Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
24/02/2024, 02:24
General
-
Target
2024-02-24_0905be4259a30a270a1961685901bdb6_goldeneye.exe
-
Size
408KB
-
MD5
0905be4259a30a270a1961685901bdb6
-
SHA1
dc965006193aa0aeb5ab0b3ecc442414a44e28a1
-
SHA256
71cd05d26bf611057a00407b68c3df6066d49fc28db0866c5a0f8d65b4b2f363
-
SHA512
a66ba7cab6af93ba823c6e7e498ed06d5cee2ba1eb964f02a920b5b4eb30214fe0dceda51a6c8771e23b59aa96f1febdf648adde01caa90d0989586eaeb69893
-
SSDEEP
3072:CEGh0o0l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEG6ldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_0905be4259a30a270a1961685901bdb6_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_0905be4259a30a270a1961685901bdb6_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B41EEF75-39B7-47fb-8CFF-642654DB8876}.exeC:\Windows\{B41EEF75-39B7-47fb-8CFF-642654DB8876}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8FB5B5FA-0696-4b58-AF1F-22663BE44427}.exeC:\Windows\{8FB5B5FA-0696-4b58-AF1F-22663BE44427}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8FB5B~1.EXE > nul4⤵
-
-
C:\Windows\{96B13911-04E5-4c3a-9F76-0E7720C29FD4}.exeC:\Windows\{96B13911-04E5-4c3a-9F76-0E7720C29FD4}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B063D824-30E6-47a5-84B4-FF98BD819920}.exeC:\Windows\{B063D824-30E6-47a5-84B4-FF98BD819920}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{75D67753-B408-4d20-86B6-B1F724FB962C}.exeC:\Windows\{75D67753-B408-4d20-86B6-B1F724FB962C}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3B476DA9-D2EA-4e75-BF96-EF509E6B32A0}.exeC:\Windows\{3B476DA9-D2EA-4e75-BF96-EF509E6B32A0}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5FBE688D-2583-48a5-AF19-394DC90F89B8}.exeC:\Windows\{5FBE688D-2583-48a5-AF19-394DC90F89B8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{50734BD3-4BA1-4bfc-9548-3A9D99E8E05B}.exeC:\Windows\{50734BD3-4BA1-4bfc-9548-3A9D99E8E05B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DE6D2649-4E9C-4e07-BB0E-3356BCF740CB}.exeC:\Windows\{DE6D2649-4E9C-4e07-BB0E-3356BCF740CB}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{38BCD35E-4589-45c2-B6BA-0F6E75965020}.exeC:\Windows\{38BCD35E-4589-45c2-B6BA-0F6E75965020}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{93449C8D-4E8A-46e0-9587-5CF8E4B345BA}.exeC:\Windows\{93449C8D-4E8A-46e0-9587-5CF8E4B345BA}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{714B1BCD-6D92-4594-B2FD-83F4EF1204C6}.exeC:\Windows\{714B1BCD-6D92-4594-B2FD-83F4EF1204C6}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{93449~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{38BCD~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DE6D2~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50734~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5FBE6~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B476~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{75D67~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B063D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{96B13~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B41EE~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5c2ae4d298555422894cf491a002fd829
SHA1bd083a2dd461f2f810158da2483712b989a6f30e
SHA2566f93d9cbe51162278493fc36e2119eb70163a80f5a230d72543a81d4d116d3f5
SHA51259acaaa47924c0adc24959b0e336df348bbe2014fb2ab5150d6028855212563f94d87d6c64cecbd18ebcb3bd184901ad035eb1a679d492b6019bac0dd377841a
-
Filesize
408KB
MD5c30aeb568b53bc1491c3d2e59cdc810d
SHA13859fb4fff07c9a767f2d5bbaabf5083f7ef7c6b
