Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/02/2024, 12:48
General
-
Target
2024-02-28_f877d2de6adb863edd5ed734091acab7_goldeneye.exe
-
Size
408KB
-
MD5
f877d2de6adb863edd5ed734091acab7
-
SHA1
44ad71b856ef71f7a36ac5c9f34e84bd4e7d7532
-
SHA256
44b8540ceec9492663ea8fbb0dbf060d18a7826d91a65f7d5aebbca0370b513f
-
SHA512
6d9a185689857731c240b325842f359989236322d2203ccc8263f3f3ceee026db95e48982a4c200090d3c9345c1f5c6cb8c427b35f62f44d7875327a893a2219
-
SSDEEP
3072:CEGh0oql3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGUldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_f877d2de6adb863edd5ed734091acab7_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_f877d2de6adb863edd5ed734091acab7_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0B567199-1B3D-4de5-B5A8-9ABA38337C6A}.exeC:\Windows\{0B567199-1B3D-4de5-B5A8-9ABA38337C6A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DC170669-297A-4071-89C6-02F1DEC9C0D4}.exeC:\Windows\{DC170669-297A-4071-89C6-02F1DEC9C0D4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DC170~1.EXE > nul4⤵
-
-
C:\Windows\{8314B5D6-7C33-492b-BBF6-294F5C746C54}.exeC:\Windows\{8314B5D6-7C33-492b-BBF6-294F5C746C54}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C8918717-8134-49dc-873A-197FC334FCEB}.exeC:\Windows\{C8918717-8134-49dc-873A-197FC334FCEB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A194A522-B037-4b60-988C-3764E21437D0}.exeC:\Windows\{A194A522-B037-4b60-988C-3764E21437D0}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{356895B7-DCE2-45c0-9F5C-724007DD584C}.exeC:\Windows\{356895B7-DCE2-45c0-9F5C-724007DD584C}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{405FB7E8-10B0-4cc3-ACA0-7468DC3F4A30}.exeC:\Windows\{405FB7E8-10B0-4cc3-ACA0-7468DC3F4A30}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EDB484B5-E73B-46c1-9955-4C7E4E9EEF85}.exeC:\Windows\{EDB484B5-E73B-46c1-9955-4C7E4E9EEF85}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{95964543-DB83-4e40-8FB8-D489DECBB5DD}.exeC:\Windows\{95964543-DB83-4e40-8FB8-D489DECBB5DD}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2881B51E-4F6C-4f98-B8E8-96CCF67ED476}.exeC:\Windows\{2881B51E-4F6C-4f98-B8E8-96CCF67ED476}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FDCD9039-37CC-449c-8D28-68EA5F12A39E}.exeC:\Windows\{FDCD9039-37CC-449c-8D28-68EA5F12A39E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2881B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{95964~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EDB48~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{405FB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{35689~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A194A~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C8918~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8314B~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0B567~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5e41520f52c7ead2b888db63d08087894
SHA188bccc8374985ce83f5f252b7851bff1ff5eaf46
SHA2568c1095c8dd9c221bddc01a7b50efe6a6c21e8eb2b5e7ac8ae4da2c49dc4a19aa
SHA51280d84bac62772ff5f8e38af48e642a56435d87a3fccbb82a05106751621f0e29397c686896fc85a1f458a2825cd1510c8fe719849dfc687fe6477f303d54f3ec
-
Filesize
408KB
MD5eee552510981bdad8edbbbb18948fbd2
SHA14b9f34317560b4c3765a42d0ca902e87233509a7
