Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
24/02/2024, 21:35
General
-
Target
2024-02-24_a35addbb113cecd1b6d1a91c2974be2a_goldeneye.exe
-
Size
204KB
-
MD5
a35addbb113cecd1b6d1a91c2974be2a
-
SHA1
ea393bfbaea4783c9c34ce5999ede1723afde89d
-
SHA256
723d6e9642c5ff9a7d1a6a0af4ea58f08e88d7025060b83aca083e3b493b6e2f
-
SHA512
fb640234b0acadfe02912b8f35fdcebe275ba65ce0e67b9e84e355c7b42da0e98046ff73e3f623081a229f6ec4031675d9caa9835861f5777cd034bfa05b16ee
-
SSDEEP
1536:1EGh0o+l15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0o+l1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_a35addbb113cecd1b6d1a91c2974be2a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_a35addbb113cecd1b6d1a91c2974be2a_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{00458449-7ECD-4e14-8041-33E29D95FE88}.exeC:\Windows\{00458449-7ECD-4e14-8041-33E29D95FE88}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1A63111A-0951-4cd4-BB06-E6826EDAD7E5}.exeC:\Windows\{1A63111A-0951-4cd4-BB06-E6826EDAD7E5}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1A631~1.EXE > nul4⤵
-
-
C:\Windows\{31B7207F-A56A-4563-9FF7-0CEF39D17971}.exeC:\Windows\{31B7207F-A56A-4563-9FF7-0CEF39D17971}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{98F49B0E-6115-4327-8E17-06E44FF5B0F2}.exeC:\Windows\{98F49B0E-6115-4327-8E17-06E44FF5B0F2}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F7718681-EFED-42e9-AD64-B77D9CD70736}.exeC:\Windows\{F7718681-EFED-42e9-AD64-B77D9CD70736}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{080E3BA5-98A4-40aa-9DA8-9E0BF5B7A6D1}.exeC:\Windows\{080E3BA5-98A4-40aa-9DA8-9E0BF5B7A6D1}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{219EB0F4-56F4-4583-8269-791EFAB39C10}.exeC:\Windows\{219EB0F4-56F4-4583-8269-791EFAB39C10}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FCD6FB6E-CEBB-48f3-8CF8-46727300D32A}.exeC:\Windows\{FCD6FB6E-CEBB-48f3-8CF8-46727300D32A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AFBDD9D0-744B-492e-8068-2F77519E8F35}.exeC:\Windows\{AFBDD9D0-744B-492e-8068-2F77519E8F35}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9B41241B-0FD5-4f73-897D-77211E2E2550}.exeC:\Windows\{9B41241B-0FD5-4f73-897D-77211E2E2550}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{42D5F4BE-072A-4895-B347-9C8FBE7E30CC}.exeC:\Windows\{42D5F4BE-072A-4895-B347-9C8FBE7E30CC}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5418ADBC-3C74-4624-8627-7524411D36BB}.exeC:\Windows\{5418ADBC-3C74-4624-8627-7524411D36BB}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42D5F~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B412~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AFBDD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FCD6F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{219EB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{080E3~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F7718~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{98F49~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31B72~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00458~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD59c8149facaa24cfe6165ca6e1e0f64ea
SHA17d65adc7ef2bdd278df26952b6cb99ec9246130d
SHA256cb5cb8fa4d5ca329b8d0d8cb5f3fbaee5e42546f9ef51283e491b3688d3f8375
SHA5127b398aa884c85e044f747e32f6108c30d5c4d33a207b0b8f3c4f8fa0e415c3929bb9c8a77b46e003d2a9c7e9e341bc7c6bbe62b170e4466b526e237c20646285
