Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
16/03/2024, 04:44
General
-
Target
2024-03-16_6c1a6ed33785a1700d85fa0f682e6f36_goldeneye.exe
-
Size
216KB
-
MD5
6c1a6ed33785a1700d85fa0f682e6f36
-
SHA1
e5ac21c4c10e2f6486f666f6f63cb3503d9f2e77
-
SHA256
228ecdbf8f8b327f6b27cf8dba3b1a2d580438cd205550417bfbb3dc6a9d53f4
-
SHA512
8c8094cd37d194e69fcad58121f6055b7d2884e2449bc19ad82a9cdf7200871690f4f4e3c9cfc253e5bb4a2defc6c03543efe7adc6c0c4e80f8ba9523aa65344
-
SSDEEP
3072:jEGh0ofl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGNlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-16_6c1a6ed33785a1700d85fa0f682e6f36_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-16_6c1a6ed33785a1700d85fa0f682e6f36_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7E1B451A-FF21-48de-B0E2-85F08F37F544}.exeC:\Windows\{7E1B451A-FF21-48de-B0E2-85F08F37F544}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BC58D3A5-DCF3-4a27-8924-546C315A5969}.exeC:\Windows\{BC58D3A5-DCF3-4a27-8924-546C315A5969}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{78AEFA27-74D3-4060-B409-F50249719EB1}.exeC:\Windows\{78AEFA27-74D3-4060-B409-F50249719EB1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EB69EC68-0F1A-4515-9BDB-AACC33289DEB}.exeC:\Windows\{EB69EC68-0F1A-4515-9BDB-AACC33289DEB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2049E0E8-4DA3-4262-98E9-E93969CDF38A}.exeC:\Windows\{2049E0E8-4DA3-4262-98E9-E93969CDF38A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6CB27413-42E5-42d7-ACAF-70EFA95924E4}.exeC:\Windows\{6CB27413-42E5-42d7-ACAF-70EFA95924E4}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{57F0C4D4-C738-43d8-B6E5-7C6E76CE7697}.exeC:\Windows\{57F0C4D4-C738-43d8-B6E5-7C6E76CE7697}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{585826DB-A835-4d08-8F4B-4FA03E61F45E}.exeC:\Windows\{585826DB-A835-4d08-8F4B-4FA03E61F45E}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{53B05D9B-312D-4c18-93DB-18F99CA445A4}.exeC:\Windows\{53B05D9B-312D-4c18-93DB-18F99CA445A4}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6247EE66-989C-4afe-9AF0-081938D18769}.exeC:\Windows\{6247EE66-989C-4afe-9AF0-081938D18769}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DFFD98CF-3046-4b32-B4BD-652F25C0C564}.exeC:\Windows\{DFFD98CF-3046-4b32-B4BD-652F25C0C564}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2F1F15BA-7A20-4e43-A8AB-E961DE04EE8B}.exeC:\Windows\{2F1F15BA-7A20-4e43-A8AB-E961DE04EE8B}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DFFD9~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6247E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{53B05~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58582~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{57F0C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CB27~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2049E~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EB69E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{78AEF~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC58D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7E1B4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD57b2d538c958a008fee9e6bc8006156e7
SHA100dde254b8036d18d8c651ef729bc0efde527b6a
SHA2568471a42157ff4f84b5baea8b95766c0e3f3244eecec3d435d7ff54bb53a282ba
SHA51274ae1538abad4e9e739610d309eb873e7d274693ba735919ada1c6fcd3bb13db38630641d6e2f7e3d5346d96fbe0abc4d8a97e7bdf9596b005905e1752c47061
