Analysis
-
max time kernel
149s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/04/2024, 14:59
General
-
Target
2024-04-09_d1d8d0651121d2a4524f17702e35733e_goldeneye.exe
-
Size
216KB
-
MD5
d1d8d0651121d2a4524f17702e35733e
-
SHA1
d4c4845e47b9100d17a14734200c0156bebf4e3e
-
SHA256
afe802283ae9cc63a9ba5e689d81862168a983102d8da8b5dedcfdec903487f2
-
SHA512
65ea1d26ce6c07ae95122990d4ee5d6a763f8ee9d47e7ad00c7b6354cf65e49455bc8299e724677574c4dd699c894d6db5f667b01ab1a390b683ab7179e5cf52
-
SSDEEP
3072:jEGh0oZl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEG3lEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-09_d1d8d0651121d2a4524f17702e35733e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-09_d1d8d0651121d2a4524f17702e35733e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{23B5D7C8-FCAA-4321-80BC-AB8D673EE96B}.exeC:\Windows\{23B5D7C8-FCAA-4321-80BC-AB8D673EE96B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4E7A3ADD-0DC8-4d3e-BC32-5FD37211CF24}.exeC:\Windows\{4E7A3ADD-0DC8-4d3e-BC32-5FD37211CF24}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C17EE3B-9A98-44ca-BAA2-B23331BE3573}.exeC:\Windows\{6C17EE3B-9A98-44ca-BAA2-B23331BE3573}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{37E2963C-23E5-446b-8693-6307F49AFD75}.exeC:\Windows\{37E2963C-23E5-446b-8693-6307F49AFD75}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B7AAAE6C-3B1D-4187-9163-9A7DF530A737}.exeC:\Windows\{B7AAAE6C-3B1D-4187-9163-9A7DF530A737}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4A89A106-2C85-452a-804C-8D1156050353}.exeC:\Windows\{4A89A106-2C85-452a-804C-8D1156050353}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2487D497-E559-4dbf-B504-321848513C55}.exeC:\Windows\{2487D497-E559-4dbf-B504-321848513C55}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CDE732D1-4D36-4b34-B3C8-732FA4682725}.exeC:\Windows\{CDE732D1-4D36-4b34-B3C8-732FA4682725}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{06D41723-9D8F-4c25-8E5A-1F7546D6842A}.exeC:\Windows\{06D41723-9D8F-4c25-8E5A-1F7546D6842A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1975FCE2-7405-4f23-B713-30B38AC5356F}.exeC:\Windows\{1975FCE2-7405-4f23-B713-30B38AC5356F}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CD43B544-DDF3-4521-896C-812DF2F4CDFF}.exeC:\Windows\{CD43B544-DDF3-4521-896C-812DF2F4CDFF}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{48CE061C-6F39-4e0e-9C68-E038C588C671}.exeC:\Windows\{48CE061C-6F39-4e0e-9C68-E038C588C671}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CD43B~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1975F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{06D41~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CDE73~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2487D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4A89A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B7AAA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{37E29~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C17E~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4E7A3~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{23B5D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD516ac1c81584d6de6b85ed758e2a9d444
SHA117fcd40991a2447eaabed7ea56cf1404a45e3561
SHA256b268f895af3a48c2cc7d122b16cfb6680cc4d735b7490519a51501d30b8eca6e
SHA512ab1ac9cefe2031255013dfe35737820f5515a61690a7a46a154e8418603bbc920e6a2a43d687cc9e2c1b7179ec22934eddd9f51b7d12e992167e0b3dbcfa6e84
