Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/03/2024, 19:55
General
-
Target
2024-03-10_bea06b806d2df322bbe61ea0b5124726_goldeneye.exe
-
Size
408KB
-
MD5
bea06b806d2df322bbe61ea0b5124726
-
SHA1
432af0f0e61177c175117e2e41ead19568012aeb
-
SHA256
12578c30957b7c8aafa19086d05ab94875eb937219b9702b938edf11a84b70a5
-
SHA512
f27ca686af760c8bd5c2dd74f455597382b4332c2f0694ef932b9817f51752313cab541860b7afb9ac04cf4d16be9983b916a733b6e7223dbe957d3ad677d32f
-
SSDEEP
3072:CEGh0o5l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGPldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-10_bea06b806d2df322bbe61ea0b5124726_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-10_bea06b806d2df322bbe61ea0b5124726_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{35D1719E-47D8-4fc4-8E2A-DE765F5568D7}.exeC:\Windows\{35D1719E-47D8-4fc4-8E2A-DE765F5568D7}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C290ED1-E136-402c-A12F-1C9722714837}.exeC:\Windows\{6C290ED1-E136-402c-A12F-1C9722714837}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{42AA86FF-D31B-4c7f-AB10-BFDE7C83EF6A}.exeC:\Windows\{42AA86FF-D31B-4c7f-AB10-BFDE7C83EF6A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59761BBD-3ABA-4738-9C06-E7802B8E8629}.exeC:\Windows\{59761BBD-3ABA-4738-9C06-E7802B8E8629}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7F7E0654-D82C-4500-BAF0-C5059392DF63}.exeC:\Windows\{7F7E0654-D82C-4500-BAF0-C5059392DF63}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C2277D96-8C2A-47e0-8F15-FB7B9C8C5E22}.exeC:\Windows\{C2277D96-8C2A-47e0-8F15-FB7B9C8C5E22}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{00A2B76E-05FA-4e9c-B3A5-14339A3DB233}.exeC:\Windows\{00A2B76E-05FA-4e9c-B3A5-14339A3DB233}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FBAF7A28-CFAE-4377-9FA3-CFA72E59D3B5}.exeC:\Windows\{FBAF7A28-CFAE-4377-9FA3-CFA72E59D3B5}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D8F21BE2-0F14-441e-A5BC-E0EA96E5B3AF}.exeC:\Windows\{D8F21BE2-0F14-441e-A5BC-E0EA96E5B3AF}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BF1783B1-7DF6-4834-92D3-DDCC119691E0}.exeC:\Windows\{BF1783B1-7DF6-4834-92D3-DDCC119691E0}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7C758565-7C30-400c-A07A-3A92B5F74BDF}.exeC:\Windows\{7C758565-7C30-400c-A07A-3A92B5F74BDF}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DDA533B7-161C-4493-96C3-821A998821C7}.exeC:\Windows\{DDA533B7-161C-4493-96C3-821A998821C7}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7C758~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BF178~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D8F21~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FBAF7~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00A2B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C2277~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7F7E0~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59761~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42AA8~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C290~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{35D17~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5c57a4e5c55f0bb8ad241e48294e4591a
SHA1aafe291fb738e8052d7e693ac1ee5699af12afae
SHA2568ed0607f1e2871e4c2dc48401b417674dd83d5c25268ec2f7ba4fe3c59a1887f
SHA51282fbf97fdf13a3eb0f220dd09e62c8dff58a5a6d02160d1071da662deabbac1716e4b65bf18db3f8e055d4d7a0e5ed3dc6ba706ae2660032e97feec552c31c15
