Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
06-04-2024 09:29
General
-
Target
2024-04-06_2bf9a6f0b3db71978a28cacfde2ed409_goldeneye.exe
-
Size
180KB
-
MD5
2bf9a6f0b3db71978a28cacfde2ed409
-
SHA1
a34fb5ef91e204b53aaa5c937a6ae73f9d4a6fc7
-
SHA256
d611bb2796576c3f36c12646352f87ce345a57bc76022b09c72f00599eb1dc04
-
SHA512
efb7f920dbaeed9606f681dfca6d48ad2c6019a3c69c8dbc96b76fe90f5988137aa7eb70ed4b47e95dfd0e8edd740f2becc36dd4a56467d47debad47aa188022
-
SSDEEP
3072:jEGh0oglfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGKl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_2bf9a6f0b3db71978a28cacfde2ed409_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_2bf9a6f0b3db71978a28cacfde2ed409_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D180B699-3BD9-47a2-8F45-35DF2A0E1D8B}.exeC:\Windows\{D180B699-3BD9-47a2-8F45-35DF2A0E1D8B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A76AF912-2AB7-4f73-B9C8-B4F12401D116}.exeC:\Windows\{A76AF912-2AB7-4f73-B9C8-B4F12401D116}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{22B7B092-12C7-437a-A641-8B977A743739}.exeC:\Windows\{22B7B092-12C7-437a-A641-8B977A743739}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5D7AB431-5430-49e8-B909-17CBA49F2833}.exeC:\Windows\{5D7AB431-5430-49e8-B909-17CBA49F2833}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B98E39C7-0A06-434b-B9F3-D37EE46EB71D}.exeC:\Windows\{B98E39C7-0A06-434b-B9F3-D37EE46EB71D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C354BE8A-C1E1-4fa2-AA0C-F504317FDC40}.exeC:\Windows\{C354BE8A-C1E1-4fa2-AA0C-F504317FDC40}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{04AF53CA-6786-4abd-846D-CFF982374426}.exeC:\Windows\{04AF53CA-6786-4abd-846D-CFF982374426}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1005C682-B225-4c40-BA41-F13C440E0527}.exeC:\Windows\{1005C682-B225-4c40-BA41-F13C440E0527}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{219536D2-9EFC-459c-8F88-32749B2B03AD}.exeC:\Windows\{219536D2-9EFC-459c-8F88-32749B2B03AD}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8900956A-4AAE-4a5d-82F0-9AA6D4B37578}.exeC:\Windows\{8900956A-4AAE-4a5d-82F0-9AA6D4B37578}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7D200EAD-F06D-4c80-ADF2-0533FA18051B}.exeC:\Windows\{7D200EAD-F06D-4c80-ADF2-0533FA18051B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A3EB3067-21F8-4913-891F-8F6FD67E2BDE}.exeC:\Windows\{A3EB3067-21F8-4913-891F-8F6FD67E2BDE}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7D200~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{89009~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{21953~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1005C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{04AF5~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C354B~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B98E3~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5D7AB~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{22B7B~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A76AF~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D180B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD587664cbf4b00676fb69fbda05fb1b1a1
SHA1e0bce97dab7342d0c79c1a44394231ce34bad704
SHA256574ea1a5b5a298a5904629bcaf24ab12f142e6f522757351fc421dda4ca21be1
SHA512418b7cb1f525b5ef718181f1d4e2224ea0eabedfefec1a5c4a80b0af10deef6dcb8e9a24c0fac1f74a420ffca34fcda127c49ae52b001e5ef730c39c3b99f289