SHA25697e6071bb080a4264ca43251b85fdce932a69cac3faf24e40cba7f407fc07e36
SHA5124abe6dac8291200068298c475b91f89279a4d8896f9d19a7e4e4c053fb40c7175e3efb75850075a3881b2fcbf4be9200dccf0f63d1e60e36e962baa3b3352c1a
-
Filesize
408KB
MD548e2fc824bff85c05762b30f46513597
SHA114b93cf82241eee975bcf8c694a2eb5b87d3e948
SHA256c5c5467c4eb4b6de9405ec7944959ff959bbdcad29c5576c5d86a1965456e59c
SHA5128803bbf6e42449b834e606c70a091d7d3c2dbe00f497e18a269b13627698126e002ba177bc176fc7b319be264eac508cf19f4260246178c0a0af6a58be860e1b
-
Filesize
408KB
MD53fd27e47bb40202163ede007ff5798ef
SHA1b7bb239ef36f9657b038965f6a8f0b3251cfc2f0
SHA25684fcb1d8044e055e0c25119bccb8d4be81dbe42579b12ef7bd65350c71e2614e
SHA512e7c34287321216166412c7979c16cbed95bf46af64e0e45ad833a733cda5be3f3a432d000f320513451fa66db1190af1ea5d79ac687c64ab6958d16ecd56faac
-
Filesize
166KB
MD520cfa1c7fc3be16acf0b17fd1ef015c5
SHA1655385f6e07230861de739725f33229ae7214a2c
SHA2562c5650a91ef3edca947630144d4e59eaad1cee4b6218457908cc3697c79fc3d1
SHA512066b5616940d1df36f12ab69843c4dc94a0d7ea15ddb6ce2c1cdb396cef2c0594b14ae49ff8f77e6fd84eafe68ac1d79599301a42d08567df7df4339ed1fdf2b
-
Filesize
408KB
MD5346ebb240ee1bdfe5164f7cf0ad35290
SHA1db16660eeac7bc000af6fa5e54b1753ac9bc120a
SHA256ab332ca8a43f86a1b6f11e29deaa2a7fbfa382f013699954d83d63979a1df534
SHA512ab95bbe458d3f66e604ebc9d220af65ddf584db3b205d031cbb4eba8086b29ec4587f4c6ea56781d69088459d520508dc8c2f46ee97777c90c4ef82376ef9c50
-
Filesize
408KB
MD5838a152a2e36ca6119b3bafeaeefb759
SHA12d23b2748507a93734b5150f351213e807b6236c
SHA2565f19228c04b6cd0d42fd7bd7e98e7b37c4ee098200551db644447a2d9f5eda08
SHA512b230009687d19407aa26cc001df7387f7ebd02e1f7b62151e8535f065b5f2d1c4d94a8b1dc588a5e8c74beac4e02062c2e3f10eb7ff0c0c57804b1467389ffd2
-
Filesize
408KB
MD5bd505a199fc5c0670b13790c52b75ad8
SHA1282d939143911e37ed3554888cc298042f290e0f
SHA25613ce4fafaaca47b9012cebb08dcac06b32b2e23ebc809c09a5f6f2709670ed80
SHA512bfcb470ed571a657823769fbd29586c4b0bd1d58c7bc503f6fb1ad2849835181de58172f7f582ee8b319ce61eb1d54f5bb9049d605ed61a62b27363201b4f0cf
-
Filesize
408KB
MD5e68d58eddf583854ba1f10e39122b320
SHA1fc3b046ae1867cbcae961b937b4a1db8db5fece4
SHA25604e1d7bafcb39f9cf520a7fa30913ef249e6b68028456ea85f8999bee950f880
SHA512f8b74e625b6d3140f6bab0fac1416c9643cd7a61871bfc5e470f4b8ce6c6224931822c8c71d378f8004ab708e2949425338bcd0e6b1ec96eb10d51fffa65d8e1
-
Filesize
408KB
MD54c9bb1cb0de7005e29d382996ba766ac
SHA167dd3607eafa7b52badaa665490d99e8159819d4
SHA256f64d3363ee58fa82be0992ffc8e2f84c53db79714c39748b5b13eec608e44a5e
SHA5126550e4f33454e6de5907bc8b8b5ad6554dc3984f59ce710ca6b5b6256e4eec7142c5b3cc611d9c0a2db86158d8e3468b98264e25f67a387bcea61c6c0e603043
-
Filesize
408KB
MD596fe988a6d5fe6d20923da74fbfe236a
SHA16ac6dbdeff10e249036c100c2e5070a0b381d912
SHA256fbb78331d46fbc374d21b989a80a31ca4a6559c1fa9cfe648aaa963d9f227177
SHA512ba0ea0eb6c7d705fbe6f55f6e1a84d856a37d32a273bdae96b2af56f32d6b01c464ee55223ef41b66249389ab2c4b97b0d1e30725ed97ae1dc2a9e707af4a924
-
Filesize
408KB
MD5a717db1dc9bc85ec6e68937f65bc31ad
SHA1cb015abf652aa080e532fa5e3d93f3ceca167275
SHA2561df993aff2f24193dabd5c2e4c1f3ab886e858f948c4f67539d0b2bd78cbe330
SHA5121c7e4a3e8022113918b6e06ba840a40d63245dfecfb85e0a51499442b4f451b129d32b162e9228b9a1a38d638c56a785e2e4658bb45365a07c9fc4ef1a5ff409
-
Filesize
408KB
MD58a89c41b18fef5d500847f2655124752
SHA17a0efe8196a5679fac932d66375de625f52925e9
SHA2569129c1f44cdd5e64c5a27adfb1cafad554ef849b622530cc7ce53d21f81198be
SHA5121eee6f6c70c6827cc818780a84ca14fe0b01675e35e45f98138aa99054284e5ca18e3f77a0d4b58afb4b52bfeabab41e801f11fde449059d6dfe41721d3954d2