Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/03/2024, 13:50
General
-
Target
2024-03-28_ae683b6f6839a48294f88155f7c00eb8_goldeneye.exe
-
Size
204KB
-
MD5
ae683b6f6839a48294f88155f7c00eb8
-
SHA1
d83fe38b66789181d53bb8ac5f931592aec7c911
-
SHA256
da17f2a35db80b419584e44cdf0613ea0f1cdbdedaf21d468a98386c431779b0
-
SHA512
02c7848793fe99ec1d2bce18f374569fa217284d2d1b4e874a4680889a9c820501f0240f2d260fb9dcc1af7ab420eefcda1abed8088249df324b33db7ab94fe7
-
SSDEEP
1536:1EGh0oel15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oel1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_ae683b6f6839a48294f88155f7c00eb8_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_ae683b6f6839a48294f88155f7c00eb8_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C00DC858-5F98-47ea-9338-2B9E77A6DB0E}.exeC:\Windows\{C00DC858-5F98-47ea-9338-2B9E77A6DB0E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{44F8359C-B0BC-4700-847C-A7B61F1A0037}.exeC:\Windows\{44F8359C-B0BC-4700-847C-A7B61F1A0037}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ECBF1789-1B41-49d9-BF19-3293F01EF552}.exeC:\Windows\{ECBF1789-1B41-49d9-BF19-3293F01EF552}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3EE2F723-9EB0-4365-8C70-5E6420719812}.exeC:\Windows\{3EE2F723-9EB0-4365-8C70-5E6420719812}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1E5B42DE-9A8A-43a0-8889-C6DCB4A64844}.exeC:\Windows\{1E5B42DE-9A8A-43a0-8889-C6DCB4A64844}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E32CF286-DB11-4756-8FC1-C3DFEB836A69}.exeC:\Windows\{E32CF286-DB11-4756-8FC1-C3DFEB836A69}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C7467707-765B-4398-8E2F-9A45F5325153}.exeC:\Windows\{C7467707-765B-4398-8E2F-9A45F5325153}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9633F11B-1CB7-42a2-BB5B-BE95332D569D}.exeC:\Windows\{9633F11B-1CB7-42a2-BB5B-BE95332D569D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A79A490A-E6C0-45db-BD75-4E0024B2A333}.exeC:\Windows\{A79A490A-E6C0-45db-BD75-4E0024B2A333}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6D5EBF36-0BFE-422a-91DC-737052D19459}.exeC:\Windows\{6D5EBF36-0BFE-422a-91DC-737052D19459}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A0BBE87-6079-4e12-8C8F-F1C75D248D6E}.exeC:\Windows\{2A0BBE87-6079-4e12-8C8F-F1C75D248D6E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3278D8EB-5FF8-4524-B35A-2C778250CE14}.exeC:\Windows\{3278D8EB-5FF8-4524-B35A-2C778250CE14}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A0BB~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D5EB~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A79A4~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9633F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7467~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E32CF~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1E5B4~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3EE2F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ECBF1~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{44F83~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C00DC~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2256,i,9172343514068348080,519219714517961765,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD5d70d6376e4e0b23a6a8b303f5bcaecee
SHA16c61697a30479cb4da745c5f50624171f1c3349d
SHA2568b2daa168acdb43c7a61b1284d1eba15517aeccaa7e9212689e09a9043bdd1c7