-
Filesize
216KB
MD58c3518e8b7b8b5a1a67d1e5533225383
SHA1bfb6dc5aef12e92c6ad653fbc13fc45c2aa46008
SHA256c90f9c4f43f237e3d785aa53c9aa78c99198e05181fc09f360edbd06e2764fc0
SHA51206e1677b9f6bf9b4164ec3091247229d6d72ffc8074945081eaf10ff4e92f3cf6ac5ae84b5d87d4c5e74709dc87a2024c58a7c1bbfaa7c8338300cbe2605326b
-
Filesize
216KB
MD5ecfa49d6c4f10dd03aad3d1a8c0f44fb
SHA197a54eff1a82499cb40dd1b0ff3481daa26d5118
SHA2560180b1ba17870022e21ef6149f7870ccaeac800d1af5c75f00d0a39a5c5868b3
SHA512eef331472d7c7819098d5192ca6920371a4273e3a6c0296419b77ae83e32abd0474cf68a4b307038133a6789b50056ab53955b222c0c20f2bf729a645c5c8386
-
Filesize
216KB
MD56d8221dfaad84af4556010d3b35dfa01
SHA15e27aff01e94e1c3ef47e2dc9f81d5241a667780
SHA25632756e9aca82e17404c96ae1bdd415f078788956bd3e46ee235df4b63f67c612
SHA512a013645b0d3678c32094d587bb750fe080a65c86dbf52915ea664662402bd79fcc2d6022c2f95d1847331e933432bf7e06ebd1ecd83cc9d846aed83504bb4096
-
Filesize
216KB
MD50736917f14b2998657e7230f2e89801b
SHA1dd4e92778becba6bf410acdf37bfc274285bac0e
SHA256470d72f727d61f86e7491d43e256f68202e6701b09d23a34753c1fcfaab80504
SHA512cc1f16874c1979472e8e11c92b00708ea3758f8b09020079f460e7f662d6d9b2d124eee6b023294b0ed2fa7c7b57f1ed83fd0640c2c182a8745e74fcd72cf89f
-
Filesize
216KB
MD5a4a8649aac41590da31964f4f7ca42b0
SHA1dabf24f9b37a208470ace84e11c439fd01ce01cf
SHA256f627fca640063f59c838077bdc719a5a80c1120e8097a2f46abc6b67ec92420a
SHA512d71fba721baf2da003aa3b121ce8072e5dbe50c07a62b378d781be7340bb190314ce2774f0c924c241cc705ef4b44087d90b5da5567e995837c94be6f6eff453
-
Filesize
216KB
MD53bf345b51f0b781cbef65d04ddf78c30
SHA1cb9663e2f359804e12a5b2dd34e9a0df3cc27e4d
SHA2562834c515194ee6e5af6aeb178edb64f3175608ce4fc77a7a9ae8caaff671cf34
SHA512656fcd7389fdfef0b604b4b47a6ea0b4bc02f66fac85ad39802ad9140d3f23dae7a52e14194cfc723db56e10e63d22ccc345e638da33e9968824564652270908
-
Filesize
216KB
MD51d4c2e324d6af60d8959ebb33181f799
SHA1092156f437e29deb78e0730b5556bee78fc7f044
SHA256fd473cd5bba05246934ad15d15570314b3ade148a65530c7529456f584c8fa0b
SHA5128bdc977d21643f14ab8c381bd8d1d58a39d529414d0ff9405030de03bc626e77361de010a3a454ef810ba5777c46953e9f1a8bb5dff202b11626c76db0759cc0
-
Filesize
216KB
MD5eefd9365a2ab0367ab35f26caf5d6580
SHA1e0dee92dfea644ca3668b0e4ca18197c56816a67
SHA256e18e424cd4a3efba101ad48b2fe0249e404773fb8ccd5bbc85909ce7640f774a
SHA51249b24d0c046d4411f9b1fcc4b814a8f0c812337f71eb47b700fd338f26a47b6eeefe75e87fec8f226468a7de61e255c2da412c7ce666a5c36ca7bd95c68cc33a
-
Filesize
216KB
MD5be2daa75c190bcfba3455cd4d1c44047
SHA1b2132675c065ce047d4b9ba38dcd08f9d9000b8b
SHA256d4bb52ecd27b083ca103f13499a31b52b827b8479384729f296eb5936abbcc2c
SHA51292c80c016769e374bf85ce8ade662f358584d66114feebb84ffd145f9ca2a4d41ae522edc7ad830e4041eabda768621b93949472af675f80d7163b7f2f304706
-
Filesize
216KB
MD5552de0afcd89df15314f3a44d6469a8b
SHA104a6d7ac1ae4a4ec24e220711954c1058578e0b2
SHA256e3d87912b5f5e31e2bcfacc35234ab6b611e69f6b1225b4f26f8ef00da07986f
SHA512674657e07d2c77ccdf295872525c1053c896766359cab121cebb901e111d50fae639496855b91a0480345e768266334489333754d303fece741cd765be36b44c
-
Filesize
216KB
MD5dddf67b91d434afad23c9864971a914f
SHA1d794d77dfcf4ba542a2dd7d308b6b75f7d1cbafb
SHA2562b7fef4d8638a60db606e321bafb2520b9019ccb95d9c2b69e0cb62c45925935
SHA512b9f80ddd6c9dd02b93ea1a7814dd54da42aaeba1ee8fa7a958e3f22152b530b4efb07845a676a33d7f7459b75c6d465ab94f6874a4b6e5b268ed647816d794b4