Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/03/2024, 15:43
General
-
Target
2024-03-05_d8a2d6a4ef75c2ea942165a28f040615_goldeneye.exe
-
Size
168KB
-
MD5
d8a2d6a4ef75c2ea942165a28f040615
-
SHA1
f0cfad101bebf8625a592a90937af0fe0f25e402
-
SHA256
d367241bcd2b4130028ddd6780247dbceb9e267655e24f147a4f87cb6c6eb79c
-
SHA512
2e8c6460b21124bda4b87945daefc34c0f54d8f37ac4edc0213876e234b05251383aa6b57be0c63e63763d558901d5a5fa4274b03d41fa03a97c09a73f5c6b09
-
SSDEEP
1536:1EGh0oVlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oVlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_d8a2d6a4ef75c2ea942165a28f040615_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_d8a2d6a4ef75c2ea942165a28f040615_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{24BFE00C-7B7F-4505-B9F7-DC3715DCEB40}.exeC:\Windows\{24BFE00C-7B7F-4505-B9F7-DC3715DCEB40}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D2CD0F2D-EAA8-481e-9F80-6B77DB50E6C4}.exeC:\Windows\{D2CD0F2D-EAA8-481e-9F80-6B77DB50E6C4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CBFC89F9-E8BD-481a-87B0-D81473D528D2}.exeC:\Windows\{CBFC89F9-E8BD-481a-87B0-D81473D528D2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5C40CC56-8FC3-4e16-8679-E833FA9AC39C}.exeC:\Windows\{5C40CC56-8FC3-4e16-8679-E833FA9AC39C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{05659CC4-3107-4f58-9847-6B6F6349F915}.exeC:\Windows\{05659CC4-3107-4f58-9847-6B6F6349F915}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1525EA4D-FB0C-4ffa-9D9F-0D732ECCC6A7}.exeC:\Windows\{1525EA4D-FB0C-4ffa-9D9F-0D732ECCC6A7}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{471B9470-6D9D-4159-BC08-509850E06E56}.exeC:\Windows\{471B9470-6D9D-4159-BC08-509850E06E56}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{978BAEC1-0FEC-459c-8760-F9C792156381}.exeC:\Windows\{978BAEC1-0FEC-459c-8760-F9C792156381}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0757D115-DC37-4fb0-B45C-9401ACAE4F22}.exeC:\Windows\{0757D115-DC37-4fb0-B45C-9401ACAE4F22}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9CC5DDC7-C371-4507-AB2E-B9BC3121B94F}.exeC:\Windows\{9CC5DDC7-C371-4507-AB2E-B9BC3121B94F}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4A70F6D3-1E01-43a0-816E-E6D3BF2D8F43}.exeC:\Windows\{4A70F6D3-1E01-43a0-816E-E6D3BF2D8F43}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B47B9BA8-57B4-4436-9E52-39529839C4C9}.exeC:\Windows\{B47B9BA8-57B4-4436-9E52-39529839C4C9}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4A70F~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9CC5D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0757D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{978BA~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{471B9~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1525E~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{05659~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5C40C~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CBFC8~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D2CD0~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24BFE~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD51c038f358699fe8a5fe051f942ddf70f
SHA1479f0f93f8aa304f8f4f243609f4ae5eb95c352d
SHA256e80ec8c14d1ba508622f6c6cbec33a469137a059c53bcd7419a58354e7d2c093
SHA5124610bf5c22be5350b3b954dcab44a62d649c65f91a9c84e57a25853e0874c0ef5b086cb5943d01fcedadb1efe3aa74d6d7845f6ecd489ffac6718df018a4704e