SHA512781b4556fb8001db9a2e7f31865e2f3bc64f6198137996faf102c0d8b31703eb42cea6d884a409a80a4850ae2822c4021aa26f67e8252c5e4f36fcceb2898b88
-
Filesize
204KB
MD58fd8bfe1eead073fd5cbb07c7b8e6756
SHA15becbabdc59f07e5339a1875e8d9d0c9df6151ff
SHA2565773aa46d8d85e6be1a7174547f10c72920c06e831f508f8370d5cd9ff1b1d06
SHA51245a1f401b9dc90133840264088f55d8407bad69fd2108712e81f2c2ebaca8b4be2bd19182076d5825632a39edcd5797b3a8d432509425589a164cc0c0ce30bd3
-
Filesize
204KB
MD58ae64d51120e62b817227246a8877722
SHA1d1748932cd4f33780ddb7d55a9eb566f4ab000ee
SHA2560745eb68ab87907602dd891140114711959e2363215d958b46027a33cf9ae1d0
SHA5122ef61cc2a1cd279ac535625b921a566a8d3d84d73052ae3b4e46706070f5c594b6ab990965e974654779441c80f3a0e125508c344e87810b6294faa05dde1581
-
Filesize
204KB
MD5329ce2d1995213f9dce3584bc23fef86
SHA1e98b9cc4fbf42affdec0a35e54502c2581414d81
SHA256260e2e5f03800f607418a91e4da5d7c9e3898dbcd2e4ef426cbbd1cad8e06fd2
SHA512a24067ec7b672e4a877ea1d084ce2942ea1a1967af4bdc4bcb5b65cc3fe1102107541c49ec361a27a092010e93603598b38a6adca9917ef670b89819d62382ec
-
Filesize
204KB
MD5ada81117abe93b2eab7788169ce5b07e
SHA17386596e5b8645980093317968776f58adf28879
SHA2560d65c72510066032d7056b9c0bbff6dbe946985dc8ce3735c85b78c492da7fe5
SHA512056e867036f24b4d8cb27d727c144b00089faf39adde499cf0321e694e14b3ced516e17baf314d70b9bdf9b747e1edf0e0f6f97c8281f5af9c454b84a69557d3
-
Filesize
204KB
MD5937cb1d3db7e97f2c28a960d0381e886
SHA17aac2d50c94f4f97e33ce6f4259deb3df3cc4e59
SHA256eef4ce4e15cbb69a52f58f721335b72cd14fc4b62784f5868f55586085eb6d24
SHA5123ebd0d6337c3e037c0dc1db953933e95c7742c40bfbf5a0bc84344d2ba59a097c6ef1e6f90c979819ef6eca2eada5d2df1bb6c3d765501bd89e8c529a6658d26
-
Filesize
204KB
MD59ad9d734e11ab2ca5314835a01705ba5
SHA12b8f96b00509a74fde2431d3d9996edbee76f720
SHA25674e1e9493bdf799f06d30fb67d989ebb62739025e64ad8b573b59fec389d3fa8
SHA51281f3167a323c61b3a215d5d4953050f01a17e2f84dc8e7a03fe2a9f3454cdda0b0cd67203329c7ab4c71cd5082c805a9a71ca2cd4b81e8f741dcb16b555ade89
-
Filesize
204KB
MD5a4ace05b8d2d4440681ad13a56fbe24e
SHA1349b627072ea469fc77e66c478b3fa4cdefa6943
SHA256e5e4dc0c3c4c9ff51c801bb40e4507217d129f6c673e264b4fbe9b95009c56ad
SHA512d00f79afc05ff4a563bab5b488cd74d3048fa7de79d944554c5cb7ae7d57f27206da223dace10a566d461ebe659d70796ea809199078936c38f7b1f18183a808
-
Filesize
204KB
MD56609534027ce6176ad02b2b11a2a90f2
SHA1abf0a98b8806d1a5060ef096d36cd617ce377661
SHA256bd342f10be5371a611413590887e441d4b635baa3ebc476251688e0339c51423
SHA5122d4ae57e2566e15accd0b68963ee2e419e464b235851c0f43804c490cfc29dfee5931ef1a592fe1bd0d52d56ba480863e28e0928c3e22a4d2e0b85fb71c0f4e8
-
Filesize
204KB
MD5ad270a0f16ed9a6c9033f53278b37020
SHA1e748be940f97e048c2642d4cdba601cd8aea31e6
SHA2563df6ae31593c7ad53e9ebca1030e00f1ee3017e968033f662903cd6ea1ff2c5f
SHA5127c650ffe962aa7bdd6b2c22fa95ec94562d68cd286ae48001830adc79d365bfb1b333f18cc311701caf6be0edb5e262d961be2696f582cbcea4defa39d8bc2c7
-
Filesize
204KB
MD5d5fd0afcdcbe10b9e2f3301b8ba2b611
SHA10efe06674ab6bb9d5e032fd8d19cf541b80109df
SHA256170a5220aa8677ebb5364b0a4a46f64ac7928be0bd498bb6708db484a3603bd3
SHA512a036b890a4f3fc3b8e2e62a0c18470976707b45a242c7e922d2aa1b7959cb27b80b2ba27ef150a8bcea86a00ff729a05e9fbfe221cc7a2b1f6d6882dd877330f
-
Filesize
204KB
MD513b36d9ded73e5821a43e20e84c1b5f8
SHA1c18691003cee17742ae74632821483ad2cce1a62
SHA256a266c2e1b4a7c7e3f75d2a545959a1f9d7c04c6b8c9eede3b03aaad612cea7c5
SHA5126b49acf3e11975da113afa74bd2ff5baa0a95afb0c883e6a9f74da8a10357109ebf1bfb2eeebaaa7924d4c16f4a3ea183401300bf8f838e7015ba062000d56c8