Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
16/04/2024, 16:33
General
-
Target
2024-04-16_81df15c866424e15b1bf5824337e491a_goldeneye.exe
-
Size
408KB
-
MD5
81df15c866424e15b1bf5824337e491a
-
SHA1
569a78f826615dc7d9bafed3a4850e692a251f6b
-
SHA256
854f200b2385a3f5c491f687f2fe5d195959265cc141e75ea01ad49952960c2d
-
SHA512
ee0803eae01c01c45bf1584cc3c6215f2f4e7c0b65f0f2cb19f52be036cc0876b14e85dfa0aeb6c6fc4efa7a73def302e409527b5f2ce618147e5f15e9f0a388
-
SSDEEP
3072:CEGh0oLl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGVldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-16_81df15c866424e15b1bf5824337e491a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-16_81df15c866424e15b1bf5824337e491a_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{97D6BECB-A933-47e6-9DA5-BF7499519964}.exeC:\Windows\{97D6BECB-A933-47e6-9DA5-BF7499519964}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B904B709-FEA8-4826-8CFB-ECCE69A64023}.exeC:\Windows\{B904B709-FEA8-4826-8CFB-ECCE69A64023}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7307DBBA-97E5-41d1-B16B-54747A59C21C}.exeC:\Windows\{7307DBBA-97E5-41d1-B16B-54747A59C21C}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B01A8A54-1414-42d7-B677-47EEF22D6155}.exeC:\Windows\{B01A8A54-1414-42d7-B677-47EEF22D6155}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A9924B6F-0B5D-4a04-AE6F-4DF584896618}.exeC:\Windows\{A9924B6F-0B5D-4a04-AE6F-4DF584896618}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0613E409-B784-4bd4-8BFE-B899E0D56847}.exeC:\Windows\{0613E409-B784-4bd4-8BFE-B899E0D56847}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B1CABE10-41F1-4b7b-A2B7-A885F61E4412}.exeC:\Windows\{B1CABE10-41F1-4b7b-A2B7-A885F61E4412}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A3478AAB-F199-4acc-A1D7-FC4D047E460D}.exeC:\Windows\{A3478AAB-F199-4acc-A1D7-FC4D047E460D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{405AAFB6-0217-484b-8617-BDD887EF363A}.exeC:\Windows\{405AAFB6-0217-484b-8617-BDD887EF363A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A3680DDE-4F3F-4ca2-8CBF-3B50F51CEC16}.exeC:\Windows\{A3680DDE-4F3F-4ca2-8CBF-3B50F51CEC16}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E2B6F7F4-ACD3-4244-A889-B5CB1B91A956}.exeC:\Windows\{E2B6F7F4-ACD3-4244-A889-B5CB1B91A956}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C21E0878-8996-4ac5-809B-6E50AE797063}.exeC:\Windows\{C21E0878-8996-4ac5-809B-6E50AE797063}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E2B6F~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3680~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{405AA~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3478~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1CAB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0613E~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A9924~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B01A8~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7307D~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B904B~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97D6B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD57a95a91544ee9c0c1c116ea8154fee9b
SHA1ab7e70ad1e49a409e57f6378e8900cea43267571
SHA256c4cf8121a89e690c3e5bdea94fb9f34e826a154426292becab877788d0b61ea4
SHA5125232d54f0ed7b4040b79f7b4ba55d21f987ff78f41b2b78265bda3d44a6a522f84969a3d2294d2c86235d5a8bff3195b77786241384d86ca2bff47295fd99fca
