Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
04/04/2024, 22:23
General
-
Target
2024-04-04_23143d0fbb7d05f6305df8179c94d5b0_goldeneye.exe
-
Size
204KB
-
MD5
23143d0fbb7d05f6305df8179c94d5b0
-
SHA1
9839b0ee5ea033251c8f33e54ee1281e184b17a1
-
SHA256
1ef0de3c0503c93d6df51827f4047b6ca8c52362dad081991ac98be37eefc0ea
-
SHA512
9f15fbee19907a4fb1a2d434f5d02f665a2f59e8e17524b313524026f9690ede9ccdbdc356f1e1e1687a7fac0111703a976d8145843f1d19278d3bb40b363ef9
-
SSDEEP
1536:1EGh0oNl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oNl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-04_23143d0fbb7d05f6305df8179c94d5b0_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-04_23143d0fbb7d05f6305df8179c94d5b0_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FE97C67F-5980-4d27-B162-7415248958A9}.exeC:\Windows\{FE97C67F-5980-4d27-B162-7415248958A9}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FE51BE3D-304A-4ccd-BF21-578AB18EF1B0}.exeC:\Windows\{FE51BE3D-304A-4ccd-BF21-578AB18EF1B0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EF4D5E3C-1CFB-4081-A0CD-7C5E380853F2}.exeC:\Windows\{EF4D5E3C-1CFB-4081-A0CD-7C5E380853F2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3F7AF55F-17BF-4a9a-9F3F-B0AF9DC9797B}.exeC:\Windows\{3F7AF55F-17BF-4a9a-9F3F-B0AF9DC9797B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0DBD1F65-6008-4ee0-A8E2-CB2780F99FC3}.exeC:\Windows\{0DBD1F65-6008-4ee0-A8E2-CB2780F99FC3}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{80492E3B-FC05-4f85-BBCD-3DA49174C080}.exeC:\Windows\{80492E3B-FC05-4f85-BBCD-3DA49174C080}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BBC1F400-7A49-49f7-8884-9288260ADF3D}.exeC:\Windows\{BBC1F400-7A49-49f7-8884-9288260ADF3D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FEAC99CE-C37F-42a2-A651-3C0236825317}.exeC:\Windows\{FEAC99CE-C37F-42a2-A651-3C0236825317}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A106F5C1-5F50-45a5-BE26-35BA0F668EF4}.exeC:\Windows\{A106F5C1-5F50-45a5-BE26-35BA0F668EF4}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9F9584D8-7E3B-41e6-9F58-5C017F8F2E54}.exeC:\Windows\{9F9584D8-7E3B-41e6-9F58-5C017F8F2E54}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C438C0B-E7D9-488d-8AAA-9FFC613BD195}.exeC:\Windows\{2C438C0B-E7D9-488d-8AAA-9FFC613BD195}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8CBB6508-D040-405f-A11D-9F0A92F2D041}.exeC:\Windows\{8CBB6508-D040-405f-A11D-9F0A92F2D041}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C438~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9F958~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A106F~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FEAC9~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BBC1F~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80492~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0DBD1~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3F7AF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EF4D5~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FE51B~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FE97C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD57d36a614579cf10073bc64e09266e6d3
SHA1efb5d8dc7bf8c837ace9456d88273f54810fd5f9
SHA2562cb831bff543b35de96fb043b6e8d6dd7b4ba03acec9c18b7a5b2279d36bf68c
SHA512c2b91aff963d37ab5814db62dcb4e0261ba772d51892c2e510e992bc9c4430595ddee99d322e2902861535b8bd2bb313f0ebf9c5c9e6c2e4cbc27940a2f60633
