Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/04/2024, 19:01
General
-
Target
2024-04-08_aa9fb36300872c9e0d08768c17d1fc3b_goldeneye.exe
-
Size
204KB
-
MD5
aa9fb36300872c9e0d08768c17d1fc3b
-
SHA1
3426b622382c50eadca454d5e00349000834613b
-
SHA256
59c874961a973e2e3938866d754a75ccc433bab965195d625386a0962965a1d1
-
SHA512
6e9d56aae2e01cdc3d728dfb562290b944f118b8145d83a3b868dd0a60cd929a96a876dff517a0bb1d90c1a732d75b2b2a105d3187966e76a7b1949a6f2a2a61
-
SSDEEP
1536:1EGh0o/l15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0o/l1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_aa9fb36300872c9e0d08768c17d1fc3b_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_aa9fb36300872c9e0d08768c17d1fc3b_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{902BE5D1-5140-4e59-B90F-6E2D8DDFDE6D}.exeC:\Windows\{902BE5D1-5140-4e59-B90F-6E2D8DDFDE6D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{360F78D8-1696-42ef-8823-448887F558BE}.exeC:\Windows\{360F78D8-1696-42ef-8823-448887F558BE}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{114390B9-F60D-46c5-9D45-0A15CE9DA905}.exeC:\Windows\{114390B9-F60D-46c5-9D45-0A15CE9DA905}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DF860BB3-7102-4ad7-B164-940459742752}.exeC:\Windows\{DF860BB3-7102-4ad7-B164-940459742752}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6CC94C21-CFF2-4b58-9388-4A27E3BC5F4F}.exeC:\Windows\{6CC94C21-CFF2-4b58-9388-4A27E3BC5F4F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A9288709-645F-485b-BCEA-DA6B20870EDA}.exeC:\Windows\{A9288709-645F-485b-BCEA-DA6B20870EDA}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5C73C3BC-889C-49ec-8277-DBE296FCDACB}.exeC:\Windows\{5C73C3BC-889C-49ec-8277-DBE296FCDACB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8FED34EE-9B0F-4af4-BE8C-CD89C31BCD19}.exeC:\Windows\{8FED34EE-9B0F-4af4-BE8C-CD89C31BCD19}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{80B505BB-B82C-4b81-9C8E-0EDF7EDB4E7F}.exeC:\Windows\{80B505BB-B82C-4b81-9C8E-0EDF7EDB4E7F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EE1A7C28-C186-4159-990F-BA25A3B175CF}.exeC:\Windows\{EE1A7C28-C186-4159-990F-BA25A3B175CF}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A1F5D2F3-62AC-450d-A14C-E9DAADA86AB2}.exeC:\Windows\{A1F5D2F3-62AC-450d-A14C-E9DAADA86AB2}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{92E141C5-271C-4c62-A9E5-2B5B52F56B50}.exeC:\Windows\{92E141C5-271C-4c62-A9E5-2B5B52F56B50}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A1F5D~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EE1A7~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80B50~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8FED3~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5C73C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A9288~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CC94~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF860~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{11439~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{360F7~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{902BE~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD527d6038e77f0a33d811bf06ad7f88696
SHA115d93784b30b61d2bb65ed818b162b30a15dbac6
SHA256f5761e94f4d9967fafab6b2c41d3dc310558069d1caa7f96958c936494d35b2d
SHA512beea406f9f7c421ebc86242037b31a93d870068457670d9100c29554388c985de0183740aa1b2c7f8ab092bfe49a1407efc46634bc1dacdff54ebe5847b6d7fa
