Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
13/03/2024, 14:38
General
-
Target
2024-03-13_3485ee585c76f724e6b01de7473f3016_goldeneye.exe
-
Size
197KB
-
MD5
3485ee585c76f724e6b01de7473f3016
-
SHA1
9928b78ba2388af8f9edc2c339638e0bfc3123e7
-
SHA256
1f6d8cd099ab8e8021c0885dc4e2790a7a4ae1075004ccadece9c03f3ffd852e
-
SHA512
076950abfe6a3741222699558dc5e5f7e5fd56aff9dc6155e259f90d7557f971dc71b7af5cbd57e620902d8d5777db42168908e2cb93ca00ee0390bb14fcfe7e
-
SSDEEP
3072:jEGh0oRl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGjlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-13_3485ee585c76f724e6b01de7473f3016_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-13_3485ee585c76f724e6b01de7473f3016_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D39A45D4-D8D2-4262-B998-18358A35B3BE}.exeC:\Windows\{D39A45D4-D8D2-4262-B998-18358A35B3BE}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA477E31-1BB4-40a8-8ADE-34CC38B96C3C}.exeC:\Windows\{AA477E31-1BB4-40a8-8ADE-34CC38B96C3C}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EF5C23F4-B82D-4d27-81A0-5399022F4224}.exeC:\Windows\{EF5C23F4-B82D-4d27-81A0-5399022F4224}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CD6A52EA-2359-4168-BA6B-5561555D0F5D}.exeC:\Windows\{CD6A52EA-2359-4168-BA6B-5561555D0F5D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B3D0C09E-A7AC-41e2-BD28-6C43F05B7986}.exeC:\Windows\{B3D0C09E-A7AC-41e2-BD28-6C43F05B7986}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E89BC40C-27EE-4105-9F4B-604B9EAC28E8}.exeC:\Windows\{E89BC40C-27EE-4105-9F4B-604B9EAC28E8}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3C3764CE-0A20-442e-B82F-34030A5FC18C}.exeC:\Windows\{3C3764CE-0A20-442e-B82F-34030A5FC18C}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3E819B66-BA0D-406d-9B2B-2DE5B1F693AF}.exeC:\Windows\{3E819B66-BA0D-406d-9B2B-2DE5B1F693AF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C30525D5-EEAC-412a-9FDB-76433F3EB0A7}.exeC:\Windows\{C30525D5-EEAC-412a-9FDB-76433F3EB0A7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D740D49-740A-40e5-A353-5B7A30C984AA}.exeC:\Windows\{3D740D49-740A-40e5-A353-5B7A30C984AA}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EFCFA052-6095-4afa-9497-0E30761792A8}.exeC:\Windows\{EFCFA052-6095-4afa-9497-0E30761792A8}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{97E9C175-66E0-44a2-904E-07EB8A86832B}.exeC:\Windows\{97E9C175-66E0-44a2-904E-07EB8A86832B}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EFCFA~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D740~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3052~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3E819~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3C376~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E89BC~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3D0C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CD6A5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EF5C2~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA477~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D39A4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5d54f180b9999890e6264d02337b6c347
SHA13363db8fe1d3a2f17aef90ff08e86115db7144d9
SHA25663edf841712b6db8ba02c4f2e331193f7b3d85611855f74804d3e4dedc9e1d1e
SHA512e3329d6c3bad6b0645ba633b57be8d17aa0f26609e7eae6604c1ea2aa81e747d22eb7a97a4255b2188b9001e05b74f799f545b50b6010e427dd03a5c5bf589a0
