Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
27/03/2024, 01:55
General
-
Target
2024-03-27_fb0f481931a9fd19aaafd8e21ceaceec_goldeneye.exe
-
Size
380KB
-
MD5
fb0f481931a9fd19aaafd8e21ceaceec
-
SHA1
1a3367d91c3cba1c941771307561abbf410a8c70
-
SHA256
0af3f69e27b98fddadbd94a6867249985be62d96fc75c908035c207ce7208a30
-
SHA512
61c45b8f0093b78a7480c94c55edb038025ed4a08ed10635d437bb25552079e7b464be7dcda186af9dc1005398f81323808bcc64a107bc4c5d78c73db19ab6e4
-
SSDEEP
3072:mEGh0owlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGml7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-27_fb0f481931a9fd19aaafd8e21ceaceec_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-27_fb0f481931a9fd19aaafd8e21ceaceec_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{416F0F4E-109E-42ac-8608-B5427E746D4A}.exeC:\Windows\{416F0F4E-109E-42ac-8608-B5427E746D4A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0BE619CA-3D90-4a00-9B2B-88EE7F4056CC}.exeC:\Windows\{0BE619CA-3D90-4a00-9B2B-88EE7F4056CC}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7DF2A1FE-1A44-4e13-BF28-9FF1AE29271A}.exeC:\Windows\{7DF2A1FE-1A44-4e13-BF28-9FF1AE29271A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EA32D216-1D84-4127-A5F3-75E4CE5A0EEE}.exeC:\Windows\{EA32D216-1D84-4127-A5F3-75E4CE5A0EEE}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CBC467D6-BBB0-47cd-9F29-EC4DD1396379}.exeC:\Windows\{CBC467D6-BBB0-47cd-9F29-EC4DD1396379}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D65DAF44-D776-4df7-86BC-0CA793D96536}.exeC:\Windows\{D65DAF44-D776-4df7-86BC-0CA793D96536}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{958F22C7-5C60-468f-90E1-2D6EE49CC4D1}.exeC:\Windows\{958F22C7-5C60-468f-90E1-2D6EE49CC4D1}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2CF464D7-163F-4198-A235-9F69C8C59064}.exeC:\Windows\{2CF464D7-163F-4198-A235-9F69C8C59064}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D18BB3E0-4E04-4898-81A4-3EB57FC70D2F}.exeC:\Windows\{D18BB3E0-4E04-4898-81A4-3EB57FC70D2F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E0950C47-01FB-4fb9-A619-63E0AB3D14FD}.exeC:\Windows\{E0950C47-01FB-4fb9-A619-63E0AB3D14FD}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0D8C593B-5C20-40f7-9372-D85D8C8C7B20}.exeC:\Windows\{0D8C593B-5C20-40f7-9372-D85D8C8C7B20}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{88F6C33E-E984-467c-9EE1-4CE44715BE27}.exeC:\Windows\{88F6C33E-E984-467c-9EE1-4CE44715BE27}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D8C5~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E0950~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D18BB~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2CF46~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{958F2~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D65DA~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CBC46~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EA32D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7DF2A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0BE61~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{416F0~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD5f311d05ccfb0981f3bb18e160ad8772e
SHA17ac96cae64000e07e0f277da68c6b2e95dfead20
SHA256633242c39f1033b021f3235a46e7242e09c12d7106a2e5d4e9468cbe24e5f98d
SHA512e97f76db682f98404a76188d5b75b16e4aa223cbdab53d9d45c24aeb1e07411740ad25982ae35ecebf34e981208e4313030b5f72f7439f7dcc478035a3829dd0
