Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/03/2024, 04:26
General
-
Target
2024-03-29_3733e770c4d470a7fe4400202d44fd18_goldeneye.exe
-
Size
192KB
-
MD5
3733e770c4d470a7fe4400202d44fd18
-
SHA1
5867c71323d615bff97a877b3cb4a749803d74c9
-
SHA256
a7afc3c61c8e6cb4d72840aaa0798de80df154713ff365ce9be6e9fdacf5002f
-
SHA512
dd6dc6f8106b54c0a5061b27d4174567ddb4d6218b55d1abd43b70bb81e60108947ac80ae06fa4b48e294329256255b666b0f12ecb795d074fd9ec96c288270c
-
SSDEEP
1536:1EGh0osl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0osl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_3733e770c4d470a7fe4400202d44fd18_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_3733e770c4d470a7fe4400202d44fd18_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0F12B1A1-A9D4-48c6-A394-5A1CEF2A37C0}.exeC:\Windows\{0F12B1A1-A9D4-48c6-A394-5A1CEF2A37C0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1FB1FB3F-BBF4-432f-A7E2-ECA64EC986C1}.exeC:\Windows\{1FB1FB3F-BBF4-432f-A7E2-ECA64EC986C1}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C136C819-0A88-4509-8D01-F043DAE89383}.exeC:\Windows\{C136C819-0A88-4509-8D01-F043DAE89383}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F29D89F5-328E-4f86-B560-0ED7A85A948F}.exeC:\Windows\{F29D89F5-328E-4f86-B560-0ED7A85A948F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C6D3AE93-DC58-45c5-89BB-38DD6D489D1E}.exeC:\Windows\{C6D3AE93-DC58-45c5-89BB-38DD6D489D1E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BFEFB62F-01D7-444d-AFEC-4F15AC3FF88B}.exeC:\Windows\{BFEFB62F-01D7-444d-AFEC-4F15AC3FF88B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{926613A2-4B9C-4a97-842C-BE9EB9DC320D}.exeC:\Windows\{926613A2-4B9C-4a97-842C-BE9EB9DC320D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A266FA32-FF0D-4b4e-8481-84718E5E982F}.exeC:\Windows\{A266FA32-FF0D-4b4e-8481-84718E5E982F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E162399E-94E5-4f29-BBBA-70593CEC1B76}.exeC:\Windows\{E162399E-94E5-4f29-BBBA-70593CEC1B76}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CBEF5DEA-D6A5-4d1d-819B-9F947EAFC735}.exeC:\Windows\{CBEF5DEA-D6A5-4d1d-819B-9F947EAFC735}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0E4E40F7-4515-4dd2-9946-CD3228B763A2}.exeC:\Windows\{0E4E40F7-4515-4dd2-9946-CD3228B763A2}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0E84799F-2BEE-41be-9398-7B09F2979555}.exeC:\Windows\{0E84799F-2BEE-41be-9398-7B09F2979555}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0E4E4~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CBEF5~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E1623~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A266F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92661~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BFEFB~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6D3A~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F29D8~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C136C~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1FB1F~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F12B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD54a0e5bb68e7317594503db2ee0a63fea
SHA188f9932f6b1a923ee30d281da821257c7481941f
SHA2566eb8bb3769ccbf0a1f59d750e00217a2782bf1c50b8ac0ead5718f3a311b66c9
SHA5122016ffb121c59ccffbcbc0245d0ef59c8c5c315a501cc1df6c5da886a0697139d81b010fa282ab7dc09de1e5ad1993ca630cba2bb0e560c3fc1b329d613a4f01