-
Filesize
180KB
MD5ed08c5a9390692a3df8e188d9bdee1e2
SHA17ef6c69ca22ee33537244e7d0b44eab430764ec5
SHA25692fb25621207affe71fd49592972dac367f7622446c0dc0e129c85168b5f2c44
SHA5125acc6bc8836d71ef75ed4593aa92263479f8055ed1737d0261fb8e84ac089b39ffdb759c49559cb59c2c0c489346b0df2733333d2038b80cc04293155cbac8fb
-
Filesize
180KB
MD5f5d10c14a5b0dc01d4a7239865379b0f
SHA1c60545e7315e69654e8f5186f2ca89643d496771
SHA256a858a26fc7b448e138c01bf2c2a8e782f742a5125fc113f9abf62ec3577731b4
SHA5129303fdcefd763198df13ff6cb9b00f371bbf54f7bfc6deaf69fbfab77902ac0f86d669a1204600fe3576bb82840271e388cde06ee7b9b191705b4c69df6d4b47
-
Filesize
180KB
MD5d039190616c8080c68d760326bb10e64
SHA1131c8e049dc73dccf50247740edf421145975263
SHA25686b0375f0d64e901e47215ada99c718f66790851a01efa23ecd64b4553f7a44d
SHA512a2f5615d7ddf8ae413df7ee10442f6374603f92c355cf21291084309f1c6545d7ce0f30a19f383674ddf86dff16ddce05fd2255aee27ad6e5ee618b15b74c02a
-
Filesize
180KB
MD5e9b51be677e74cea6fb6c1e98d17fd4b
SHA16f31940dc10ce32682cd3b9ef4ff544c7926143f
SHA2566d79457e910e2a24e94c8dd6b25adfb1b57ab521d8df47b01c4141b0d02a1cbb
SHA5120f351737865793dde22d996fc9d60d7990a35ebd0c0990849ae0633823018b77557f9a4adb1cd90f35c4345aaadc819c38e8fad1233adaae8add643d7ef85026
-
Filesize
180KB
MD5a51ff04320f16d55db55c1f194391ac5
SHA19881780b3d3538f502a4140c006ca25203466949
SHA256c49e49ce1bdf21646dcbf798dd857e392b1668c4cce10238b78afb01d2e20013
SHA512608c1c8345c05590b45b09f82adfc4486e21c1cbbd6927724b30b9a08b4ed6e2c00c6501d854cd981a6e5e81e33bc7fec922cbe09ac9216455b846759d700f9f
-
Filesize
180KB
MD568c577790764312a0582719942d9c950
SHA1f48453fb4abdcaaa50ea5a968ca37f7670c4f9f1
SHA256566d15e55f5e9c59ff550802d1dfa824ce37d82e67dcb11284e15321c0d94cd2
SHA5122699919616c3781388d9b855bc42998959686e03f28b3e6b1981c186fd94a932514d4f1e7173ac05fc8dd9675ed2a066bed1f61700ef23137b92a0e5d6d786df
-
Filesize
180KB
MD55351a145d007927bfc344efb530d7df9
SHA1b4f1cfcbc2e78c9b390ec159743868248c1b8ffe
SHA256106cd9b2e18fabee3f075bd1c33ee25f6d6ff454cd056dcb5ca589834dbec720
SHA5124b8df3f7de81174f0b2fb990b3b027d2ed51eea37a9505669ab1f45dec0860a50bdae95bf4ec50e6578d4e28adae11b007fd7493e9e5885722e661729fe723ed
-
Filesize
180KB
MD5c0d3b426e258ca7c47a1a118689685b6
SHA194644dd3c533b5273d831534d843ce0c74eb87e8
SHA256a4dde1bc08debee0f22fc12b6f5d2914c41e7d50d5edba0606d53d4c270257fe
SHA5121a61cd5b1255f7bb948be97d0836488d12fedd999ef22854d4eca64fd957c53636fc33e20a2ad2dfea7469e782811aab625c454f2bb5f3e1161a89f29ca35055
-
Filesize
180KB
MD580a289d2db609021b9f940fe4fc0d20f
SHA19e3ced6ffb92904eb1bc735f1bccbca35afef38f
SHA256364b95f9648888dd442d06c1844e7817db71bf31bea729e97426b85e7a86ef90
SHA512683bded8f0022aac7a50b677273cc694a1f7e47fd962b274d313236245523ba2a24a6baf2b289fa63ef16d521f5ba96c7cf3cb02a7ae154c51319c494826378e
-
Filesize
180KB
MD5236b094614b0dcba7f888048224ea566
SHA127781c031bf1b8e0add7a335ac539518c4fa3467
SHA256dfeb981857a4277c759170753ed3c730e5299b78b4507949e86f11f49a25317a
SHA512cc8599110c3ce69ae960b0626e48a826d19dac439c72d72384bebdd9cd8299c6da96dcbb442f92c862dbfdba71450e84d5a554b4ae7ecd68f4fcdcb1d54cb71b
-
Filesize
180KB
MD571127411daaec50d7a70f46c699c23eb
SHA14ec9e53f26af7696106d7c48e898317bb31da5df
SHA256a16d016568744f772b0ec621e9356dce3b82fcce992fa45852f1e6d72fe9f11c
SHA512516ab97f0118310869e3e768106cf179c25682045f34924eb31d67e14ebd1a187aaeba41c21a5e2cad2ccb6e0815731980e936226304031387f50d3625163ab6