Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
15/03/2024, 23:21
General
-
Target
2024-03-15_07c011af3b1d07b5f4356773f50897f1_goldeneye.exe
-
Size
216KB
-
MD5
07c011af3b1d07b5f4356773f50897f1
-
SHA1
472f40d181bcae2d7da255abb5b7113eef626f83
-
SHA256
ebc65d09888fa2a7477d93060ebaebb06fd8d6c46fe28c8377d3b61e33865e45
-
SHA512
275ce71c8ef3958fabc66e5577b57983dab77ba5454082b59eb62cee4f15518abc034898aa882e4d4c806047b45c3e8d80cda942163f2a3246380d0f75381d59
-
SSDEEP
3072:jEGh0oul+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEG0lEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 10 IoCs
-
Drops file in Windows directory 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of WriteProcessMemory 60 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-15_07c011af3b1d07b5f4356773f50897f1_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-15_07c011af3b1d07b5f4356773f50897f1_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DBBDBD12-92E1-46b4-9702-91C6881D40EB}.exeC:\Windows\{DBBDBD12-92E1-46b4-9702-91C6881D40EB}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BCAF8FE0-B7AE-422f-A7D4-7AF0E0CD23C6}.exeC:\Windows\{BCAF8FE0-B7AE-422f-A7D4-7AF0E0CD23C6}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1C340238-08D7-4441-A6CA-2513002752BD}.exeC:\Windows\{1C340238-08D7-4441-A6CA-2513002752BD}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{50BF7FF5-E934-4a52-A27F-B398B49FAA94}.exeC:\Windows\{50BF7FF5-E934-4a52-A27F-B398B49FAA94}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
-
C:\Windows\{4BA27F55-5142-49a4-AAD1-7A69F294F934}.exeC:\Windows\{4BA27F55-5142-49a4-AAD1-7A69F294F934}.exe6⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9B88E965-331B-45ed-8B02-C3EECAB310A4}.exeC:\Windows\{9B88E965-331B-45ed-8B02-C3EECAB310A4}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59BF3E66-3D6B-431f-818A-C124A33DAF32}.exeC:\Windows\{59BF3E66-3D6B-431f-818A-C124A33DAF32}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5E297403-FE3B-4abc-B4F6-A4C457ABDFD8}.exeC:\Windows\{5E297403-FE3B-4abc-B4F6-A4C457ABDFD8}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{155A3BEF-2FA9-4c12-981E-63C5F5110FEB}.exeC:\Windows\{155A3BEF-2FA9-4c12-981E-63C5F5110FEB}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D3B080B0-EEF1-4ff1-B18E-8DBADD3F3F82}.exeC:\Windows\{D3B080B0-EEF1-4ff1-B18E-8DBADD3F3F82}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C91E21F3-78E5-418a-B852-3FF8BA19BB8A}.exeC:\Windows\{C91E21F3-78E5-418a-B852-3FF8BA19BB8A}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D3B08~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{155A3~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E297~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59BF3~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B88E~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4BA27~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50BF7~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C340~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BCAF8~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DBBDB~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD51b48593a4475073ddb9b67a4090a40eb
SHA14e688e7d459e202e04796f745284bf560dbe27b0
