Analysis
-
max time kernel
155s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05-04-2024 11:47
General
-
Target
2024-04-05_54d6c3a6b291cef3b0a1e6ced431a459_goldeneye.exe
-
Size
216KB
-
MD5
54d6c3a6b291cef3b0a1e6ced431a459
-
SHA1
5e986b94d227059a6d6c998e5f862d7c10bd9814
-
SHA256
454d240c0f243f2a493f53fd6401718ee4415ed1ea785620164789d2e41ed2ac
-
SHA512
e4a4dd478c26c766152b8a0295584a0cd4e2c5ea7232603034f30003bfad6ee49e646c8900bc0161bc1f82dddaf7143979f344ceb92835629cdc7e28d8deec21
-
SSDEEP
3072:jEGh0opl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGrlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_54d6c3a6b291cef3b0a1e6ced431a459_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_54d6c3a6b291cef3b0a1e6ced431a459_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{03715686-E215-4e80-993B-F3783B050011}.exeC:\Windows\{03715686-E215-4e80-993B-F3783B050011}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{92AEC0B1-9FF7-4d7e-B968-84CCB244B66A}.exeC:\Windows\{92AEC0B1-9FF7-4d7e-B968-84CCB244B66A}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D29CA4B3-7776-430b-86D8-DD9F50A0E4A5}.exeC:\Windows\{D29CA4B3-7776-430b-86D8-DD9F50A0E4A5}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7E8D263F-E771-43ee-B910-5D216146AB1D}.exeC:\Windows\{7E8D263F-E771-43ee-B910-5D216146AB1D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6EF15C1E-D9AC-42c5-A7C9-4CF1F1E1130C}.exeC:\Windows\{6EF15C1E-D9AC-42c5-A7C9-4CF1F1E1130C}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{643B4EAB-065C-4e93-914B-6781F1494834}.exeC:\Windows\{643B4EAB-065C-4e93-914B-6781F1494834}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4DA22A94-B401-4ced-9132-E84F260A84B9}.exeC:\Windows\{4DA22A94-B401-4ced-9132-E84F260A84B9}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A0E75438-EE26-47f2-8995-054DE56B47F6}.exeC:\Windows\{A0E75438-EE26-47f2-8995-054DE56B47F6}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0EACDB64-0C5E-4730-AA9B-7801EBA6B85D}.exeC:\Windows\{0EACDB64-0C5E-4730-AA9B-7801EBA6B85D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1A8485F5-3433-4bb2-B031-3D517E07BE6D}.exeC:\Windows\{1A8485F5-3433-4bb2-B031-3D517E07BE6D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1FAA451B-4788-4341-A74B-2B09D38FEF07}.exeC:\Windows\{1FAA451B-4788-4341-A74B-2B09D38FEF07}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1A848~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0EACD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0E75~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4DA22~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{643B4~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6EF15~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7E8D2~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D29CA~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92AEC~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{03715~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD54eb34d424955e090aab5a5f8305bfe31
SHA1aea1ccb4beed7acda6d379c1ae2c2465ec98b1de
SHA2568c2ce655b6095c2c689a47d281ab500ec0ed380f50d92855ff6453acfbb485e1