SHA256966f78f5223226d2b73153cf0934c8e9ebe6fe0fa82061a1f3ebee03af4511df
SHA512da8363ce563e33086901aeaf211d015aa5d1f89af825e272ff51bf67bc5ccacf2d6f68f57767dddc87d3e8722c03fcb6236ddbc028fa6ab14de125ceacfed8a2
-
Filesize
408KB
MD5ed95491ca6aa80d48c6590b38202f428
SHA14b8af47c5c7331669b896f19d9ed7b3de2e82241
SHA256a75c0c5dfdce307f8eec16d7c1c239f4a2265cf323473db50ae4776bdb4426d9
SHA51221831f5510fcbc2e759068236eced845004e3ad24105a18dd77e9e5d9a82b4faa77e512e5d2a8934819c2a04664c96cdc6f3dadbec2ed0c0460894bd6cf5e6b8
-
Filesize
408KB
MD58aba97de4f79a5b9ffb3082e4469b957
SHA11dd6cca6d5ead495d7a395d7fec5eaec432d4629
SHA2567cd3de1420ee841518b87a4aba463758af18a7b50d579fdba3ac4aedf7d0076a
SHA512bc7addcea87895c90c6a694fc6982746ae559a466b2872d3dda086f1c22133fedc3947f024e700061943e19e05afbd1fa9a97e767b75816128850f459725945c
-
Filesize
408KB
MD5b39015eb2da8be7f62466efaf4053f45
SHA11f3566cb9b31c906120a6100f46789280cbdcb50
SHA256a2b2255718cd337c51bb9c1316b78ce749e8ddefe0e65c3ce4ea90cb10cfe162
SHA512e561a54601669fc89cd1a70a80b55505507d7afb27e1f1908c1a7a1efed3d0e10270d259c54c11295387abbb44b66591e0f93ffe90678b9323792063b6678001
-
Filesize
408KB
MD5aa67a79e1e84520db884e2265a89f27f
SHA12c7868499e15331036525adc935309b51e5b37db
SHA2566d859f002dd385752e196d928bd0542da06db0b96f06e2698fd885c47fd02cd1
SHA512fae5c709fb4e67ca5014ed2b85c9b04ee4d96b4775080376b1483854cf431a1f82b8436d0517e371c4421e8ae57d9f2c09493e6532cea90907d57a6c711ca48f
-
Filesize
408KB
MD50d6c53371833964962cb97f3e2392fe0
SHA15559739f422be35419accfa91e9208638205c603
SHA2568d46beb4a47af3ab2796eb45c058ea7dd2a67a2197c5261578db2a59183cc3e7
SHA5127b6d2ada26dc1d726931b8157e5ed9b0324f94abc17407a4a8a674ed679e765540a05ced0f7120db0d2b96c5e8560cb11619ebe4c28fee78b72f0904d1fec2b2
-
Filesize
408KB
MD5e18e129f4304ffa354608f12b7823fc3
SHA187313d55c35a129e29e4e804b895b6dec4dcce36
SHA2562fcea947b3b428916b682ce427112df832483aa4bf4f638769efbb8835c123b1
SHA51242de8a1e6978f3b8e1e15fc9f957bf543d4c03f98a55f4717cf2968c12dee0585f7b35884c6b249062643a434997b1f41ee91a4bb5de85156e4c53175469c71d
-
Filesize
408KB
MD5d8332b318802aba5ade6fdf4e4ea1951
SHA114f5288003f23091b0cac0bb7857e34170486014
SHA25658e261fab7c303b1db2c291ae544e996d94f7079f5d229916e37455ef4b9119a
SHA512c590ddc9b7b3dbd6b05b1eafe6ba3e82f35c862baa3a401b37ad0080f709198936e85a76cbdb0a2efe5cfcf051d7c1b9f9a1fa67884d9fbfa032b14019e55daf
-
Filesize
408KB
MD51e7574a98303824f17141a0e3d0d6c10
SHA19877a3c26ba844b6fa24d154b1bcd6eda7102afd
SHA256427513abd25cbbe554a7688bf332e28cc147eb03d218e355d6fcf59919bfb0fd
SHA512d48b138b869ed984f4c369b8c7712c997559d5df3356c336d0b4445b3f8f430e719e77b3464640bc8f477e0708be85033c63ce1f7aad5cc41464773917be06ee
-
Filesize
408KB
MD5af8592f349741f0a2dcc83ee2cb5da37
SHA1a9bd590655ec8e4a2bc01b17bed03dd7eb4acd5d
SHA25606501eb53b3c2975d412767d084467900036eadfa79d1c63502a58b0abe8ba19
SHA51200296cca8e0325272357488783b2dd938d61eacce83d4430c9726b0fd9444974d8deab6c5ec8515548b5c15183b9fb68b099307461d186e3b36f8d6f9c950f2b
-
Filesize
408KB
MD5089138788f28650fb2f3ce1dffe0c9ad
SHA159a2ebec483b35dc547bb7a5df64872fd63788c3
SHA2564e8f4a08a3a6e04c06884d169b48c09356d9a7ead491a7307454311e1d26f16e
SHA512caa85a15440ab7ac1b454b643422133cd6d8ded4b38134b569db70fd4a7bc1b5f1cef40670640afd0093e46722b666670d79519a96a5d788d5c9960e73867933