Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/03/2024, 15:41
General
-
Target
2024-03-29_ae489b55a7885c6a6ad6a978a85b585a_goldeneye.exe
-
Size
216KB
-
MD5
ae489b55a7885c6a6ad6a978a85b585a
-
SHA1
463feddb950a8b9a5e07f090120e443d1f7b6555
-
SHA256
cdb52a13fcdbafc3d07b12580bff9ddd21b7318b1759beff0a423d03e807b8a8
-
SHA512
adc47c5ba14d29a0e1d31af3441a6dd50b88910c0f8d59cb71333faf56fbdbd2fefb0ee88a7eee9f3239495ca096f1e0189ac7dd8eb1d0072baca0ff13e4fdf3
-
SSDEEP
3072:jEGh0oZl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGrlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_ae489b55a7885c6a6ad6a978a85b585a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_ae489b55a7885c6a6ad6a978a85b585a_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0015EB47-E42F-4593-A69F-09F638C70574}.exeC:\Windows\{0015EB47-E42F-4593-A69F-09F638C70574}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2DD671AB-C5C8-480b-856F-7142A7B55035}.exeC:\Windows\{2DD671AB-C5C8-480b-856F-7142A7B55035}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3B2CCFB3-148C-4d5d-895F-35F7BF061923}.exeC:\Windows\{3B2CCFB3-148C-4d5d-895F-35F7BF061923}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{99B864C7-EEC4-46f3-9BB4-0F16BB8A378C}.exeC:\Windows\{99B864C7-EEC4-46f3-9BB4-0F16BB8A378C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{274FA1A0-961C-41b6-9991-AB806AEBB3B9}.exeC:\Windows\{274FA1A0-961C-41b6-9991-AB806AEBB3B9}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6F38CD37-547E-46e5-ADD8-4F4AF1FEB8E0}.exeC:\Windows\{6F38CD37-547E-46e5-ADD8-4F4AF1FEB8E0}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1AAE5021-B087-469b-87F2-EA31971740E2}.exeC:\Windows\{1AAE5021-B087-469b-87F2-EA31971740E2}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6E436214-A398-4d34-83AD-14481CA0D9BD}.exeC:\Windows\{6E436214-A398-4d34-83AD-14481CA0D9BD}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C3C4D036-708D-4a22-973D-2A5800C47C2B}.exeC:\Windows\{C3C4D036-708D-4a22-973D-2A5800C47C2B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D86A3804-57EB-44f0-82DB-9D8896EB19FD}.exeC:\Windows\{D86A3804-57EB-44f0-82DB-9D8896EB19FD}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F9F7E6BD-BE27-4470-ACE8-4B5FDDBD6F55}.exeC:\Windows\{F9F7E6BD-BE27-4470-ACE8-4B5FDDBD6F55}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3B84AE88-407C-4446-A89B-3011EDCF4B8D}.exeC:\Windows\{3B84AE88-407C-4446-A89B-3011EDCF4B8D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9F7E~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D86A3~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3C4D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6E436~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1AAE5~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F38C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{274FA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{99B86~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B2CC~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2DD67~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0015E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5b55f50274fa37c842dd5ed85d8d84de8
SHA166fb3a32eb13626c6164d7fe471d9eec47b869b0
SHA256e4630b85402b71f47527c92df23fa185ea23eb8fc07a2c1d89aa6f755b9e9d63
SHA51211fc9b21c90ef8bac852227a667fa652b950cead40201403d1c557defe26e85640f19b60ecc1763ce5f2e0b18093064bb846d2201e4c66827c9c018bfa11a03a
