Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14-03-2024 06:02
General
-
Target
2024-03-14_cc1809ea83b2a6765964d176a2733531_goldeneye.exe
-
Size
372KB
-
MD5
cc1809ea83b2a6765964d176a2733531
-
SHA1
ed2e45daac7b3349748d0c2bce51c77e95a7fb8b
-
SHA256
01f7813938391a5f29c8f297e6a439ddc4687fe80b0c119c256848a269368d8b
-
SHA512
e9bd7d1b0a330147acf243879870a046b64e74772d5398a3c12b760e060d01bc34aac5a67a109ba68d3ef098a3661addda625428c5263565efad3d30f2696352
-
SSDEEP
3072:CEGh0oDmlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGol/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-14_cc1809ea83b2a6765964d176a2733531_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-14_cc1809ea83b2a6765964d176a2733531_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6EF2B4C9-0DFD-4d41-ACC9-73F170A5055D}.exeC:\Windows\{6EF2B4C9-0DFD-4d41-ACC9-73F170A5055D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6610895C-DB1A-44e1-BDEB-19669B6BD891}.exeC:\Windows\{6610895C-DB1A-44e1-BDEB-19669B6BD891}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{90E711AE-85F1-4dcb-A126-A14FDD81B581}.exeC:\Windows\{90E711AE-85F1-4dcb-A126-A14FDD81B581}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FDD879D0-6251-4cff-939D-4027B6AF1F0B}.exeC:\Windows\{FDD879D0-6251-4cff-939D-4027B6AF1F0B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BBE6CC9F-D16B-4da8-B1BF-540E4E78BD5C}.exeC:\Windows\{BBE6CC9F-D16B-4da8-B1BF-540E4E78BD5C}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BF39D0D9-C7B0-4d1f-BE02-1D22538E7537}.exeC:\Windows\{BF39D0D9-C7B0-4d1f-BE02-1D22538E7537}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{50152E32-3965-4989-939C-75D5F9E94D2B}.exeC:\Windows\{50152E32-3965-4989-939C-75D5F9E94D2B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7C72BC89-1823-441e-A209-CFAECEC7E953}.exeC:\Windows\{7C72BC89-1823-441e-A209-CFAECEC7E953}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6741E667-E964-4d15-B338-94375CDE139C}.exeC:\Windows\{6741E667-E964-4d15-B338-94375CDE139C}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CCC2AB17-8951-4371-B957-AEEA1710B2F8}.exeC:\Windows\{CCC2AB17-8951-4371-B957-AEEA1710B2F8}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1DAEEB8F-F8E2-4440-A19C-F7DB3EEB6F23}.exeC:\Windows\{1DAEEB8F-F8E2-4440-A19C-F7DB3EEB6F23}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{66443323-D338-45c6-9CBA-6706E272C835}.exeC:\Windows\{66443323-D338-45c6-9CBA-6706E272C835}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1DAEE~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CCC2A~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6741E~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7C72B~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50152~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BF39D~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BBE6C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FDD87~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90E71~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{66108~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6EF2B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5e41488a3714a14168303fddd0fa76033
SHA1fca02f5f9f27f3c7529d270122d43dd7894b6592
SHA256024f4fe747c1d2effb4df286340c158ca5a0a13c9efd5bf29abbbb49fe01b75e
SHA512b3aedd3fbef713c53940c9b863284a62ed8e9f39e493b1c4e87aefa824b954daa11253a63ca89bfed4e166b466d8fe1e821375dded76ff55aa0ba4c83bd23e6d
