Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
14/03/2024, 15:46
General
-
Target
2024-03-14_a469ef66b8bfc463f531753e6505b7d7_goldeneye.exe
-
Size
372KB
-
MD5
a469ef66b8bfc463f531753e6505b7d7
-
SHA1
83eb6b237895e2b4018dd0cb49fbb85b3b3c2432
-
SHA256
187b29670ade317100f8e596e2741b5356152b58c66ada1a8c53bc7398093fdd
-
SHA512
c9f9a3f6990fa3b91dea75e7c0c8dfa8b0c0cdcf0fd8e7ae6610e9339d4eee0562a0b851c1ec6cf6c4af705aaf5094f440aa80505766761996069c5e8a6ca259
-
SSDEEP
3072:CEGh0o2mlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGNl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-14_a469ef66b8bfc463f531753e6505b7d7_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-14_a469ef66b8bfc463f531753e6505b7d7_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5BEB1061-119D-43e6-8F31-5E8D71CF2DE1}.exeC:\Windows\{5BEB1061-119D-43e6-8F31-5E8D71CF2DE1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{99F5B675-2796-4ef6-8BEF-F1FBAC971A75}.exeC:\Windows\{99F5B675-2796-4ef6-8BEF-F1FBAC971A75}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{16A1E277-9FD2-42c0-A59E-52653EFDC8F9}.exeC:\Windows\{16A1E277-9FD2-42c0-A59E-52653EFDC8F9}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D10B55B8-8F78-4a3f-8A29-51F81331DD3A}.exeC:\Windows\{D10B55B8-8F78-4a3f-8A29-51F81331DD3A}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A9EC7E1-1780-4b58-8AE9-04B46F34BE20}.exeC:\Windows\{0A9EC7E1-1780-4b58-8AE9-04B46F34BE20}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D9B2C6EE-EECE-460f-B82B-09B37BE146E6}.exeC:\Windows\{D9B2C6EE-EECE-460f-B82B-09B37BE146E6}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7CB46F70-A27B-423f-ABF4-AE964F5FC748}.exeC:\Windows\{7CB46F70-A27B-423f-ABF4-AE964F5FC748}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{58C091D5-F705-4651-8FB9-7E906FFA8DCF}.exeC:\Windows\{58C091D5-F705-4651-8FB9-7E906FFA8DCF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B55FB66F-2656-4532-AE80-80655C9EA9A7}.exeC:\Windows\{B55FB66F-2656-4532-AE80-80655C9EA9A7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D12B4F4C-1818-4c04-9F8B-9DF4F0BA0B26}.exeC:\Windows\{D12B4F4C-1818-4c04-9F8B-9DF4F0BA0B26}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{32F28181-1C8B-47d9-A0B5-9E0854AC9D92}.exeC:\Windows\{32F28181-1C8B-47d9-A0B5-9E0854AC9D92}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{45A5590D-F9B6-49a2-B218-F5182E3BE066}.exeC:\Windows\{45A5590D-F9B6-49a2-B218-F5182E3BE066}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32F28~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D12B4~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B55FB~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58C09~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7CB46~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9B2C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A9EC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D10B5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{16A1E~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{99F5B~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5BEB1~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5ccaf1ae71d5b72f6b95c713e31a000f9
SHA1a4a84a20f427f847577e88b2bb520dcaca5c4a96
SHA25624dd8214c0536a5b29364242342fc398995f7b3152e0737d106e64d67bcd2ce3
SHA512b6decde3ef4772522452f1459e5adfd103000fd06beacd6067253adc34e0c1ef93bd68d49b6c49ffe3e07a470c3e650c2d61112a0dd3f3e935579abfe525a104
-
Filesize
372KB
MD5d71c212c58e763298f9a6f475c1428a2
SHA18728dfe42b17fe2e8787b4dbf3ecf00f941e545e