-
Filesize
408KB
MD56a47194f0b70615b44855890770ef692
SHA1604b1a3a5c38a3733664cedfcc981e7e2ce06b4f
SHA256168dadf642102e098729841fee72a8cb3c4f54c6a7e042538c0a8be9be410478
SHA51223841d4407c2220b34b546aa9e9b7656834080607f346dc70f21757371ee41c7d56d2946915ebe6e438f6bea8bde025dcdcd29a0ecd75d56e4756c39d3822be2
-
Filesize
408KB
MD518ee473b7945cf3964e752f580dd7639
SHA1a552ed31466ddf05ad2243976bf2d2fa5e29b815
SHA256667a10abbcd5d4099c0f85357036536fe53ff3d1de654f39dbf4130282157a6e
SHA5125f5a8f090bffaa033c1f0427283819544662c144f3df8af8067e5d82adce2975debdac635872f78f1f2a91bd04aef5f3e531cc9f58d50014db8c4771df7cbed3
-
Filesize
408KB
MD55fd65e333dd382b706d18de691ea2b73
SHA1abb596b70f3864661773285ef06f15a47490d942
SHA256b97b045fcdc51b18ac031bd6308c61f5f9c9979ee17a4d8982f73b728d986d0f
SHA5128c1907a95f6c1575d4c2bd70ae0fd56528fc611634e659a876e2b629e62cc25282e55160420a435a79682efd60db987ec3477c53a022fda129bbf22a39bf4ef8
-
Filesize
408KB
MD5cb51dcf5e6fa60cf52738bb0ab8b6934
SHA1eb5104c08678cd27816f18d9fe8032b3aa779889
SHA25643444c71bd4e7d9f1b3250ff021a06d4d1c28134b99694bcd46a9650ba5fe4a9
SHA5122d7e7ef2fd80cdcd31f22d5ffd7e8acbf1ff37d150ac54233611349462bdc7441c9f8c803ae5abde82ca14d57dd6e0de0b983c29a813f0119da6f74a5daf29d6
-
Filesize
408KB
MD529d5f91b5fe624f6521847fa976f3d23
SHA1737a1ed3f116a77a90cc87e88e119832c7d8da21
SHA2561b15b0da36c497748fdc4e023945e734da6a1e4d1a02c23780698e5f2c31906e
SHA512ef98108a3a5a857961dd96c6678d77f4ff576e1f1cec77af1ec29a3ee336d48c313437293e2c43ee04f86e0ac97b2f8f1d1e0a154387e61446a5667dc0f55fe6
-
Filesize
408KB
MD5e4b74c3fb7e9e20b321835c26e026e4c
SHA136c0e1a6079b5538917fade06185305b07e5d52a
SHA2568d435d610aa9f14fb880320c06f55803cb232a00e0911369b180e439b853d501
SHA51220bf03986f73b44a189347571b634de8afbefadccaa53299f80df3a28f7d8198eea46b6b8762900755a67e6c235ead80088f0d68b4862f21f1b0d1042c80126b
-
Filesize
408KB
MD5b9096278f479d0926615b226761e2bec
SHA1459f9f96ef0b81513d1d28fa4ac09acce66bac90
SHA256523ec6f0ad813881ce4a40ad59e967291444d91e8313a034a1fc4fa3aceb284c
SHA51239fb3a97f80cdad1212915d6671c87b125545f65661b8ecf64238d90376ce75bd68d48fe6cea5d39904dd22cf106014bbcac10a20f51bed4032ffa0956079b55
-
Filesize
408KB
MD5f2f2a8de15b2fd27d681f7eeb56c34d2
SHA1ade37612b2f982fe5c15774ad24df25785dd01a7
SHA2568474a788ea097745cd3fb737ba81d3c3847e535528ec6491e3a5a3aa193abaef
SHA512d1ab80286038fc8168d90c83d403a90bb494b54bb7d006395ea761e3980b4c7cc896730ab6fde692d16d520530bfd7743f002ab249d622e872558de82e214172
-
Filesize
408KB
MD50f74fff0b5c3deeea6c9c3fa41092c6d
SHA166e6aba3978ee70a411c6032d5e90411017547f8
SHA25608834d53aa9e733de6acb816d133dc8ea022946303af0aea3f84df487c4ab217
SHA5126fa97789130ca9a99896f8c0cb2bf9199012cf9954d7dbae25e5df06bc356d35b096ed32385ff6af6dc4cbb0758f231cec73ca5f932ca70120a83b5cdcf74a38
-
Filesize
408KB
MD5d0eeec0e4386fc4d23deb4f49a0d9fa3
SHA129198eaa7addbb6eacf0921a276b163fd90a488c
SHA256b0f6b4bc8f3e0d6eea1d06ac2eae9892399709c8abe95377a18695df7b4446b2
SHA512d64def1e815a64dae1e28025143467188630c9261fedd6e9313575233ec10d7202c17d69a6de336e29bde516896d3d04082379392e306b7aa03ba67da8695877
-
Filesize
408KB
MD50a7edac5b41c069ee68b666d48e046c0
SHA162e1150cfbc9452ca35b2410d14774f0815ff9b3
SHA2562a5fcdaca41e22826a58907b9424a3436cb13ee91dfafdc38f5de18ba0c83119
SHA5124204403b59f417f12f8b5681f9b936831bf14f4bfdef2e07ed49a3dd475bb9871d7e50504881712e49003c696068bdeed06040c246e36db5f19d268416b62b65