-
Filesize
380KB
MD52063439f2b46a34cdc0facaa1aafd674
SHA1ec42195e4c68102d4305e2b3b7b42b135045309e
SHA256b5bf00d422a1b0146da7e2880abb51737c892ac49aa16bc1aec31180b9fccf33
SHA512e6cb397920c8526fcbde335eaeee421ccefbaada641d0614280371264d9012549f9b4abfa2e7ab490744ecbb9aff888ac041ec1591be22af33d1abfb7968dde2
-
Filesize
380KB
MD5f1dbec66b9ddd11bdf26d624e7e221e5
SHA11987500fa75cd2cc1e922dba963f55c294379360
SHA25691774ef36a37153e916c90c2d6432b208506a17651663f0ffcaf47a381733e0f
SHA512cbf5e8aa09bf9c5697da5f6f3a242175bb0a6e2dcd1e5eff8d3c98dbc8d61fac64bfec711d9f0be873b210a1ce6f622af52bda77181939497d5b75bbb6e21099
-
Filesize
380KB
MD515db102fc65d218c2697482e7130891d
SHA169f7a852ca2cb8f2d2b04818971e884005864ec0
SHA256786b314190ffb9fa193eb85d76c240aa51b8b8d6b98cc8b3861d09c2f43b4274
SHA5127b3d6a09991ddee135c42b70d4b78b1a8d5f088e332588333aeac17ed01d6be26ece29b5250b266d6c107da045fb6d1be346e7619ce0347cf637291dc4569a5f
-
Filesize
380KB
MD56b53d26da2852b9cad6661c41d5f6b2c
SHA108cd1b930509fae59fda8082c808d9ed9d226659
SHA256bf1210a10672339478a95bf627dc412225e9755db04832e638355f0adea731e1
SHA512b9489fd9d87723222cb792cad73aeb9b01ea413f549854a42dfab9adfd802060b5da046e4e90bad92cf9341e25c142002fcac50b97f989e307110ef1f4326e7a
-
Filesize
380KB
MD56a35821250a2f2135b26cdab71787ef6
SHA112996f2010000fe64d1fc45f04f8877fb21bacf7
SHA2563f023bff2127b6238cd0946222a1db8832b27f7e112187dfb0de68c27c548127
SHA512e44086104cf1e462b5ea6995fd4d6db08230bed6bc386c81a8d4fbf48f9f0f589bf47b1b75f7ed68e77bcaac2171bb10f685e733bc37eecbc98363041b30fda2
-
Filesize
380KB
MD5e68f61d38c38bf1a1f16acaa7b7cf1a1
SHA11d99b2d293dce2fe0eb063af11dcc6386c87a4f7
SHA256df25ceb91dbbda67f7125aea362001dc8ea58abc16acd7a44d95bdfc7db8b709
SHA512f456dbc2107e9ea90eb5c6e8c8449f353704a594ea90e5db967d8adc1bdb0b60eb4016e9e37210b796ae90b919723b19963a967fe35329f37701ff36aaa25c3d
-
Filesize
380KB
MD50a049c5b55969b9e58fb2768d2b619cd
SHA1c88f4fba4763834dfe92b20cd1511173c09b99f0
SHA256ff0fbdd57d5a74d51f12af46f50d77e5ba7ce21e8a5e1b7924c425d48024746f
SHA512f2b166900587ecca4d60c6facf88addbe207887cac71e2cdab5562fd14a0834dcc5ee8c921779f8d79ba29b3e2b86df75f74aab4d03fd017cb108e334267df83
-
Filesize
380KB
MD5627fdf2cd73c6f96cc93c7f605c80d83
SHA10f8c1aadec79526db448a66b27968ab287871555
SHA2568630813c7c4eb1345da13944c1f65d95ae2faa51f904f5973b32376a52281597
SHA512b07fafa15552b0c2831b14b8ba14c4d31caac1fb44cbe2c3d0a1b6bddbfd6a09715e5d2e83343f15222d68d6d2752ba0c14a6ad26aade2a426096842e1285349
-
Filesize
380KB
MD555338cc46c9befc375b397cc4a266524
SHA17722de47affe53533717d57a4039d5953f3f7216
SHA256b67929a44b6e580a21a46c1e8e04461b31b0368d0f496da9e357268573014045
SHA512112ca9445917052454ba82a0727e668353092167532251218a332f6632caff1b55b022fc1e97ddfe0598d4a73e65867d595f6bc0cf3d3e9d9623dbea1594c34d
-
Filesize
380KB
MD586096181935ab647f4b2e76ba839fb6f
SHA197a8b19d2b9182241e61fcffd014f6e871dc0497
SHA2562ee8371d5e22e3fc19cee7b455a3a6bacf5485f021c3f3ae6e7a8a4617fd7fb9
SHA512cb32973f52a8e7c34a2de0b172d97baad43c6b41dbe5690237bfbc99276d8d10ec8d0e675046bb62ba65c73f082cabb66a72e7cd511700a6c41398c8d70d9346
-
Filesize
380KB
MD57683cf678685a7738d40d1392fbcc169
SHA1be52bb80b40f5fa3cc2fa259047dbadd36ce5714
SHA256593c2de206a66c1d39cc83710e5be407fdd60fa939811e51edceb2b69537a924
SHA512b27d07761be179b48dc25eded8db177cd13a4316932028a1f196347461c93606e2148c5a8d143f4427d1e2e3e9886a0739581729b3c588274082c50a7dc8ce09