-
Filesize
204KB
MD5bb9e5c250d61a7a5e3dc38dc8f64b4c1
SHA17d556a25a06cb8258988205bde01d91eb0f1fe4e
SHA2568aa3603f51503cc2834606a3e2c2b82165bc3139f6f57cae7a760964a08470ed
SHA512213dfd43518fff75887eb3b53cbf5e4e2c3354dc790bdc736e39fd746bfd010f9d300cddaa2733c7e61aa2ebfccf527fd8ea715e9851a29a673d9a1fcb5fb136
-
Filesize
204KB
MD59f06c1e55a57c09edc80745a151302d2
SHA192555fe08b165c975b5c8452d1af177093178553
SHA256737ce84c275d9fa9bc9f6a4ebe94c9dd8e06cb38b1d065ff8e70bbcf1ad9b8c4
SHA5124f37d76c205e1da6ac476cebdbbf5be0ecd9618333bf0396aecd17b57ae2984c537184bc27fb8bef48188c03a4fd4124ff3c5b803debee6270a475ced0225ef2
-
Filesize
204KB
MD5952009ac4ddc8e6c2ee937b67aff7d20
SHA19c76af8e456f062dcfd7f9f95d30023721a9000d
SHA2562b20081ab7f558cb25510a599ce933294176a5aa01f6c2c12018456200057f50
SHA5127089f4ebc9c497e518b30a660aa360f734952c869e6d406fcd32099f17326c3bc89e473149ecb17e2dd3795fd15198178b02943a69f86f53ac75e2ed0f44c54e
-
Filesize
204KB
MD5a591e83c87c6f6e492e210f0cf9f3d4a
SHA196f7e4c958c5bb50e6c5bc7fcdc50cb1c3392aa6
SHA25621465d01357636ab101c51358cabcfb7a8a67ad823af7225b46e13beff52c1f8
SHA51279bdb877a1e557eaedb1764411971baf2e1b1bcd2a763572b60afd3e97c63a0c0f42c006d92d7c106c95cda5999f614e465fc0dace495159b6bdad44bec2e07b
-
Filesize
204KB
MD5d93847cc1395529290c6229293aebc3b
SHA16ececbb0df1eb5f49a88c15cff420ad982eaf13a
SHA2562e34039cb7ec1d3d52644e9e151097c073dde6852b6025d9ba9fcdade4907dcd
SHA5125371dfc3996376e95720f11c04e340fc9adfa63d836e5d70dcea557e9b42e7769dabc616f743464793786c3f9902ce147400366dd5af83e2cb6b6cfa3e2954bc
-
Filesize
204KB
MD59a0179c049d2ad8ffb25b8854dadc8d5
SHA12c51f85defe82cefeedcba696e05438daff1c335
SHA25619b9ebae7b28e40c74a7bea56012c77733ed7196718e44b0d150b4bf0faf4df4
SHA512d7741f51f5fd45aeff9268339635b65b29e41b57f54b1994391f05d99573ad5c51fb1063aefc042c03b125df7dbc09b876c5062ea3e290d8ce4682f58d12cb2b
-
Filesize
204KB
MD513283aba4bfa8195d59affd0e349afae
SHA11751804a495f361980d66218e7047ae48cf3fc68
SHA25644cfd0c4eaa83a97557da67b395a655bff27b6b3da9d09de9f1b783ab6f126d9
SHA5121d75b00e61d8d4d44aab0e6eb291e52bbceda5b320bb0f69bccb3628242474109dffdf630f511ae31196102f9027b9d1141b5c56c7227cccb6deb90a3a93a937
-
Filesize
204KB
MD5e45677602caef6145a707cc665985766
SHA178c26ca66363ce36ac3de3bfce8e7bc450648fc3
SHA25684335555977566732be9d4d5b6db5d403853d86c5e2e0cfb479941a0ba5b237d
SHA512eef18fd11c3bd08ee3bcbc8061b586dd08b8085740f68b42f88b46c309a9d94721bd21bec8d48b089aedd84609a69dae6646ff3df2b742c08611001f0dc5e591
-
Filesize
204KB
MD5a3fe8952e2246c110aa541be3f9344fe
SHA1917c6535d911a34d823c6b5ca5f0b36d91496f4b
SHA2562f01f0199c4df7469917adfbb0dffe30304aff1afbf92deaf3de7f7d85975d10
SHA5120d06a7e528d824a5f6a4a6548f48a28dc7565c197c3c54c8b87939ff95d23d8c2833e6eab49af04569ebbb7480b926a8e3b284b6bdad4c6d012ef83c26281be7
-
Filesize
204KB
MD58565829dc7bda1da6105f2c35d7156ab
SHA166af2351c2116ca7e06da1f80d76c20682448c0e
SHA2569a4a6f3d5477bf2b26e8a68dcc1cde955ec72584f367dc104205ae0cc64b9f32
SHA512b245ea5a5c2727dfca145e83a91a63555b07ac18f9b5f230558391ec6bcdf78cf5d6b92fd7eefd05a698c6733043a7211f9a8d4115efea879496870048b0fa8f
-
Filesize
204KB
MD5c0bd6b9ca7242f13fb7047d240c0e59c
SHA1b247d801c2a0ea38a738ee4bee7eadffd8df7bf7
SHA2564ff05d185ae59c254bb3939d9b53d33f772a8987d4f02f3f4c5bdc76c614937f
SHA512776a489dff0e6baa5e937e5a1dc06665056b32f8040c461c8ab5afa591f0cd1511c874b2d5b54ef2949565c996ac14fdf8512e7669a6fa8db9aeb8005c6b70ed