-
Filesize
216KB
MD563122d26c6396c79b6a181941b378227
SHA1f684663c91f653de58c40d20cbe00f7b41f15323
SHA256892eb8b2c89a0e4a7280ccf8c9d12d32ad4ea49876952af31739c0d3c9583bbd
SHA512867bca8785c99839ae9bf7143bbd2b7c5e9a73405683100f04af8d780f8c3d65ac14129233a0d660c373a70e6d6e989db5fd81c82ac7b25d99d770f18edfa005
-
Filesize
216KB
MD56c9cc161832a6e7613b43f964f7644fa
SHA1ecce31ce9a829bcc62f2b518261a80858da4b7c1
SHA256c4630f89851dfa1af1d3d3806ee41129dd3aaf7e6b04c6f9336b17ec10b34cd5
SHA512d1395285ba88996c46b31c4f5e744decb08be7f22fdfcf266474cac17288fb597fa024e7536392fdf39f98803f16794040956e3ba2d390f24728cc481bd60713
-
Filesize
216KB
MD5ab7977077054a9d31f4398240c1e18e0
SHA1e2f209ec4343947ab4d5248040b9008fdd39e3a5
SHA256e4fc8aef8f7cbbc14e3427e64c91f18a32f6bb8e5a7b91ff8036cb6ad681f960
SHA5122732fbeb22df795e4034804a21a5699cba7416a874ab989b532a288c146c1c4039821f603d0292355b6af726e568d77cc4894f8e8c8acbe5d076fa5d9b0215b3
-
Filesize
216KB
MD54598227c999b101c125c17748aa1f29b
SHA1711b31fd7a06cae25227b6050756288ac385b231
SHA25623d383c5d4270858986adbb9df9b74db5581eb583f3d55b131ca1f1ef95c3302
SHA512d29b44239a80a765dd058ed7aed65760e6a0b23aefb7c97488bf82744093c3445006d3a574359df406457e4f9c1628c6e413bfb7ccbbbbee54636fd6074fb186
-
Filesize
216KB
MD5d92cdf3ba85b7babcc76884f8cf3beae
SHA1c4e76e70dfd6485b33ae957f012e37820d9b6399
SHA2567ba580099f3a8d7aa0f2772f0066516adaea3d7996b8a66d43b5885937c58a14
SHA5125a6143bbc63787a32b5ab4bfcf2de6410f72b1f4edd11484115f042d712a1412bf73a313d35a700234ac8e28400157a5bf63489925716bab28126718ed51de28
-
Filesize
216KB
MD559847a6d7be5ddb83084dbe0bef8fcce
SHA1c7035b39044dc799e6a388d6b333711071abb081
SHA256a420c87845d91ed4b034b0db0f0f253829f684a58cccaa8dab6adcb21fc021af
SHA512edc58979702a88f02e902fa69fa295c0830418568f18cf6f9601e06954c263889001656a55b79857ef39fbdda184ebf279ef61cb7891de1b6029ccfbe7a9853d
-
Filesize
216KB
MD51fecfddbdd23d1cf54f1148d595bf0f1
SHA14b2d684ac97c3b96f41c91676acdff1ea369d507
SHA256b61c16ff8d07de62c4f50669a2aa3330c734a1f3366d899aada076f5ae275d8f
SHA512560efa97a0a3538a82258002020ce6b89ae0dc8a100f4c3b32e06278c11fb8cf328515861b2083f870bbb5c432d6095e06887a3348ac76d40f8124f67f10a1d1
-
Filesize
216KB
MD5c0c0f1cec816b30598dd07ec77e953e3
SHA1b6b2b3c96db2190912c312b1506cde4f9902db10
SHA256a49e149081bbc2de8b9969c7e50645dddfbafe85d2d03bc47c91cb73b67a6325
SHA512dd9894a21c05bdaa3cabe12e05dca458a3e43284dac73c19bb826b1364af036114e484aba612c1a5741da1e2b94f1e3a22920257f62e3d4c3f735d34447a5347
-
Filesize
216KB
MD5c920851629c68b4b599a4937c51df649
SHA1865a5d702a8083087822d5502e672d3f74a4188d
SHA25698c4807750ab8a2512cebf795bd5079a0c7691848446bef0be7c92aa8fc96f2d
SHA512d543ede030c6093f0b4b2c1355c59cd66c08c729e2c7c271def70a9265866b39be88050edcf0a88002580c11c91e79097477eac421f0b148cabaff3271c2ae72
-
Filesize
216KB
MD5975e8e5e576ae6715c45baf08d5eaaec
SHA1a6babb7ba8aea4657fa73ca731d058ce6d3ddc8c
SHA25603cd6b6e38d4e48c2c14dc60d1a158590f56010b2f43f04283bdb7179ef2d342
SHA512f92f277c93e04f0d97d84446e4f3588db41587383a87f5564c592d5d23760d70c93535bffca04e0aaaad23af65a18c2a91fbd1b8b3e0bbd6a06ae9220ea325f4
-
Filesize
216KB
MD53f8f9ce452c8872d43ba8e368c73ba86
SHA1339891376177084ef73cb702d0753fd3be4f8470
SHA25653d95d95fd093e2da98538581216833a5959468433abd3705e8c0298620cf5c2
SHA512a3f7bab769ee1abbfc1aaefd0bdbeb9c5d3258e630dcabb5696ac3af26de80ff86224bbae6370072ab9872daa87c92fcf8686ff98bd183bd14ab6c13664f7ba6