Analysis
-
max time kernel
149s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10-04-2024 17:23
General
-
Target
2024-04-10_6275e1e7326b27a78f0ff08a478ebc8c_goldeneye.exe
-
Size
197KB
-
MD5
6275e1e7326b27a78f0ff08a478ebc8c
-
SHA1
2c078870212d09d3e2ed8dc9e1c0ff68641e5650
-
SHA256
0b6dd330e8c6e6cc332e773da4202bae05f330911b12ec2eef46c1821b2bc1d6
-
SHA512
e831058f36fda0e1b1ddd9588443560fb8aa6fc5cffaaf684df151fd5d4ebe85e2b012c00441766550a962d0b33ecb44a0f8fbdec57b432aeaf43f85af050502
-
SSDEEP
3072:jEGh0oNl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGnlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-10_6275e1e7326b27a78f0ff08a478ebc8c_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-10_6275e1e7326b27a78f0ff08a478ebc8c_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DACE5578-AB3D-49ac-B5D4-115C6AB43D63}.exeC:\Windows\{DACE5578-AB3D-49ac-B5D4-115C6AB43D63}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E054EF53-44EB-4847-B802-37BFC722E5CF}.exeC:\Windows\{E054EF53-44EB-4847-B802-37BFC722E5CF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{99EAD643-5239-4737-A0C7-46299D711A42}.exeC:\Windows\{99EAD643-5239-4737-A0C7-46299D711A42}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D7EA78E9-DE6D-4e2a-BFEB-1283E68F39E0}.exeC:\Windows\{D7EA78E9-DE6D-4e2a-BFEB-1283E68F39E0}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A6798E2B-9731-4664-84C3-35D9FD213523}.exeC:\Windows\{A6798E2B-9731-4664-84C3-35D9FD213523}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BCCDB5FE-B85A-4c14-BBEF-F5C725DCAFCF}.exeC:\Windows\{BCCDB5FE-B85A-4c14-BBEF-F5C725DCAFCF}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{760D3618-3D96-4e5c-BD40-714F94BDAB6F}.exeC:\Windows\{760D3618-3D96-4e5c-BD40-714F94BDAB6F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{79B3FE83-5C54-46d8-B132-A84F27A5113F}.exeC:\Windows\{79B3FE83-5C54-46d8-B132-A84F27A5113F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BDF0FD16-0610-4bd6-A8E0-8ECFF05F8DF7}.exeC:\Windows\{BDF0FD16-0610-4bd6-A8E0-8ECFF05F8DF7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DC700BC8-4C7F-4e74-A1C2-6C52AF3C27EA}.exeC:\Windows\{DC700BC8-4C7F-4e74-A1C2-6C52AF3C27EA}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B8E88F95-D8D2-49c0-88A4-34CBA463ED7C}.exeC:\Windows\{B8E88F95-D8D2-49c0-88A4-34CBA463ED7C}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A6252B5A-F83A-45c0-A393-611CDE1C4444}.exeC:\Windows\{A6252B5A-F83A-45c0-A393-611CDE1C4444}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B8E88~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DC700~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BDF0F~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79B3F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{760D3~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BCCDB~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A6798~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7EA7~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{99EAD~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E054E~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DACE5~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5e1802f5c3814c37a0dab97cc4c6b6f49
SHA1c65a75037db5aa517d326755b1407431fe09fa68
SHA256ebd2458b50487a3bd4a494fac1ad93792de0463670d485ff6847306b4b1e820d
SHA512a4890bab2faaa5b0666fee432eb390090f1a166b143e8f0305e7503cc231028113d64516f62434f4ccea9cf3e613e2df5a330752278364099c8fe6d2d42d767d