SHA512f65a73b4b7bd28abd2816a30cb772788e940e33906c47e8353d95a282af3eb2aefb9c448a4487dd4ea381cb1755740c68dc572a56c7a5ce4419fbb6ce2ded355
-
Filesize
216KB
MD51c18ebb104778ecfba5ef59b9b6bf603
SHA13adc2200078a598d62a48be81526313df4dd6f72
SHA2563b8c6ceb380232f0b6584c8e3546e1f0648e7c4fb70bf1b1933adc8e44472389
SHA5123ca7119ff6b5594601a961b975a81febfbcfacea6e7554c473eba2d29b9fd9fe2ed1f408fcd8dca571eb37822265bcdfea26205ab3d02a9e7b126b62dc79b968
-
Filesize
216KB
MD55404c2b50a6f4600a5584ce729e541de
SHA1e7571140dc33f9a02414737041fc9ef68ce4e526
SHA256c1f0eb317047f1cfd404ad8c4242f69bf2327b9c191021035f2ae0b5b760cedb
SHA5129ba2dc14c612185756cc3ca23f95d7dfd2e7baafccfeddf3065094d919cb57e56bbed10a277df6134584afa14d93992470e84b6d50f74c26048dc2faedc00a07
-
Filesize
216KB
MD52ed9a23d829d5fe1ea05b40497216358
SHA15d47fe8b5f884d22de17cb9cbc5d014fdd3b0f42
SHA256f86d151e89c75d8d66442124807ee811ce4344a955dfca7d66cd22d15b0e9fe4
SHA512e36d90c646829db6abcfabf7fda79c635c0454482b0d41df2ba451e59ca373bc0c8ea86ab9de659989f0d82794385f6df17b23aa093e051fe8f6cd1c788bed7f
-
Filesize
216KB
MD52bcec0f56d0405e3cb750cbf98b553a7
SHA19cffea3714a82122ab24add52b1dfdaf04dfab4c
SHA25600e4676b7626d483bdf9d42c0bd8a508327a45cc26b76fb02a50935da7829550
SHA512a86902d7de424d8e819d4628717a42aa94c7b6959344f206d3aa1cdc1bfc8d5c8d9327c049534a045b5f53fb0f7e08e8857cc5b3223d7ebbae5394c9e0309a0d
-
Filesize
216KB
MD56b7f1637ba4ed2ff70b4ae7fce9d0e3a
SHA18d8236b8ef889777be4ae6895cf8b1e6edbaed01
SHA2564d37186f0df87658963d45260bb5bbd136b565ea4147d1c027103fb7ffbc37c9
SHA512dbe06fd1db29f6329ced3cf032ead57e47a807fb4762dc72df5963c25ab0eddde72fe4678a2d41ba4f298bd4a784d375e747bc98016774a776bf729df38a2f29
-
Filesize
216KB
MD519e170c036b3cb148c51265cee371391
SHA14e7a80a52ef7dabdb5abe5d6c9093a6e08846645
SHA25689f58e6bb37e4491779d283f70d1f653f98db1d35c25b66bdb68a2836e862eff
SHA5127172c6f0aee2532c7dff6969ac45177c3963922654bb54bd1637f8fa0d0c4d0abe641755f6ac33002b10d6baeca728d909fc7fdfc2025132d5b2723009a4b6f7
-
Filesize
216KB
MD549ee6ed14c5c43954e53ee1000fb28f4
SHA13846f1c14af7fee5ac37ac6629b440db7fb4c919
SHA2564e5bbd5ab0068bb78bf734e6e7f201a9720626d8f14357f30b4b3764e189356c
SHA5128747c8525c11f8989930f48615055bd06c28d5d309a90444eba4547c217601272aa682d284e7db3d7fbf1958ca0d37e5d958e924196bb239c3f3db09b88508e5
-
Filesize
216KB
MD530b29ea2cab054cd97a11d8f6b72d220
SHA1161f82bfaa439a94e49e611b73dd2928078da927
SHA256df9f524dd1db0b99bf890d07bb76df24fcb6a8cb08ebf095b7c4b91cd6859612
SHA512ebc47fca4a3456254fb634b0238f0b398aeed0ce7498cf8fac300bcb725585580a29f4ad1ac0cd38df7ecc0f993b56213655ab9175dd0a0d080853b0793418fb
-
Filesize
216KB
MD5c608d3f49d8e0012c4c2d610dff93ec9
SHA1aa91b0bddb59432a04ba72c825cbc46da29b6c75
SHA256573be9703a0a961bc5a39a33232d38d3f104f581af329fd93e3458d5d8a19d01
SHA512789bf93fbf2314e9170cb86f0a96290f4537ccf54c9a2d7a035039db6c6dafcb54156198771a3e8c15911bf2161f7448ff3625b145de42c19e623652de2ccde3
-
Filesize
216KB
MD54d8712a075ec272aa9da86dd514d43f7
SHA1334d5aafbea5b89622fb1abd556d637e447ab63c
SHA256da0c50616b8a762b3d3b011d33fb35d233a9c1005f344ab790be8c180615947a
SHA512867a78b56b3e8d103f158ad70c20033e20fc842622e663d976e233e155c30766f147e08b72dff26f14c39717c8e6f58613f54416766af1274f428f2ce18fd72b