-
Filesize
408KB
MD56ab888b90e492cf187a7c725e2053e65
SHA15bbae43a644e52cbdc56b6567a319393f134fd39
SHA2566527cb758f245415e6aeaaa06747d4a34debaf67ed6c4c31677f613926622043
SHA512a5043ab96eaf4b8b4246ab42647a6f74dba9b67a26a466c5c2ddd3fac71cffbb287a4c3a9440cecb6217d0e8316946f6ae0fc2c87798bd4b153a515e367e67f4
-
Filesize
408KB
MD5cb9f4850b9e56f3a6c8eab96e5c12aec
SHA1216413cca0a7223ddaf9ec76fc085f76b81a5f99
SHA25642d2e2eea05a9bf72d14f2d83bac07f57a1e2e0aab66c4fec55b846060ba95ee
SHA51235f0a4d4b6832a5af140e0c0be7f8c96f660fe33224486cc68aac53231529b316b500b37d27d65a1e397a57755d83448f3b4657b7c78d19eb332195691483ecf
-
Filesize
408KB
MD529e1fc4cbaaffcc3e025d288a205327a
SHA18f11898b9e5f03523bc1fb65a40c0e5a6a4cdfcd
SHA256ba963eecc3c8dfdfb68b652c95c989151055a92d288633bef892702e9a42a3f7
SHA512720abc7bd14e60488910bd38e77f5b5dcfab1eec655ed215be6be441ce8311714b631388cf33fe10270f3766bd558580ba62638e50c50847661aa0228cf649ce
-
Filesize
408KB
MD5d1af86740d324bff4753b1d9f87a478f
SHA151ba266b7a485b8b20a96ff2624bc93adc5657b5
SHA256b9e3e2adaff05dfe31c6ebaa69f2513adf1861ba998d4d15f8f9c7c0ed2caaa9
SHA51251fc2f8b7f676d7cde2a411fa839f988c1c1a16680eb82bc7e2b671959ca1baf1af53763544dec97c8aaf4ec365eb476ad277026582e2c515f162872f9a4c0d3
-
Filesize
408KB
MD58d71de44f50816cd2de176a04cdf64dd
SHA1b78b2bc0f8aea56bef0aeaaa374cb9b7167d77b2
SHA2561518b6f6b7e5553c6351f540c26b54c32626d7e2587a6770612dbfd1519de0d8
SHA512590cfe7feaa4ba0585d470889665f5db1232a3c517f0f9a1de05003bdba611f2c072c0e14547bb78c62971775a23d0e0a5c8cad4a95c7c5837126fe21a47c988
-
Filesize
408KB
MD5278b3c888fd5db8fa25b751ebae5c329
SHA11d512094cfc2a7cf1666d0f4bb378ced6b6b6fa0
SHA256378399d49a017eec1cc15098b1b0b3448ddaa77d130876dc9e198662dac4bd45
SHA5120e4906bd8232df97b3e06025634319da8763900794d9aba16a2ab700fb10f949009e25cc737474498cce1e71e684754a32590a5100a9b313953c163af9f53428
-
Filesize
408KB
MD55fbde14c29d6cfb3e8b7b27401c33b83
SHA1d31dbeac0a02e26215fc09d59f9044f037c7f32d
SHA256952d3434f07a50e76ef5bd74f96a152c8c38e4162b44d3f3dcfbcca35514e554
SHA512e22f86bbbe66df935b0aa7a3d3d4774e307be1dd8c453762b7b6dd38c7a6c9b218ed2166e01816abeefc70060c40c2c2e7c657ace41e0f93dfe2cc13b7e0223b
-
Filesize
408KB
MD5ac01aefd4e0fd2e429ebd93080d45c11
SHA1fe04386eaf85787a68d7a9ba20fc96e34b05ec0f
SHA25637f85c788efadbf919553e4761e8e5df6e3997cb95880b7dc83b853c976364b2
SHA512feb6a19bdbb9b5797d2ad6c1125ea6cee4052ff883d9b2ba06c0410e4bbefa89f01d80f2bd442e591d64b899b4fc84d383703f01bd72d04ce82809ba80af438f
-
Filesize
408KB
MD5dfa8016b941b51e11d0c0a85f052b206
SHA14a702622e2635df2ca421b03184ee32189124cc2
SHA256126d89d4dc83ec0986edcdfb6e794429dce4b0419735b230865f18e30898c411
SHA512688e90ebecb051a8541ae1e88eb622977d45acd22d45c93edbcaad46a0870818d048bcc0a968bd84f7c82251a843bf05d13cafdcc8a1e3d53adbd1e3ebc1f1f2
-
Filesize
408KB
MD5b8389bd340215fac7ba859cfff598c1f
SHA1cb025cbe213b74be721e9d85bb508202d2bdbf66
SHA2563d618e2ba68398656a54b0ac4ec9e674de4b7bc5e2bf4ab180a4db264448d6ac
SHA51219bd6d9fcd3396ed06be82df71013ea8bf464497e51e2f64c43abcabbbbe267048a1bc686e702856b3e70f7ffd3944f9eb0ce2351eb38ae81abee9d4536a8f14
-
Filesize
408KB
MD56ebc778d219aa19fd7a83d9ddd299784
SHA106fc9f826eb128f4d40641a0bcd0c6f5fc78e261
SHA2562d59598eabc6691d7d0c80f8e9fe4235f26ca8d8ddd0b4bf7ede2eaa3c94a2f5
SHA512d6be5734d6faebda0edf712ababb23df6705ec7dad15d5065731f3ee887fd89710c0d79853e558dc911655d2134c0cff79c143fc353770186f6b5a3ec9f44996