Analysis

  • max time kernel
    2s
  • max time network
    10s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-03-2024 04:49

General

  • Target

    ransomwares/Fake GoldenEye/FakeGoldenEye.exe

  • Size

    76KB

  • MD5

    26758407117c78422332c443ca7ed21d

  • SHA1

    9ab022e854166f4ec567d2ed4cf15880c13b3d95

  • SHA256

    2900dcc4246afc601ada049b127c4344fa917acf1689a6a4748ee72f93f503ed

  • SHA512

    ddbc118d3124508e4a9493b0d55eced154ae41c641f852f49b7f2b72fb9770d5af7ccf913b65e87bd9d66a4e0064d47bebd62e38cc03953c30d48ece13d501ee

  • SSDEEP

    1536:5GIHamLYZy4hk7CR8yrO1gStZ6PjydhiAphYjy:rRfi88OOKZSjioJjy

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ransomwares\Fake GoldenEye\FakeGoldenEye.exe
    "C:\Users\Admin\AppData\Local\Temp\ransomwares\Fake GoldenEye\FakeGoldenEye.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    PID:4796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4796-0-0x0000000010000000-0x0000000010007000-memory.dmp

    Filesize

    28KB