Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08-04-2024 11:03
General
-
Target
2024-04-08_cd15fa97891c8af713617ca8c67ba747_goldeneye.exe
-
Size
197KB
-
MD5
cd15fa97891c8af713617ca8c67ba747
-
SHA1
5f0f18c020b63dc0282197bea8300e42300d7d98
-
SHA256
a67882e897555523ecb3e1de3b8dd6b3ace0f5d104a47badb8359d7a50975efd
-
SHA512
c47857c76751b3becf37bdaa59c716c0724ce53393b385bef05e881d5a2cfdabff6c8b93a221fd709ab70664db27a49e8fe908a6d6d9febccb4431a1eac139f7
-
SSDEEP
3072:jEGh0o1l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGvlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_cd15fa97891c8af713617ca8c67ba747_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_cd15fa97891c8af713617ca8c67ba747_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C0816AEC-8AB1-4855-AAF6-2B6E37B30D11}.exeC:\Windows\{C0816AEC-8AB1-4855-AAF6-2B6E37B30D11}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{98C1CE3E-2423-4cb9-8E54-CDBB0B2A6B01}.exeC:\Windows\{98C1CE3E-2423-4cb9-8E54-CDBB0B2A6B01}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{05DA7D63-8147-43f6-A535-AB8720D3CC71}.exeC:\Windows\{05DA7D63-8147-43f6-A535-AB8720D3CC71}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5719ED6E-B53F-43f7-8062-D22E13CE0E28}.exeC:\Windows\{5719ED6E-B53F-43f7-8062-D22E13CE0E28}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{20CB6AF4-284A-4e7c-8D41-FD9C906912FA}.exeC:\Windows\{20CB6AF4-284A-4e7c-8D41-FD9C906912FA}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{97916B8A-BB38-4f21-A9EC-5874AB9620B2}.exeC:\Windows\{97916B8A-BB38-4f21-A9EC-5874AB9620B2}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1904B375-13DE-449c-BA55-3839E91C4934}.exeC:\Windows\{1904B375-13DE-449c-BA55-3839E91C4934}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BD9E8244-AFFC-411e-9CF0-3CA78B8E1425}.exeC:\Windows\{BD9E8244-AFFC-411e-9CF0-3CA78B8E1425}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FBA54D20-6EF6-47fd-8534-703AF586B86C}.exeC:\Windows\{FBA54D20-6EF6-47fd-8534-703AF586B86C}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{306A42F9-AE5A-47d4-A6DB-A6467D18F1C6}.exeC:\Windows\{306A42F9-AE5A-47d4-A6DB-A6467D18F1C6}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C0E3E329-8E9F-487a-857E-74A8546317DF}.exeC:\Windows\{C0E3E329-8E9F-487a-857E-74A8546317DF}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6DE9B601-2433-470f-BDA8-DC21F15B1AE4}.exeC:\Windows\{6DE9B601-2433-470f-BDA8-DC21F15B1AE4}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C0E3E~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{306A4~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FBA54~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BD9E8~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1904B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97916~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{20CB6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5719E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{05DA7~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{98C1C~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C0816~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5a7fe982f73dbf6d8f9ec74a29e3b2ecd
SHA1a0aeeac93f2371aecc74f7cd20bccadf3c29d5a7
SHA25668cff3b3b981c59fd3b994c58c876b7b73979308649309105d2795f15af8f9b5
SHA5126db872f8e608d113bd493751aa54faf5b980dff205f5eae47c3499c840203e769b2a5563b9c2ff00825327e9dd36059f01934c0aae7644256abe6821c493a829
