Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
09/04/2024, 18:57
General
-
Target
2024-04-09_701b4c8520fccbf69188e0d4cdfc989d_goldeneye.exe
-
Size
372KB
-
MD5
701b4c8520fccbf69188e0d4cdfc989d
-
SHA1
46bf541437e019886687eb732425ebd4fd1dd5cb
-
SHA256
07f8fed8046dad847b38f17f46234a240b30ee5868a8c2509baa8b8883ad5c8e
-
SHA512
3e5318aea3802705ee6cb7c75945572df4962353a19aac5a9ea436a5133bd6fc526a15e74b7348ebbdbdc676ceb79d57fd9e251aeac294dd98602b42cdc621b6
-
SSDEEP
3072:CEGh0oclMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGilkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-09_701b4c8520fccbf69188e0d4cdfc989d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-09_701b4c8520fccbf69188e0d4cdfc989d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{105054E6-B200-40eb-B7CD-5ED3CA746149}.exeC:\Windows\{105054E6-B200-40eb-B7CD-5ED3CA746149}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E517E9C6-70C1-4f29-BBF4-4C8D9F2E751E}.exeC:\Windows\{E517E9C6-70C1-4f29-BBF4-4C8D9F2E751E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E5A1B1AA-5E11-4193-9C57-6E75DB0F1194}.exeC:\Windows\{E5A1B1AA-5E11-4193-9C57-6E75DB0F1194}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A741BAC9-BB68-4f1e-A41E-D33A7286F280}.exeC:\Windows\{A741BAC9-BB68-4f1e-A41E-D33A7286F280}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{65AF8F2A-532C-4b3c-AED8-E37113F044B5}.exeC:\Windows\{65AF8F2A-532C-4b3c-AED8-E37113F044B5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{44F273DB-BBCC-4cd7-99A4-4E5908CBD70D}.exeC:\Windows\{44F273DB-BBCC-4cd7-99A4-4E5908CBD70D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{51BB1094-AF8D-4853-8838-A3775B0D4613}.exeC:\Windows\{51BB1094-AF8D-4853-8838-A3775B0D4613}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A89F0649-E5DF-48ca-B752-757EDB560EC1}.exeC:\Windows\{A89F0649-E5DF-48ca-B752-757EDB560EC1}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{610A5464-A21C-47fa-AEFA-E74DE4757469}.exeC:\Windows\{610A5464-A21C-47fa-AEFA-E74DE4757469}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA15910C-FF2A-4867-A609-82F827667402}.exeC:\Windows\{AA15910C-FF2A-4867-A609-82F827667402}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
-
C:\Windows\{5600612E-9780-4045-8489-7294D7C02351}.exeC:\Windows\{5600612E-9780-4045-8489-7294D7C02351}.exe12⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{48F7F6DD-9DEE-4f1b-9799-0FF99D08DFEB}.exeC:\Windows\{48F7F6DD-9DEE-4f1b-9799-0FF99D08DFEB}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{56006~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA159~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{610A5~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A89F0~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{51BB1~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{44F27~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{65AF8~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A741B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5A1B~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E517E~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10505~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD51f78981fa312ce0b7ea9436b7d1b251b
SHA177c2dde4e4c210a671e2a2e3a80f1c55ff2658a9