SHA2566dc6d4cb983a2eae5197b7dddf8e87e93b2115175f1b9f96394ed1541feff975
SHA512fff9503fa1d7f34acc022206c5e5f8dc2596b6feb37a0b2fdfbb2cdf84b35e1b5922cdea551dd6c7af1e2172d6dfe9a9cb4e8ff92a92c861f7b0a1f967a31c6c
-
Filesize
216KB
MD5e0ba47650238a605acc0a1c97082a7ac
SHA1a75026500c9505e873c2ebe09c78fc0d7ad8ab78
SHA256b49cccb7c763a997dc16a9110208d3b554712966f0c13b1efa9b120238bd09d3
SHA5122f162cb0b673d81deeb9e91535799632225d791bc23b1e35d7b15d24afca81b89adbde818f2fd73bad9aacac2a4eaf12672c6fb2c7c61735e0b3dd363c36c04b
-
Filesize
216KB
MD510ee59557da0814c0ed16382bdca4309
SHA1c8e9508d51beb66158d141691d35203b5d59efbf
SHA2563c8b721a244cd5526d53f522748a512df08f584f7f792692bbe5edf2d3443f91
SHA512ed381b21a45642fa5cb86d7be48d0930e5fe4108073ac6563c05df56730bcecc219b9924ed0d55bbbe5c4dbddc396548b4392535e5955d180afd5fa0579d0221
-
Filesize
11KB
MD54670babfe06c639bb1427c7c93dc0188
SHA19e4272c19e8a9c542e82009e2f33ba10f729d446
SHA256775f6fdbfccde27942595d434af10b64d8f6d83aa2dfbe59d0c44c600fdd9b6d
SHA51293f4d642a267ef9efc4c55b37600c9e49a6a40ef0854530330cd4e4f510b5455247bcbe17cf80cd244cd0d310c2cffd99a319fbe51f3cdb8e7115d191e7a79ff
-
Filesize
216KB
MD5825fcf1be73a8e6c4aacb856a20c4dc9
SHA12da2925cebd629c23bc48e101cb00ab15de325b8
SHA256937ef41eb20aff0cda08448f31c8cb69b541486c3c18f5053d0bd7ba9543d72c
SHA51273205c563df4651f4434856a31cc77a7fb820d2fa615b59ddf70bf8af534cc15ace599958c06a0a95cdb3a8743a084b92351971449e49b9c646a5b92909e07a5
-
Filesize
216KB
MD5f47382ea07eb4f5eb1f27194125888c0
SHA1c739df479d4b531ef3dbbb2e3fc45353ee931e18
SHA2563d55bde458119f11e268088e0627e87a38fed16f6909baeef636f3bae8621cbe
SHA512d129bbf8c71905143d5eda504a5f15faa5ce4dfff223e6c7f52a8a7e1de997e663c3a85c1043685c188ec54a4ddf223b1f4b80da5762771c8d040dab036b4d5b
-
Filesize
216KB
MD5578d965644c68b2abae3c2dcd7f7013d
SHA177fa2caa6d3c5a5d78ff96f89fb7ce9d1b78ffdd
SHA256565d6de5a40550b26325ee20359d595921a50a1d58c704796343b95cda065678
SHA51289cd417a4afd0c2224d97afa224e5b69a2aeebb7687563f3078f9b9abd0ca47a21d2ce3adf93cd3b192026e642ead0fbe3534177727d135656041e8fbed9cbf2
-
Filesize
216KB
MD56b32d2830f0bab4679b01e170a11d592
SHA1b83da333082d76a275234a0379f71898898c4258
SHA256d16a72e002ef4958d29ddccecb688cbd01fe4ab39a130a252c6cb92da96e7d3a
SHA512ebe7c188b1e8181e6506079ee3e5dd8c67fbbad372f8fb807852dd8453469baa5c14db98127396914c3ed5454138e5d1243fe6daa1a631413d060d16dc12734a
-
Filesize
216KB
MD5c7cbba8f93d5242bb0ea8824b37af539
SHA1792bf1f3063f56eeb9a3fadb5e072cbbb7768083
SHA2567f60f6f2be89c8892d56ce9891c9416f78856d95569e2a75c26108b039a54fff
SHA512fee19d0c81888a7496209afd1371237d48fe221b507e39cc6fc4d801e2c3a4cbf9dc5c7aa64470ade1e93d5a7f1dfc5f03f145a1d66c691482a44b342a389d74
-
Filesize
216KB
MD56440f7c5d0ead3483b53175c4f1b91fc
SHA1195aa6bb15218d22bbe1d312d2e9362ce04f8909
SHA25696136f8994afc82d0914e4830c44e5ee266527f507d1bb0dbb57336f97c1f345
SHA512cb14356ac83c91f84f69d89dfec65a020a346009a4f44f28f24bf03aa11e46bacbd8fdcffc3428af1b5f15161c5275b7a97b1174e2e640851ecc878f99dad7f6
-
Filesize
216KB
MD587857c00d520777e20b8064913a215b8
SHA14a6d57ae27659cc870eabb0b040773b4d88e716a
SHA256ad7bc2087304a0b255ff18972c539081e71a8cd8e7f1958072a631e19e6bee64
SHA512005e506170b8aaaab24436aae4d82aa66f559ecd80db50ec0877b319801110808317dfc27e9d7aa3d15c9a153fc17b43b4b26cca7d242d927d25208cc0cb624e