-
Filesize
197KB
MD5a697b5fc5849bccd628a6a007c9dd0d9
SHA1ac326e6251f56b24b9590483a8a90ff59f882f28
SHA25625099038790b97b1d1070dfbb94ffc0d509ad26f0684b038620cafcf6e741027
SHA512927340374d972901224d95a26155d2e82bed8117775b4316e42c3b181fc05d91ec427c24c3268ef1429c912d703de8f983b1784e733742984f0e3d685c7dbacd
-
Filesize
197KB
MD5167b181b0e2a392f3a777924d291ebb2
SHA150b324763ead0586fddf12dc2dc99661caec7610
SHA2568fc2da4db1e0f082d88d940e26c2143f9cdd93f6df02d59ab87713f3de43bf65
SHA51255ab2e05dffb6e72d394801b6d9ba89389f7a0399a50bfd51559c3af32b0b1aa2c921e271f98ec870f754f14c08a710ce55837715e41856b36a5dd31d1bd9d50
-
Filesize
197KB
MD52e8b19d6bbbda91089a5936bb7da8ec8
SHA1613e1601190ee4431fdf2edba4d8456cb3e2810d
SHA25684e6aaf08994f85c7027bad88773973d1fe5d363c16432ce034dba8890627acf
SHA51257d398fc838ef1932316921f327c84964755b022286c261065dce658df1d11f86dd818638e07cae63c6be9a956a2f452c03d1f85277c784bb6499725eb1bdc06
-
Filesize
197KB
MD54f4de32d5ddcf4c1036abc1ae2065e67
SHA19d169a59cb6d5cced598dbbdaedd200fe4f23f1c
SHA256ffa0b64ec1bde47f500e277888b06f05131cdb4c4910fe1167cb8a0fc0102a65
SHA51255b48c89f32d969b7d5074380022a89902efedf6c52ccf1518672f3e55fd4697a4aa9b561bb8dcecd6588be5838c793c609483580d1a0a4b800474121d4bd8e5
-
Filesize
197KB
MD5466502b7b086105e1c3fa90463a987be
SHA1b7fd29f11ca73e85376b72e800737e1f8db0beaa
SHA256f17780fd370607fbe94d5681091f0dee4d3e43182007baab1ea9d355817f458c
SHA5121d7dcaef13472d3e400edaec5d7bf71d1e3cadbfa55de2cb53e78616ff448b272ccbc5cfbab5fa06285d30e3f5e7f001d6d14ee6dbbfa352da4bb96402c80528
-
Filesize
197KB
MD52cff4618e5a7d83d345c45dadf3f1dfd
SHA102dcbab6469406b1d33c50effc2a07e318346eab
SHA25685f5e18e5e6aaa7091c72042191ba0dab5ad3c1bcae62270b5dd227084005009
SHA5127f6e4377bfd0778c7d083328e26a4416e7ffc2324baad24fbb4d2061be8f6b7b48ec89bcf272d6068d744c6ee2d7c3b807f79a9bc0fd512e585b680face055cb
-
Filesize
197KB
MD5b310b7278f16e3d2b9d37fd47f6656e7
SHA1028b6d40dc65b0f72c7b3c6391ff8f46fd3b1f2e
SHA256c0f5dfcde5085f5f3df076528626061616930f289e456f3fa12208903c32e466
SHA512271c1b0184870bb4dbc743ed8a7e77783e496026ff87462c2faa23258317ed834c714894dc00621d886525eb4d85b392dabdeaea5c23d32eead24250b2ef51d7
-
Filesize
197KB
MD550e9859695e1615bc47cf40c425430dc
SHA190fee2b9c1aa75feb6bf144cd685e610f4814706
SHA2561077b5fb874e336b0cf5cd25cade1da46f4fbf7111dcbe084d9037ed029d52d4
SHA51223c0d91032a99ce802b3492dcca93f4e1e6dc91754c885c00c21db5ef46105b1312fc647da110d22882790627bdc711c814cbae108694bc88dd1ee399a52b913
-
Filesize
197KB
MD5d1b76a9a7442ae365dc86add9702dc55
SHA18f6e5c2ca830f35860b0d41b9fa8d913e7343968
SHA256142b545a82d6f1e56230a4b6289bc511afd165738304852b2b15bafc057a501f
SHA512f6959976bfc37cf900159623f7fa61a95e48a9802c455e655d3bef5fbc01dbc3717ce14d7e2d645a7deeda1b94ae388c5c68dd9f2d100f1a555f9ffce234f31f
-
Filesize
197KB
MD5febdc79977e438716def48bd85894069
SHA1861852b0d0be8300f875bae2497866c9860e47d4
SHA256720e25821d320ff72a9da3191348441dd86d4a2e0efbe7c8be62c3f809886ec8
SHA512bd667d3ccf851ca4426541370a20f9ea715286a77a75127a30d5e5c460313e17afe8aeab7278472f63eacd2bf7cc450ddcd648e46a41970fd41b93987e182bc7
-
Filesize
197KB
MD5d53eff644c2bc00050a04c308c96cb18
SHA1e6ae6aae4199f9eeff8703791ab8c33f7b8b3425
SHA2562b56547e61fed2a28f3a3b9ee78422e0a50a249e1093065db23339aa87e60371
SHA512c2e9878ff0602acc1b649fec84b6e00f5667dbc6d1eedee23a6f23d831a7585655fe33c1e6d897abcf17b93a9db73e75ce2444a781a1b8877ac2d0ce424c754f