-
Filesize
168KB
MD5bcbc4bf4ab44764652d4fd3f6a99c2b5
SHA1a3546d11b21d6b7ebbfafb7948eafd51151f3deb
SHA256c30819df1cbfe8c94ef720ed15b5c359422e3147327db197801debd14c35d1d5
SHA512257ee6c76e611d291629b2fa355e3c5727c2dcfaeed1a146bc65d7fbbbfd47bcd842955d29477f46585cb6de9d6804baa77cdec653590937ca73c5ab2fe8d7a8
-
Filesize
168KB
MD5f3c0b49748e13c931ee9fc9e71d56fc8
SHA1d687890c58a9c1831de1eeacaad2853c9e2fa929
SHA25632bfb525b5bb8dfd5932f29fc8574e9fc3613a378045469bcdd38cf559290ff9
SHA512761f7dcf5dd182ee7aea076a48188d7cc44d9daf47701cffdf22d55491377b004da13b11a564f1a43fe0b578b3d9ef9b44912a94e32f3614a8026b16e9968bb9
-
Filesize
168KB
MD540d73c03415244ee64f4e7f44e349e4f
SHA15c813fcac1876ff55bc0e057f83de5255edd034a
SHA25671a9ff445cc5015053e6b7d138042dd60835c1ed2e09367460ad6760a9fb2eff
SHA512d9bcded8eca77c8cfd113eb4b66cbd0aacd6f916e6a0ba520532514531c8943660e13c987925bc0725a6211226753e894c8b35d8774a96d78e132cca1aeb7e52
-
Filesize
168KB
MD53edbf901bfaac4ad72001eff2b1041d4
SHA18c39bb8fb19edc14a0c005bfd5099398a778ebbe
SHA256b5b41fc74af6dffb5cc77a39257289d77ccfce659089c3f289e781ee7a7342d9
SHA512bdd2ed6761a787e1b2144d2a6455a99984d888bd9f7aa09aad525cbd661796bd853ffb911512a14b7aad9f4d815ab5f3abc83a84eb3e31fdf9227e8d3ddf28ef
-
Filesize
168KB
MD5cbb7bb38e6bd0cfc40e8917742681753
SHA1efbe438a12a768ebe93ad8ae1197d8ec2fc9de32
SHA256dbc84d6dd12e2f8b198d99555697ae79bd8bd9fef64f906b5e269baa2fce605d
SHA5120897114310b37c74f2ffcf9f0969ececadc4a81238393dfd312c415886e9b44111ff15c76f49cb29e2b39da6046bd68660cddddb36e51f57f74faf897260e96f
-
Filesize
168KB
MD5cd733258e7e22d5763f709eb0e620d47
SHA194e2d71803d46e54feba2c52f7b2b5edeab13336
SHA256ddd5577c3e8f812ed31776cdb44ac5a7cf58a36f0fca2fc09a25d25083e90468
SHA51288c05e2d0b648df1662388b3b8ca3192f2a8fb3528c069cd082cb47ea6a2d0f6305ad3822ff7baf0a190a213152fb2df27e4bd3a7df97f63f1f5d8b6dac75937
-
Filesize
168KB
MD57c52584a931dbd59ff9559cc8a1267d7
SHA140582e8758c7b58c6f608ede3069adc4901d6868
SHA256bbfc788644d34fbb613354b431cd0ee9c72a82a149ebc4a5d7a8248bf4a6cfa5
SHA51223cd3678ac26a0c3f6de59bd8765d8264c39c2126dd27736d070f96e186df8a6ed30cdd12049a597123e203825adc63f4ffd4779256f7f87bc3c904fca66f373
-
Filesize
168KB
MD54ead636c3252f5ca3265428de8bec5a4
SHA15f261d733a898c18243f09faa4c579b3eb7104cd
SHA256b44a282cf2ac643191a47b7f344f8e450b0f83f87b53f164a3724b8c74457cc3
SHA5129de8d4d6ff68995af87c508fffb33260c293ba783279d1a6e1edd57177afba962fb7416b1b7f1d9dffacdcaf2ffa14af9558f98c66d9149be4ac0e9bbdbcb329
-
Filesize
168KB
MD5551ac09b47ba12442b8b44f45d7168dd
SHA1ba99db13d010dea9072fff6c046db64629f79d56
SHA2565fd2106765c67e614853855627bb72d44985fe1cdabfce3b54bc3cd455012ff6
SHA51253a61aa1133192c750ff6dd0806b272598feb2aa77bde10c11ae019c6d820bcd239cd95257df6fc7a4a5aefd97cc5ca07d2ecfa0db427555129e5d666a00bbf3
-
Filesize
168KB
MD56ea2ce05450bae1032c1bbc438d45724
SHA1d9c3b7d70bf3f9f7ec811e24b078ac09fd246747
SHA256c55eaaa09c4fff4ef00c78dacfdc4dbf487ee84a7a917237b7ab9162a12d8e10
SHA5129292642dfdd0886229c604fbf6f0c462e5348514a631b0b10a38f7adfb699486c481d802f8eac59fe3c65341f472afd80a87a5353352ed23c170bca3e1902189
-
Filesize
168KB
MD57a1d19a6dd83a593a41b8e07253368cd
SHA19c6d4dfab98b6608ae9a61180bbe75378c37f92a
SHA256b2e3218bb8a2b7f9bd3e7959529ea7ef34866b5d8b2633b64d5b8afc5a31ccdf
SHA512d197db2342f747ce04ffcad48d96b0bc9b6b4f90f09955db44b1a99c4c6d7ddc1cac5ebade7334b53fdfbcf170aacee7f1fdfb740da4dc43cb8d26635abf7c25