-
Filesize
192KB
MD597713d3f5da57aa347596879203c71f0
SHA1761c0070f72b8aa6578fb2e228986013361af162
SHA256fac428a5f70232a75cd9e3c2c322970a0c512c8e81214226bac6f3bfb04d11ac
SHA51217fb768d25d3727f945d308f0b642774757483bb46c9a00125303e52a4d3ec83be28bbfae7693e209ee8812f310517742a7ad19fec85b647f5522d9f896e7882
-
Filesize
192KB
MD5d6f6f81702428849881f9ba89944efb7
SHA18466f661f86230bcf7c0584e4587017c6ef4e4d3
SHA256e5c715ae586b87f351092b0875a6c3f8995f5e3af1d68d813fe3b5733a127c21
SHA512c3646945ec01a150d85460ce7749cc4a170b8e7c84b9b08f2bb3e1941b41fa215bc3677407530b187b3e9ca2c954b05859587a4623adeb07a4242ee89bc27c60
-
Filesize
192KB
MD5b7c8966e767978b2697bc86400c8efab
SHA1ccca7b3363c7699396399aaf2950855867388b74
SHA2566ff8b01dea21152dc11b925431307afaf500ea7f905a59a804dc1c0bb2b359dc
SHA51246b9dd39ab38ffe6b824dfc5e39154f1f9dd9de19a30b7057f98a7bf559d55e1f22bec29870dd4fc725816eccfc39c0cbfea781a3ba12036b7e558bbf99536a2
-
Filesize
192KB
MD518b56a1805105fb4415b2658cad968d5
SHA1cd00548a7668ad946807aa952907827ccdf71706
SHA256268fd3befa9b70d9836a21c37362e95b67bd4210e6cd397e658a71c068855888
SHA512b0000e3866b4d8f3f5a7337ef7d57a4161a34a0be1f46cf83d75b07600e04aea99d26251eabdc942ff07a582420b3e3156cbab6cd56d07dc61ea40e96a921080
-
Filesize
192KB
MD5199c14f722356e1a2bbf9dabb7034ae4
SHA19de7914742e40605e3f8098e94c884f40295d0d2
SHA25668f2f1356d5dd80549d7778b4c817984f379f3b7290d70bf749d271edad04867
SHA512163649c14f9bc708f056b40cce2f4f0e2decc3436b5bee9f5b1fa26d34cea7df0eed640af7543f467e1e8dd2cf673aa83a56e822255d8a09d910ac6c0d129873
-
Filesize
192KB
MD5aecbe4a311e7f799da4fb29c612eaece
SHA101570c0f834ac36c96ae134a7b34e44a1f966995
SHA256611a47d8b58e21e075f7da172f397b36c9310eef0a2c9c8ea81a1a7495a9ace2
SHA51240b3f6fb3d5ccc43e1b3ef9d0b89fa33ff95ea21de12f75a6ae66b6aff74208e69b4c12dc568f00179d3e5219c772736d2c363b38e69187f6050ce6f46d47f67
-
Filesize
192KB
MD544930b5a6da172bffab87d9e1ebdb553
SHA187335c529b060766e97c4d821ba8b495526103f3
SHA25656c9073f4a24cd01ab00ae4f95a36dcfe57793ee0e7f6d861a174088088b2c2e
SHA512463dbc06acd76e62283d37598b9e696fb33fdcf3652b9b7d96c114654da9a8e61e6e3023ac999fe7157863c37a82dd7637d9a9f69462eaab261e937df90985e4
-
Filesize
192KB
MD5d806678a3ade4ebc288617df3c233348
SHA1ff7b7ca3a9f24da3f18059e5c665758076814336
SHA256b884a6cd80039e4a8be778fd0276916ae9ce484e2c030792c04bf0437ca2709f
SHA5123af0ef327bedcfd5718002c5e86172a56c5909fbfa051e55bfd13c1f0b31fba06d87e70bfc652cd29de262016657bd3e0a2409c2bd0800470df981d0fc71cccf
-
Filesize
192KB
MD5565145a327999651d3e432a755f0058c
SHA16ef25eea208aaa0fb991296773cbaf47e6b6beea
SHA256bb3bd0eb32ad314943026198146ae86655a38410c50cae4df5a0084e1c9b780a
SHA512e0485f5a19a6573194058b3cfe4d36759c853577a537b3994d02a4e8eabd7ac33797bfd6d092d3945da8e4236abe0ea04da4b88249fecdafe2dfa7a88286cf9e
-
Filesize
192KB
MD552a02f7053219527438ceb815a1188d8
SHA19ad6b76d0bba82acda36ad8b7c3bcd03e31e44f9
SHA2562b50ce62a054514f8ae1e742e65c73ad0930e340ead1edda24f83ac72d7dda9d
SHA51214d9adda4e509b00ed51445a632683bf360b1f7a77ff7a37cefa5f6d0c06708f501536d2231a67fe34aad13bd3e88c19f6ff88169771acc46600d932f67c2082
-
Filesize
192KB
MD593cdeba1187021575325d84460f52ecb
SHA1180d2e6db0b5d47a100fdf7131243daad2035cb5
SHA256982a4160e87469c0a4015ccf37e5929d7bbc44a87912f613b8062d72557878a3
SHA512bacb113c59ce57bd19f270b9ef312a98f3df836791fcb7506bd8246a50fa3929b0b97e192a941870aaf6ee103ba3c1bd65371dae8a75146f607c5866a438e85d