SHA25651fb8e444142961c20fad53000f412e246ae2b02e0cbbddf6667c42b3972ffea
SHA512d8c7b18bfa908c6c5874a3893683a5bfd1af688ab9ab85e8f6060f6c7a441008b9f541edce800c0fea470d4e1bdffd3bb3ee0faecd4ee1fbb56c608de6f0d7f6
-
Filesize
372KB
MD54ed047d2980f8fa685b4530bf64c70f9
SHA144d6b752d9189c41e37e1099285fa2df2fab5759
SHA256bf21c9343ba329a93d66d3fc5a904cbaac84b25dbaea5b9b2d63999a01513297
SHA512a44b1914958e42731c60f80d4b847284053b1070138c38f72712adac2aca33c14b96092f74d50e5675f8e2be66be648f0b546596d04a992419d3097a76192743
-
Filesize
372KB
MD50d6aca04642d01a0d54c0ae1c9f35301
SHA1f81dd57b6cf7b500b66d124c9cd2e044f37aada0
SHA25607d5ece1c00d39e0aa9ac2403bae56703e41134eed72cf3ddf31fa135b669481
SHA5125b52c08065d201d6750f9efdf17af70cfab07b5fee44acb7a60e11b564fdd3e394c7365ed707616473ccc5cee787f6337225b845a393a3a85f3f7857ac85b645
-
Filesize
372KB
MD54994f176ed41487c2b8d9adfb922cc40
SHA16fa1c89decdd1e6df309fd419187ae9db6a822aa
SHA2565762726deb77c1cc71b95353b63e089d17e26ef9eb3d6d63f68ff54fe957319a
SHA512a18dd731d1f635e91a951120435b603800ae201ae8869de1831793be0be129709598d9b3e5b3aa3b2f170de16349a1026b364b8ffa432d6e8f78b9e5a864d91f
-
Filesize
372KB
MD5f7de3116e89f55806d47498eb1b3ebdf
SHA10d66d22f1d066201ba161662209e81e23002e29b
SHA256738891c73d69dbdb125f527ee912805d21a512455331d8c57b369b9a61fcb8ba
SHA51248564b1d4bdb7976e85b744ccc94200138912be523157a5b7a50acc9c10e24d1a49914b8b06b543fa0fd5ded877a97987bbc0fcc397f1163afeb3dd1c746efda
-
Filesize
372KB
MD5a5cb76099d29489e25e9443d5e77a9c0
SHA16052c21fcd9c089286b517f3f8aa854a24755ad2
SHA256df31c7b14c3023c6a27af2552b203e3525f1cc3f26207598312f71db8999d99e
SHA51246f827fb386e6b7b9b67b1a711e17f89cfa5fd97c019d8bae3389500fcc3bafb005b7c45b4ae5066382a548ceb35dfd92b3afc35b9c3899abb7f700c11f6818b
-
Filesize
372KB
MD518c635db08b97e187353b35caec0a876
SHA191655cd8e685b05f904e7d0b8624cf6cc9816518
SHA256c9e396f6a418669deec95228b587b2de97569d713c5abfa588e3da0af1600d0e
SHA5125b92760f1ac0bea4f3c76cd3c7c78ba10afa87a7c1754746e4efaa8a2faf5bdbd6c480931e901506233042c5df3cf4a6015cfc399fc3edff9636960fe537f8cf
-
Filesize
128KB
MD5d431304777fb528293e0ddb458a57f59
SHA1b86d709b61c50a577a3ef5533f4a68481a655ea5
SHA256945471e643b9fac256c2ef3b68f25e6b55d586d7d50dce2486e5bf7c15e90112
SHA5123ab4cafa2f93c13247756a64a79918c80c4521c761a6b1ef0b61f39f9d04b213a0e542ddda5f42dfc7612c048b4d03ae316b471669d3d5e1039b97a231b89bbd
-
Filesize
47KB
MD53c732a56305185aef0a995efbcb40c0f
SHA13773b4eba341bcaf880a209ba342099e5bb0f566
SHA2565748c426ba35ec593652dd79d2950cd8dc5cee131cc2cd2258946e7594aa15fb
SHA5123ec2304342f439b9664e7e2f77939fef599136bdb52349e74a17bcd3729b6432957af6afde4452b882f401319c461371f831adb376c46d44917c1d97648de178
-
Filesize
372KB
MD55955452fc0992774982bf10251f9b5c8
SHA11ae27fc9fa741a8ae1d516294960f91a6106336e
SHA256b610e5ab1c89e42ac07b531fec36ed6992da75df13db0878db69ef8ebf4ab127
SHA5126c37d97a707f95a5c522c1a80329e5f503ee3a6cc1b08d2094039db2d2979bdef9a199f7745c51369b61ef5e1775cddbe3c225548f1d8308cd062d833305d71b
-
Filesize
372KB
MD52042c030759b117d3c510cc45aa2d5b5
SHA1fd7fee2057f5559bfe6721c3b77e638b0415a7f3
SHA256856acb406f7b19f70f59903384ed0ccf228edecb4822443168b154d75e9bb679
SHA5124f2f2b9a4e75fa483f9ae04af6f7fc103dd9ebac640c41857ff15dc58d7b5a0bc5bad200b67be395c039699ba9d9b2c7abfdf01b19daf3a4224179b2b23f7210
-
Filesize
372KB
MD581a75c6e01d4eaf10cb56d07b1863a37
SHA18cc1bc76b01e814e52ba7a966c5f6a4a3fd08daf
SHA256cc80e534eaea683eb412338bf4217930ee4e1cf8514adfda1f6fa9dcf18a37dc
SHA5121e126a898533c5194e798c3ed1b65890284378af488e43f6b1469a67d12d894b625b1a2961c1af361786ef9239b212232ffa72e8b4215eec06f958516a0f1c2d