-
Filesize
216KB
MD5125cece46846255850b649d824063a6a
SHA103ef8690e10b5a1d6ada9905c70a4b06bd9cc81f
SHA256ef8d275ec3f5483aced5d424c67c89814f8e6358c17201763b98a9e267e757ff
SHA5128caf46fdc413d19d0eed9d4d75279659bf7133b0712bba5d7e3deb1ac4569b6f1a527cb1d87ab7501f45ef14e088ee525fa1e0568e9e5df3c402488a81ce0e33
-
Filesize
216KB
MD59b54fe02b1c53b079fec415640a41d59
SHA1efe5c2aa2c91428124b37a89b68bf115cad937ee
SHA256040a13f2f9554bb0206e5e325f5fa24bd6dbffe3f00af60a249a1b42e83f726d
SHA51234760e367ac0de73d1821770438ce910e885a34ed75bb2e220ba5328a22ca0a4aaa1ebd80ed8aac63ef98d2cece072e9a2a11cc19a81ad0f8cd0a860bc449fd4
-
Filesize
216KB
MD5032203ba0435bf1f95e9765d2e711bef
SHA18499a1264c3dae1a73c18784a4daacf1c8440b6d
SHA256d75e227c32bef46db96dd9cc61347133dd59466a10e53e41881d14a66ed9c1de
SHA5124ece454b3888133e3b2b517990614d0d8de2b767ec26566137ad5f10f366f99cb4214aefb49e80340dbf9bb434f9bd415bcf6e2369d26abc081dbc0a2ec16673
-
Filesize
216KB
MD53e169ab3d8f6293d70c6ff052197b6a8
SHA1a0dc5018add1aae91d9a88e12bf402684873798e
SHA256c32b0441c8e6d530f95d4342cf135ad73aafd98e5c8469ac9dc9f5e8cdde505d
SHA512ab1fb65c19fbb6c9456b911c228396400c0690a74bf6c840415d29fc72fc8e4b9643045a17d6ac3e96e04d61d108906d7221330312d82e014fdafb600d7bc2f8
-
Filesize
216KB
MD5d1a48974f6bb75e299285001ca9d211c
SHA1803485c1cab33f72735eace63993597f7e7c069c
SHA2565c41ac8da6aafdba5ebebc075e516ad6c065f694a97588778309a460406f684b
SHA512d1a296a5ab98a6210bbf7a422629a6ab60d8aa7f11968afe176f110d96a1b9ee9699e24d836ee54b6fd0dd2d240cea110c130438c8a14e283730a233e3fb600e
-
Filesize
216KB
MD503ff675ff292fb402a8d6c492a8d18cc
SHA1b055acbee199eec6bea0841c42e5fb75309e4398
SHA2566dc67ee215f93aff4985193a652408097ec324bfaaa02bddabfa10f5e995d594
SHA512836bd8b0db6201233660a1fada8205fabfbcd6ae97b1b9ba83872f6a2217a5d544112c888194142bee3f0454b58066e5e8dabf034c67e5ef6d10405c62291dbd
-
Filesize
216KB
MD54217811fe5a1e2b418cd53e14b5440d8
SHA174fde0ae798a5cc7e8c622b83b4c699906b08a89
SHA25663e88cea3c63b1daa45f8e57ac971d42a3653d84fcf9245ee627fd8cf8d6d267
SHA51286a76a502c2191d3f6da2995850efa890683478c1474a345c8eb524b9aaacff9523f81a75161c72b92b206076c3a5279ad0fc8384a1404c3d9e6d0975e38025c
-
Filesize
216KB
MD52fa8df32d7dd45ed0f0a24ae38df962a
SHA10810a1322296d9408100e4ae8904bc6818e4629e
SHA25681ccbb9cf871bc928d3959bddb85889168a30f8bb389bcb08358c0b275000ccf
SHA512c9179c8e6478a084a527e7a67edd2803e4db99d586573a72c3bd8ab2b8aeaa3e6a1162c5eda442148ad14eaa60f45b565041bd297de25234a4fb4bb9b3f65bd9
-
Filesize
216KB
MD514ceded7ee2e6f5e59c14ece07d593ed
SHA1e1f1e0cfd3486e6a1a87ebbf3fed33282e8ad9d8
SHA2560185950099c452a34ce54e08eb2263e4d877e4e525d0e35923ea0947b410a75a
SHA512482cba4dfa666416e8affb432f377e68a41785a8a315501dff15091199303e3e65cd961b394fc9a73a43a7d4fc0a35e2b6a409093831528522f78455912d4dec
-
Filesize
216KB
MD54f8e51d766c407532b21f0d4a45b39fa
SHA104b2dd260ea9a067023c6a39731389e762f1a26e
SHA256dea7907f494e3551f779776e26609a3c77d265d5ebcc58492815e585ef70dec4
SHA512d2439d5d0501b8c0d30cdd880d0cec6a07f03a47cb9a0128e24db25b7ae66b23e54d5e9f215ff84857a5fd5a7df5b6ecc65152d1524375bef60757207126b983
-
Filesize
216KB
MD5b51aa552697d6f3de5809fa1ed298406
SHA1964cb9373aca177b871ada41522e44423f655172
SHA256eccfd46002bdad33ee6d8df5e7bbb31e14292adecb5f249dcdd3b7ad6360ad90
SHA51204dfda1a53ffe4068dfb0799cd8191ca2b0e95c5b2d898dcbf5f9b77d6d86973fd445dfae96648e78915bced552f7530d9ae6a1eb5640d0a67ea06580eb9e820