-
Filesize
197KB
MD5416ed2cd3cba74f82b037446380de79e
SHA1febaa27ca1c7fd34ecde432a8fa2ee3c407cc23a
SHA256da17de3542e56e01bc45ba49cf96bcb194b7693826b1597cd61b1422d97b0c4f
SHA5125042322d9e3521fb7271b6bdc0832b6dfb71e7e8f6064369a8d0c6a33dfbf1904c58a700da56f27ad19c019da61bfae46e7af6ae85d4737c787cc41de10d9a77
-
Filesize
197KB
MD57792181429273ded6fb67c37e0ef1788
SHA190b709607f22859992a4f9625cc081b333e7990f
SHA25686556079f2116f624b2753662fc1f7a7b4390b175f4263e5ceb61a239c73fa31
SHA5125567e7d77a7e21b5d3bc62bc99920fa102d4cb4984bb92a9b466009be043b52149bfb20e45f96f07a37dc76948f3bb89110edf165e64c8131670dc3269a4384f
-
Filesize
197KB
MD51a3a0c0b6c9378c71c8ed78a4d82eca0
SHA1cf8cc235c9c65d6d6550f403a558a2eb0469ca57
SHA25694f16f15b3964bb0340f3e8cf2853bbd788dccd45e1eeb3fe945dafe5e208ef8
SHA51294c04b87d80d43a0180a780406777db6cfe3fd6117d5f78579968cd6c1b9967a05898a85aaa540b955708d070fc826900de79a489117b3ecd5fa4135e7fdb6f4
-
Filesize
197KB
MD53958df24b3e3d87aa5824685a2b14e09
SHA13c60b27b60caff8b534672c012374d68255a9d44
SHA256bf169ec40f4f7549d7a5e5af761a43b6dee25fdfc6f295be67e2e71ae9b6e4ac
SHA512f88be89cc62e47519cd34504afaae5df471ef0b4eff7a1b55500aa7a40f3f1072a6113cf68c036e9d2e92aaa4a5706f4537669985dbea116620f0daf1db7730a
-
Filesize
197KB
MD5c12026b7218c9ec83c1369825587badc
SHA112af1118c8d4478e97d680849ced1f4ad05291c0
SHA2567d2c619bc95480855526fd77b5e342c53e282e3d144445bc4a0284dd3e00f926
SHA51271eb0838b39f2c01f5e1556964f9722585115e70f32f026995412d1d391225ab561d3a30e80a69aedbf32154c60ba92336ef3738ec5d162602f99114b7d49bce
-
Filesize
197KB
MD56b1ca1eb14581fd01efdc146c4f14f1f
SHA1e8b8832f181b59475b84c9a36340007dd3bb8f4a
SHA256ab7a438ace41f2e71ddc8ca5ff4c32487ba15c43cc5c4cb8dcb73db90c2b0b7e
SHA512906de9951935df6d419fe81c521adf16f60d15b96bdc56d9c79edbe5e5992577242accf1943f3713903b165bb5b4d56eab95f570a5301f98e85b82b8320b8e60
-
Filesize
197KB
MD5779cec8b706bf1bfc67c6836eca93cd1
SHA180f506c2065612c74b98e8108f0abc6d17d67349
SHA2569415c9dfc8345d0f0dbdd68f1938cf818b9d2a98b3c689932ad54958357e5ed2
SHA5125450fb3700035437c8fcb9bf10207818d195b5bec0edf74447c77c94a979b71380d64e6fd6a29ed7b83878ab6d9153c9377a0230d16f538eb0b4468920323a20
-
Filesize
197KB
MD5e499e68ca62e8a6cf4bf4f5f1a5b8993
SHA113e943d2eaf1897040171697b4cfe4e30c1f7386
SHA2566f2dbb3feaabe54fc9caeceeeafa7b7c01fb7c4b8af1b0a67c387235f5f9d8c7
SHA51264a0572aea137edadd68b10ced96a0f4339aec9089f7fb41afe47d8af493135cfc10caa2fcaf125303d32be5976dc5fc7b9799c03afad8e33c82d4d35a555220
-
Filesize
197KB
MD55e3b65d3d831bb7b8eab62b9b7852769
SHA15e990d2feadc25c26df0fae57ee96bc49c806571
SHA2566a33eb473ecfbca56cf6dedec256e8ec6d6b27d504aaa2a4f714be7ed195e841
SHA51271ad148e1227836cf1c4c67673c86edaf8a56b76872757108e2b92c487cebbf65d6f896bffcdfbf7bb3807ab0b4bf9844be4c4716d4c7e9d1f421bf53b02662d
-
Filesize
197KB
MD528da4580ed8fc60c67332a1eb6959558
SHA15a0384a0e2439203739c17abb758805d9a0b531f
SHA256f9e84c54d8262c4dd3fc20538489adb7be3b3fa90500d60ad4209b9b47bc9128
SHA51214d95318680bb5300ff7f5e218cc16bdcbb865733d086510ed7f59f4285eb38484fdc9041b79319f0f5578a382f1fedd7d59d65f7c81efa7b927fb575f626caa
-
Filesize
197KB
MD54df65f939c809ee14160597d6c8b5251
SHA1b84efbfaedabcf75827381adb2571f94e94d3fad
SHA25641d4ffb350d5f48c7ff1545ffd6bc68ce62b8f07c1f9895bdfb5e1ee4fbd6728
SHA5129b51260f928b01c7359ad80234cba3c9972ffb7118671cdee1de0d231c9af25fef4cc64e8b22672e045b3b7d94c93369c7b77135c2d4f969a4ff7e564770f52d