-
Filesize
204KB
MD5542633a3eadea3d169b8e72620c90be9
SHA15e0ed6daefaaad02e38476abcb1f15730db751ed
SHA256e4dbe1c476d71947bb8ee71b96b8195cd5071191df0bef65504e02ce300f5f6b
SHA5126bdea62ad1c07c49de46afeb547323fa360d51cd76d5f422002e0b19fef16d0486a7f04706598f8978188a16b4928230620ba5da4dfa38259146ebdf45b177b0
-
Filesize
204KB
MD53c84c8711bb41c8119049d0d9ebd95b1
SHA147803ccdf9277fa93814bc7b6bc8701643e9d08f
SHA25640bf577ccdf1c706f56783972436d4c5ed0710b51391e612d8c2268c8f8792ce
SHA512345a0e9abd0c52c3a8717456dcb84aef3f9e651f75a5e4df5028c2429cfe145b24d1848808334e1adba592b616dffad719fca653607439719c737493faade09b
-
Filesize
204KB
MD5402a779fbf76f4958029153f283f1927
SHA1c3687d465376e22cce1e6cf4f00916fcde2416ed
SHA2562100dc357103a097d7dc2ed8ec3ec8bbe6510f6ba69582e01b44b649788b9935
SHA512a34f3fec1b0d4cd03af03a37bed27b3352d72083e511ee6eb924be727315c639258e0850240d823a2b3d06ac80072e442dbb6c126548e07d436c56ba5a85bab1
-
Filesize
204KB
MD57fc9af4cba2e3d4dd92765debf380807
SHA1623d5888139c384a3db2b5c69b6bcc4fa8a251b5
SHA256396ce37820647fe5354225602ecfde3df693b60a14ed83b5e40eecdb551cf19e
SHA512b5fdcffb7ace493ffe6094b6f6165161899e059e70e5bf3e0c9dadc9c80ff55bff5e49a63ceef4182ec75c4ec53be8523afd8e4da6f74355b3f5109bfb62a63c
-
Filesize
204KB
MD5ad58383357837017a6dc133698f1533e
SHA196abf90f463fa76ea2fa700aa1bd4d4672df5fc7
SHA25639bde56fff7fda44e921bd3876a5180d16dece76ea636507abd56e4c7c3d1c04
SHA5120e4c94635cd9f3228e90b633b6a047b8c9868e7e5a82a55a58eb426f77af7d820b931c96d6160e2160a7d86a364dd2d0d8ac39ecf9741167d5355ad9b2520aa0
-
Filesize
204KB
MD59f11d704607a724c08ac574adc3c43e4
SHA12ccec922fd7d7255998fa26ebd96396b9bc56ca4
SHA256f60c34ca131bf4735f187aad2e902c3301158edee310df273fc5ca7dc8a62644
SHA512df234e5328d8da00f88ef73efb686e5e1bd2c42bdf785906a48a4a059602eaa35b5b40bcf09f38ce9f7bb6d0a3fc21467f19a0411f50c541e1c91607cec06e01
-
Filesize
204KB
MD513a4259fb672a20af58d5a49737281e1
SHA1f85d38f6eab0c383e7ac662a327dac8620bafbf6
SHA25658ee6c26186749b6ce95705fde72c644627b2b6ef9ba0a0af26e17f626ad19c8
SHA5123dbd44768c93366fa5de6dab95d3b0c502ddacbb5a70db69f998165d822939fc3a9a6f6b865113c051e877913f5a85751b25caa71c2a09eb96b7e9dc966633b1
-
Filesize
204KB
MD5fff3b54d63b0c1d1fc2667b3d587dbf5
SHA193f758b9936aed52a2ac87a7e31710e26ed8cba6
SHA256768bd1340557ab3f7f7105491ee7abb9bee8990426a58bef41bc2552f3884a07
SHA5127fb9d96a09df95607fdc398f82783ddf2c9592926d10e4f26892396f6ac3a973c83a4ba4cb99bcbca5098bb48901792a76ef18dd1a7bfe3cd59ce178a1e109ed
-
Filesize
204KB
MD5cf44771d1caeb1539d14c9a52d645e51
SHA1e518ade2f0fc07af8e0441ab95a2bea21b6d6447
SHA2569bd012b35012e0c8261d4a1c12f8de9eb36e9214828904b369d4d5fdeee84515
SHA51238819c860b7143d162b8b89b0eb6297a718e7014e46653ae52b07e7895edbae8ecedcba255f52a7c00d8929f961197c8d942e9c7857d33c4d586228741069b15
-
Filesize
204KB
MD5b075c9eb37d3e4b3198efac845a41475
SHA150e455891a085b3eb003b5e0db39eee80f7e9818
SHA25618bb2688bd853760cc5a80addc616a8a47148967422494f3dab0002c8bb47818
SHA51277a5f8928594ddbe4e4845065f57e821bc0193336bc4cc5074ef93e1816faefb14b8ea1cd41b2d98807af560cb0fae5c38071bc02eaaad25f465f1eafbcdf2e5
-
Filesize
204KB
MD5cd38d135495b537c6a4f5cc8e14f1e94
SHA1698b9cc039a6b37f9bc5670f3ee04c305aea6dcf
SHA2568a89790d5bf5f067b4bc249b837f3f666b505a399b2081d6673611def2c8543b
SHA5124e304fb1936a8fc65030500924b17768ef5ec6583f128ce9ce240024d7ec7801105b505dbae7ab382161bdf43572efb5f93df5c6cf9d0a0a45a04ba24253bc80