-
Filesize
204KB
MD53e6b108c43cc63ee545da39e6834983e
SHA19035368fda687bf933337671950498161a06a953
SHA2568c5859707ccce70fbaa808ac4b1a293f145d0b4bf2947ed18495bc30d99a582e
SHA512978aa9b2154f086ae3031ce4fdb3439eb7ba454d4393f1f5ec975d91b85e3c2242b1e5cf1de5b074d2589cbba0f0e8c91a4ee88501ff285983dbb7fb8f84ad33
-
Filesize
204KB
MD51a392e582ed633f7e5d8a3fea44c30b0
SHA1af63f48d5c2b674c5b19e82701ab47edfbd211f7
SHA2568ad79a1c5e4336e6f1295a987a25056d4860433bd409e06e18c7ac1c6d84817f
SHA512cee9c5208b6bcdfd0df60c9be80385c060d1f0bfaf4aa1132babc0d1e59a3aa48d72715e14bc2497aa30b06e1ca362697482ee052d4099a4073de8bfce1a394e
-
Filesize
204KB
MD5fd5e5624123326ae2c1a90f25cde3a42
SHA1c457afd427605dd324ca512d1f0702202c686d03
SHA256439d7d1fd2e9fa85523c3747b7fb3bbbc3fcbeee08067209d230af14da65c81f
SHA512f2af9071227e885815f401558367ac83add7eb87fab72280eac98198bed7b070c9fb089b17d56f6d021e16d37ebb1be51a79c528ffdb6cfee34ce3cc9da22baf
-
Filesize
204KB
MD50415b5cd14908907bb49414c11913618
SHA1c62615a45d90825a58bada00e6735856a2f67d31
SHA256a908bdda30a3b7cbf2dead21e96026936b7e2c597f00d2c17450ea7c53711c14
SHA512133fb23cd73ed13118a39b51d663a60e277970c384d1a09b515b1e17277467044317fbde02d3f281dfcd49015b8685bfa8cdb3790c457414ba4f5efbae700197
-
Filesize
204KB
MD52ef20e6147a9429594b357be796ff629
SHA1ecd8dd92169c087daff17c43430547abcf05ceda
SHA256825be7b04bb04cb071a51d457f1c1759e93ae6aba5c544c54a7cb7e5d4040c0e
SHA512b4eeaa5d99be78d2470412213ee75d9f6d96a7ba8a28f70a2b844632179d11ecd9d2526d9ac7dea327351c846a1f59088d5028b1ecd499ae3595c1914f65c5b4
-
Filesize
204KB
MD51ff61273ac3629e89ea1eb6b42889632
SHA1c94e47e8d54557e7336f58e06432e356a6e1d7c8
SHA25620dd2cbac136bf22ccea22f6b0a1a6a3d153e964eb2adff0777eb7447beadec0
SHA5121b5df50e4b32389349d33bf85c80ce910697312bf5b41a3b332e1cfa6f53f5e96e262312000cbabf1e94e33b697e54b446edef5695467cfcf28a05efae2d3f5e
-
Filesize
204KB
MD5f17496821fc808427dff6f3674792c07
SHA1b36f8bde03e4c3f0d67aa182c0f31ea6e43a2ec3
SHA2565c99fd216d2b1486d0260bba4309e1fc95a1b70ffe3bff92224ac5bcdd530bb6
SHA512fc95ca326d92febd896a9cb676ccf7b1f41023047a22f741080ff8b1a29a4eb6f8b953d47253e1d37a6fb4f15ce447d81b43884f9351c30382834ebf4e90abc0
-
Filesize
204KB
MD5e3edeb82392897590b4465d9abeaa758
SHA1f046548a7759b3a4442c76b0060fb7fdf25d86b9
SHA256c882c2bfb91695286cf4f7611cbef2d1bf7fd857feae76856e02d3b23f872612
SHA51222f59c4657489179855a78f0dbb4105c25f391c6fdf60dd01c63e0f5a492e4f0414f8133815dc399f73cdfc7b279f089356978bfe9cce62e5211331117754264
-
Filesize
204KB
MD55f51b730aed30c123c8d224268c065e1
SHA1b76e32408622170543dd16e03f8cfe0c432fa49a
SHA2566f2dd3608e990d121cb370c62b9d8f518811232e0f2dda8665f30dc8400c3062
SHA5129f1c9dbc2cec705c53b0f6e6fad8038e52c3697af1c0ad7afc841de65c8c28a1c7e4ea12fe26551983da7a5c47676d85a3c2fb1d5f654233aed3edad21638951
-
Filesize
204KB
MD53533db93cc2bd2d9f12fc911cbdb2ea8
SHA19b9610e78c7fbf260ffbe6cafdd1c96a89aed1ec
SHA256cb72b515f975bd62baad47b8c4e2885c1a4be6df1bf8498fa16b61f14e8ffe09
SHA512166f51415283d59fbb2fc5f5f07c17d0aefe9ab298da5929b957d4c4d92a6b67148c83c5e425fedaee5d9b2969970dcd01370107f874d87626e868811c1f4c5c
-
Filesize
204KB
MD57c4b5f036ca9565e47f75a194bf19684
SHA198866c8bc5d24b52d15e3b996ba46f850cbccbf7
SHA256338f1f6312438ff53335708898b4707bfad3f4a626187c1de53547a71bcf453a
SHA5120374eab895196ce994c330ee5c1c0ebd3c366500bb34474a3958dfe3151b643d6baddbc5b28b8c47c7bab3868c2978279d7bed6806c2963a1983245377939b3b