-
Filesize
372KB
MD50e47cfd7d165ac20f64b5ea317512167
SHA16eaee799e67806f1ac4f5c129ac3e44cba9564c8
SHA256c341db93f8ece8ccf18a0d65fc9c6a387fde9e7b765c813c2e31334235a805fd
SHA512b71ee60c71971cb62064295e3a8161fa3f4e801d7c149fee1145ccd0a472e57ae1f1208edac915b86535413008cb67eb331cdff953b590e1fe2983d6f96e088f
-
Filesize
372KB
MD5e80db7672bae264df62ec39047fe4ebb
SHA13c704eb5e4277809d92961af86a83e894485e612
SHA256fc69d4b9ca8aeead433dc2b4875464192272c8dbc35e921885c12dfcbf767154
SHA5126d2a7e98bd6ab56a869c0118e22c5723bb93ad3bd879f835f1be56a2922bd0d17a0add5989b49cb3e097c9bd0aafba5932c0677483ef40f0c2885c99f37fd27c
-
Filesize
372KB
MD5f855553054d97269396a8121eba02842
SHA18d718010ea6280df871db65f5305d8d3de7346d5
SHA2565141105fe3613f4fad4aed8728f6ce73a2f607462b5919c815622dfe3dbf99a5
SHA512843d9f0b1069b5b2c74d065cf185c1476f6da8643b729c9f3bfb5d07f872b329747a4bb406af024c8f91b9928041dd607288e2beb29ea949f25d59dd8dcc8908
-
Filesize
372KB
MD522497b49d554330c920d489d2add5156
SHA11ded1d9ed02894ff7a5637b80888ef1626921c24
SHA256a378b73bc83814c65d8d7be20992539e760fd3dd11802e05b5041317aba4e5af
SHA5127ff7809999e54306dac4a30b361035811887293861c11ab6ecb87fd8b8daf619f98a05175634f76599e6ad744b2c079ab939536356fbbd65296390e27ded0f23
-
Filesize
372KB
MD5183be115b9d8c28536ef613abb4533d6
SHA177a19f1303423036d53d6a96fdd0f6b8bda51bf6
SHA256a63fb947e51f7b6d163f452399d59fa6421b608c91034e8e26bbfb58f7606dd1
SHA512609d079aee4805f3119a7c3667ef3eccf6053a1d3f772614dad2a78495e6634897f5c2a50e30d2109ab6a379b3a23929913e0a2ad65da69e9291d79a9aeb8857
-
Filesize
372KB
MD5c2c6282fbf84c42a495a004424f69299
SHA1be63f703896ddee73d22fb5ad2a178f31c26c440
SHA2560acf884de2e3a73da55da23348e657a566793a76367e57bd484074606d9b4aab
SHA5123b4e4c30ca1186c52ff6b4b317630595fa8c00e40c92586fb1c72e494b74763a043cb0736dcc28ec747d0548df7ca0d58d13a89142016ebd513bccf9f4702b12
-
Filesize
372KB
MD54cb00bc48e95db28e7c445ed46c0cd5f
SHA10e190adf82ae8139a86dce806fabe9c7d5b0a12c
SHA2561ed1d45800a0d61cbcf8f3177f1625799bc8af176a3790473d4a0910d798ff4d
SHA512d5444f2190fada21b3e3ef3858269cd74ff0e8bf4717bb646208b641c14a94dc85a176d50286a3eda4e3d0d131f9fce54702a051b1ceb134e3f18f2dc8d71747
-
Filesize
372KB
MD5645a1c0550559fd5d77357e2c9dd0a8f
SHA1f7a53c041a932c19a02bf1df68d0761f0d1ce92f
SHA25653fc6196ee6a63d5bfa667b344228da0e492d6558808ac62740fdad20a0fefd8
SHA512539571b2fcbfef6701230ac3c5de9bc17909ec49a904319ba41be5b5cde19d47f6ebaf52f704dc84af4cf19d12dffd6975af28b7702fba749364600f5b80994f
-
Filesize
372KB
MD54c38c0d25bbebef52bf9f8673b7f99bc
SHA120807fac9e1f0827e442f0bff4a7e09373d2e288
SHA256f4c50a2d45a7fe943249ed0159fd3ec8498cd5beabf9a038961079cf4d7384b6
SHA512a61a446c149696ff020b6446e39fd660ff6673d6c8b0cf2a1be5b447751f8ec5bf1d9ea8c72f8a958f153cec75e82d8cfb94b8d14fef7739a3630bb480744374
-
Filesize
372KB
MD5667d5c2156e8ba9c4222a835eb7584c8
SHA1be4bd2071b10ccc2e2c27fbfa214b2408c4c52c4
SHA2560579889d654a339cb537f1426844134feca455fa1a1a67cddc4b6cda1baaa43c
SHA512b961aa821a25d9b363d09f21059612e3cee905cf758aae6647f68ff18554435326090beda614979d6faeb35a6772fed6098d1945430febf578cbdbafae240473
-
Filesize
372KB
MD5e13178d1c679d67cfad4386e4a8b6f5c
SHA14117ae4b36aa561ab0416ed801f273de2bc24568
SHA256d854c56cf548a0860e6f48c06217176aa6c39116f5d8d2b2921a716af36ad3a4
SHA51255f05d5b766985e2df2d90792e348d1c0f174ff71bd86277de38a09fc7bb652d669f503a33c78f1af794fef845a6eb017d182c1631d7815b2683d25f0df129e5