52D0-4498-8099-1BCFBD828826}.exeC:\Windows\{99BAA9F2-52D0-4498-8099-1BCFBD828826}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8BDAEB87-4232-4d9a-9CC1-240DBF0D8186}.exeC:\Windows\{8BDAEB87-4232-4d9a-9CC1-240DBF0D8186}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{66CF3001-AA1D-4d03-B17D-D30074714114}.exeC:\Windows\{66CF3001-AA1D-4d03-B17D-D30074714114}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FDFFCC7D-9175-4a47-B754-25F4A85685D5}.exeC:\Windows\{FDFFCC7D-9175-4a47-B754-25F4A85685D5}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E6A4249A-69F3-4a9a-98FC-FED68DB0F484}.exeC:\Windows\{E6A4249A-69F3-4a9a-98FC-FED68DB0F484}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6C2E6226-8AAF-473d-964D-99744A6FD6AE}.exeC:\Windows\{6C2E6226-8AAF-473d-964D-99744A6FD6AE}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6A42~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FDFFC~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{66CF3~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8BDAE~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{99BAA~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C4A73~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4098F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{28C1D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D652~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EFCFB~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD530799e3ea82237586f35db8f57ab9c1b
SHA1a2e9d4865c7b021a2dfbcd5f1198c29cdcbac9c8
SHA2562f370560578eded7a3ab9efb1cf1edf01c88cf83e2344bae9087a08bff76befa
SHA512e9c19cc196480cfd06535d4e193a673b4d3688e4e17b9b9c84ef87446a2ced3638cb2d987059b8e4c2cb8913df23cee3caf4aa9f906150da4243c27ddd9e43bf
-
Filesize
204KB
MD5a0cd3c17f2101fbe9d48c675aaabfdaf
SHA18ba5e964ba55cf20fbd12b1582aa74218bafd239
SHA2561b305dc5c68db48dab40daf1971d024ee14d0bd2aaf97d53d0b0dcf2ef338889
SHA51235da149cd16d876f0b3f0f67e3adaf0a4d4cb08667a2d41ccbfaca52ef49d7926457db7ddbc125dcada74e193e606d54dd4bf3ba796569b3c486a26428908456
-
Filesize
204KB
MD5d2b08fc9a823fabd6c2bb1e7617c3675
SHA16477526f5daaf5fe1d9ccdfa0edb5c2fe7bbf3d4
SHA2569f4df631df68126946627f9e0637bebabb76d505e3148ca8c34181515243b92b
SHA5125e8e00577da6dff31388b54faedbcc3d625bda7b27673bff4ae1a22670139408937937bc5910ced300f96ff76bc0fce5b5a09ec046be6f8e2c023ac851129b0f
-
Filesize
204KB
MD5e8346273f0f6b6693d83d30a48328e15
SHA15204b4b6344c07dd34945ef1c8b39fd6c220f984
SHA25623837b4b7d002e7e121d9d32500950afe9799a911366bea19e6c7ebeb9d50139
SHA5128639009c92f15e3dfa616439ce3f9c38018a2de4d13a74de71a720223de18912230723a07a9b95e9920db89a6e8dd2ad78816479291fbd91bf0605d72aa50990
-
Filesize
204KB
MD5484b40e648b4c009362119a44c726c89
SHA1210a82f84170b60ccc1280f87e6f68a26d1ed6ca
SHA2563b00f37e50178489e3f8b183a45cffb3a1705106eb7cea52155b9225a502268c
SHA51257c104883e74b22d99eff47a1793749a6c6ee75e93374c1e25759a9f12eb2eb3ad2a7bd86e5161c7575a60296fdadc898b55725e15d6426f87e30480092644c6
-
Filesize
204KB
MD5199530435c31427523c5371cb07267ee
SHA194df77a82f6ebc0de0a48f2939a2019cc181a4a4
SHA256390723b65e8eb461ae2215c994337b9563eba475c6b52c713cd03e697bb5c5e4
SHA512d43cea98e5367721811942e026f0de5e6ce2d665a4ac9f3fac80a32f662c92e9f916a4b8027d207a2ddc4ca8a59760cc04990ec43a1644464e7815cbbe28a95d
-
Filesize
204KB
MD58d54ef35a1497170c2e45eb791ba05bd
SHA1e9c4375550fbbd4d4cd035d6014175b4da64e28e
SHA256ec864ffc9d770dd06abb64a57c80cbbd4d1b77a82b8a975e60d83714129f7de5
SHA5120cf457e3209f497124ea8c590ee9107e8294b8f8fa286a3125acd8eaf996f0d985e3c0c80e65006a349fbe7af7e708573673e7696d1edd8746021db7ebd0514d
-
Filesize
204KB
MD52de32a933d920ab6049350a1f2656e7c
SHA1b7b751b82f6dcd0c06d2a65663db281224949c8a
SHA25625308909ffab7001c2087039390ad2ba39b5aa19f134b170d0a1f50b304e6d35
SHA512848f4620ad76e339ce28d9979aaf1bbd90e3bf5c75ac74aa26894a476fe9fac8a54b9282fea1bb0b3f2ac53bad2a26bdcc2218a87c7cb765050d1d9fc877e4bd
-
Filesize
204KB
MD50cf324ae6cd13a0d6ca776b586b8e081
SHA1eaa74a0193f333aa7527671fc1fe40b6c9691fc6
SHA256e94fa37af735799b6c4dc6c223fcfb52a1523755e38f4b78a48daa1c94a4601f
SHA512f8849474d404ce508afbba0ae311e7a0cdfe6060cc7f93c83350dbd67d7c22e9586558fd0ff4bae0f0cff424d5e5e8b8b985e7d27f9d270edf74f96747aba0c1
-
Filesize
204KB
MD5bd7b4ca603bd8bb7704094aa9d30d7d2
SHA115abebb1e1c54aa8b7228bfcac17d163b7d4796f
SHA2562d0b0cf3cc0ab471026474de7e9f82fd60e866888ad6853a5e8ace8236c45188
SHA5124ff0067b1e2afe017bb1fe0976b54d3a5ff9cf01effd2184b898eb54e5d9331ff8a1ec51df2b7605b9a206834eb845d53b89d93204955df62705942215bd6e72
-
Filesize
204KB
MD5658f02d4b0e6067edd4dae6404cd9e24
SHA1b36facd8596b804893532edd47b2c281049c019c
SHA2564b1d5a715f82a51c68c69345bde4bfa0e1ee7a37f9f0f82f2385822ea8baccca
SHA5127a892e66c1c407f23d3fcf1059333a924745323d07236375f074326312af5bfb9e852c57dfe62bc35bf61d241f9611fb8fc80ca16296130388a586b80e714175
-
Filesize
204KB
MD53a1ba79a1c00aab7b83d953a22b055fc
SHA1745f7b1db90b4a1e33c15efbed6c6778d89b93c8
SHA25671fa7030f868c789d94f34760f70f4db7eab80684a7a25ac54dfca67c9beb349
SHA5124331be9a0a8cd45d3ebf5eb4f8652ab2e16d3f6964b7e53190ad465ab60639e4b2b1a7c66c2f188840d3d07f6a3a586ed5cdf7a4cc0435feb278eda2c91388be