-
Filesize
197KB
MD5b9081b0f972889978bd428d586e331f4
SHA1938ad5b12c19ca51737aff18f0aa9bb54a122487
SHA2562a289ef858313c86e6d7e3efc46b5bfe9c9b79836cf793d09102d0508c02024f
SHA5123c80cf7fa3a698f8982e1f105dca84604a1cdc86e6cc540024a26d343b254c7bbbba8cc085b418751c8a622738aeb05e77bc7d29d2c2a3eaff223c5350d63e69
-
Filesize
197KB
MD53ebf474b5886f816de98d69405a61468
SHA174792b9ac2e3f84cc31a6d0d5676a7065d42abe4
SHA256c9c219cf50545f3e3b30883a7aa889c712c4dba469dcf08a2027bfc80108c0ff
SHA51257b94f78c135092e805caf82cff62a84410b941ecbed7cf8eee0ee2560903789da61b07085cb6a020d260cd7449a1ffd377c5e3eb65e93429e9babb6e2330b42
-
Filesize
197KB
MD55ffe52b0bece759826273c4cceb53423
SHA1730e5018aa0555c324ceda556e3f3a36cb80c76a
SHA2564f2f84c1d6f2a588766e3dd2f91a40db0d26efd1bbc460e0d7a24f627e74c1a1
SHA512243733a6aa8c7eecf76778fe46b3f2641b28c9daba9afc849c7d7726dc24707e73416ecbdce0ddd834f063993e75f749863a6ba030dd37ca238b3ee8bc083000
-
Filesize
197KB
MD532c82d7444901603b42e6a03600cd91b
SHA1cc97c346d47bdfe43417cc19e33b397b82311fe3
SHA25686c2cf2d4a25f5dc42ada8b194ecde5ee0cad6ad86d7689f89ea3f70ff930706
SHA51219f3e462cdbf3e58a3c19f8d9cf51af7866aeb43e7b281517de2bbcbd24249522387869646eddd45c96b3ae6da7a72e12768f6fe8d1b7e978132afacc8cf7fcb
-
Filesize
197KB
MD5830218cb8b515b39eb008d669aec5116
SHA121caf34342b00df8dbdc7af9ae1063d5d3ad0736
SHA25604e4c76b03d74a1992a45fdd06ab6467df7e8aa3e88f7d8b57aaade90ca56961
SHA512706a23221cd8bcccaf70dde7f4d2f9cd29e0962e04b713cc16e8ef6d04080fc0e55d7ec8ea5dedf45fc00ba96cc4bf7e79578109074bee0b31ad85f0cdb0462c
-
Filesize
197KB
MD573eec699affd4696c5bf369ba3ab34dc
SHA12dfe50d6f6ef10da1afc4dac9886766da1bb7e11
SHA256295de32694e3be23b8265707c058c96b0eaa4a99544ebbe1134ec8d5235d43d7
SHA5123e5bdafe9dc5b4f08a061a4002b139f00243447174cc3ad44ae5cb397a7c42a277641d9a689860c04078dc61f145b77f0de097f42f4c5dc0821036f6fa835f99
-
Filesize
197KB
MD586f7730caf8b500418ab8edb8a28f1fd
SHA1d1db30d0a2236faccb858f0e61ec42e7558a1508
SHA256856114d5f7270b48e6e5b68cb155b58c95d2df3b24028e3f75c10b8581b3940f
SHA512979d4b069a803dc5377afc17f2d56393e78e68e5fd286a8591da680457a228362cf5c458a7a00fb470c507d3db00555226b5b334e46bf7e316afa8110b337676
-
Filesize
197KB
MD56ca8c3dc5862ac0409a4d2101e738d77
SHA1f7e52c631068795905ec0d62617f8a07edc0a28d
SHA2565fea7f547b6c69d9a1d58af8ec2f4d10afdb87b2d6fc9f5b6fc0091dc0577157
SHA5125958f941385c5f1f0d4f93fa0a63a1ab5024339eeadcf0e9d028ceeeaa4987665d66c890a138dbb34fedc193f44b3c5630d39707625bc461712b0815a9677b51
-
Filesize
197KB
MD5efdc996f486e43e66fa4cfd97a4d6a14
SHA18498ab4954e1f8e644cef7fcc8ead21024cab7e5
SHA256f6096ae11f9be9f50b023616589ea8415b0a848e136451d50b76c33b538ca84f
SHA51204b3e13cf5521371beac81de9c7bf44add9ea2a40a858b07efc68d9c7cdf7071602dfca4d57d7d952e37f7d6c95f0a89b18919dc21a9d05f18ebadabba000c9a
-
Filesize
197KB
MD53ba37e55bba22380256f212ebed6e8ff
SHA169ca162c37a35d0288322d51b45237be87e59ad6
SHA2568d4c4b193ba375506b4fd966eca7c522fb1bd3b82f16ad701b4fe56c1ba512ab
SHA5124c56819a2d958092c5abaf66576c30bcce06d30a2f08c93070bc9257afd563707d0108e633269a05680922178eb5904dbf4b9af55d0f29ecb7429ca14ef781f7
-
Filesize
197KB
MD5932328b9457a37e3ac53f078bf27799f
SHA12559c4647df41a62a637e2116e0dcc05bc1c2291
SHA256743620e2428a37b0d5a63adef5e66603d8a5cdaf419047f1668fd886e7d73a6e
SHA512cd478f297eef280f49ef9e6b74cc1e000771a0b787585c2d365d40dc23ba3649a5f489f4e9b9b4134c3f2b6d227e42eaf8582a3c5d02dedd240e50e99db7e838