SHA256830dbff9a01e91edb8afa7e33d259e15a46b4e03536a0eb442e62fe83a994432
SHA512d152978575adcb8642debf239dee48a64fa6b8169aaf89bf0dea8168aee0407f28d9b2996bf638dc4d3c967f0f1e6d237a75f635565ac630010647986307ee28
-
Filesize
372KB
MD502482fb20f44ea8bfecf3cff6b5d279c
SHA1741ad38faec3f0a6bd3847e301daac98051887b3
SHA256bf47816620b040ad0c4370f78d797e7cad9fe4f99ceed4e7d754015049376e5d
SHA512c28caa24d4b3ef05c3c833ba1cde38c0f1e781efb98fa9ce53e4bae075ec0cae184af4e4b7d4a76031a52ee4e43148c3f198bb2801a01e8c3d4e22ec9c950a91
-
Filesize
372KB
MD59f346337d1f24f656c0848f8d73a1381
SHA19417f3c3925860ff1a0e6a1d8f0ebabfa8dfc2c2
SHA2564df9c4d0bb7276a00867ffd8cf3c9c5879e309b40f6ddcee25b33b20f194b777
SHA5127fa5697350aa7ebb529dd01b815342c00da6d46f4ebf5031fff13cd9440ea97e45f5477ab2ea376605d6fec33198b00eb66545c75fb72bf3d69e1b2b4178b856
-
Filesize
372KB
MD5acd3570c1fbcdbb8908ed4be720a4b5a
SHA14e3b986dff9375f0554a531bf358709e374350ff
SHA256e25d96ff2f47b4b37869effbcf2a678c3789ac7523bf3a5d0bbcd213df463662
SHA5126245420663f7a6842302d193685f42e1dede0da79155b93434046ffef41791790fbf57a5ae440dc7a1edbc3470e41b7fd6d4f7416c94856472f23738d2848539
-
Filesize
372KB
MD55e279c40cfca41fb7fe6aae1d789c2ab
SHA1e33025b29f77ed1ae6c768175b2368b28f7a08a3
SHA2566b5665b70927c1df2ef9e7e50a0f6a48ab0bdc42a12473bff37c8801ff70f27e
SHA512fc6a5e82772e0cf220ad6c111d293e723ff27d809766e771875d9e1086beeeebb414f127da32a6efcff3b899fc520098efd1cc9808eb3943735eab5bf28d6fb2
-
Filesize
372KB
MD50c512a96f5840531c88f44b022bf7d35
SHA173c1fd08c7ff5bae1db0827f5de7d14ed2799a5d
SHA2560b42d4fa47a4a4675418ea51f5184adf21995b0f987887c575611ce7020cfedf
SHA51270169b28ace869c916626531ac5f95f8a50a2f3caf810add4e6d527733b5f3ada91fb131f33a3dcfec3ed0bfce8ba961f5ff84f21720cedaacf4977637fda16a
-
Filesize
372KB
MD526c32c3b03b4b26212a1e87a64e0071c
SHA1885f04bcf525c7081ffae6f5b9af598ab867e576
SHA256daac2773da17baf26439e29b51959c42b25d50cfb5538cf40e9e3f9c0272f502
SHA512a969ceec3b7ec0dfc1f64646f9d395c064b61ee760c9b814240cea874dd847ff48ff55c5dd01009caa8e9adfb542283d4082768e8f25728a87d3125eea72dedf
-
Filesize
372KB
MD5deef41338e1070787a5e1fc025803267
SHA1363650b6b9d7eab24107ecf29e735e97a867ec81
SHA256adca601e7d317fa186a75e37a034c7455109b8a5f1e1d9be72b732453cf3ca73
SHA5125c4c223d2121c434e8baab6be78c98d04e04af643a073b874cdf6861ffea162043985c9109ab06c8793aadc0541e1278d0d0f687b41c0ce092452bdc53579bdc
-
Filesize
372KB
MD5a0fe132cbea26e84f0d901293b2df140
SHA1e0eb00e70ebc5cbd800adc3e888691e116008bf3
SHA2560efe0a757eb7032854690e62b5e9dc2a7ef11e3b81ccda67eb0d66e23617f6ab
SHA512390ad14bb677d71f4349104d7d30d58c6a1772205aca197fe54ed5e840aa36587221d9755e42e951774bb3594a29a96084a105e7c21c7563ccc01053872c5d58
-
Filesize
372KB
MD5115176c1faf9f24ea6983b2807607e73
SHA141c72f39c2a5dfb7cea0a107c8625e6f7dd951ed
SHA256ce37c945a11c7af049d17d7063a3ce799e6680691b76884f133af08ed886a08b
SHA512f871c97d0c3dd7cdba4e0ddeafcf09b9d989c9d0da19afaf9c143c1ebb3cf6d8bfc84ff231cec7830eb4cab47e3afb3b8ee302b90655428abc13294c41300cfc
-
Filesize
372KB
MD56a255aabc73d73831f5b49dc9b55ed71
SHA1d4dbe0305120b3199843c27405d4786bd328c290
SHA2567c7a3512bc58911b531c58809c7c029d09beeb0c91658e17ca2caf587bfd3ca7
SHA5120a646bf3189a7d57a01abca98de8d75f296481c71e5ddfb28dc5cf977ed318c860f1c64a15704d7b6e0540c84de7c29e40497a805a818e2b73b15e5668fc9427