Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
17-04-2024 23:52
General
-
Target
2024-04-17_de66fc02df3f36298476c7a2e3ea2a77_goldeneye.exe
-
Size
216KB
-
MD5
de66fc02df3f36298476c7a2e3ea2a77
-
SHA1
b94b452db64af2401856a8295bbee68965332bba
-
SHA256
89f2afabe5394d5a7aa3a5976b6459f9f1f1acddec444892ead04f63bc17e7ad
-
SHA512
a3c03ac229cdcd3a71452b592fd8993681cd4ebdb4a0c3afd784396243d45d05a9fb6c7cb1b44efe82d67c9fec27096509dfc214150460cda076e42a3bec9c6d
-
SSDEEP
3072:jEGh0oul+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGglEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-17_de66fc02df3f36298476c7a2e3ea2a77_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-17_de66fc02df3f36298476c7a2e3ea2a77_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F538D600-649E-48d9-A710-0605E9E68178}.exeC:\Windows\{F538D600-649E-48d9-A710-0605E9E68178}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{97ABCA5D-633E-4a5f-A2F4-3ABD16F58526}.exeC:\Windows\{97ABCA5D-633E-4a5f-A2F4-3ABD16F58526}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DF7324E5-15E3-437b-8948-17256401933A}.exeC:\Windows\{DF7324E5-15E3-437b-8948-17256401933A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{577C01D6-827B-4e4f-AEF5-97910DD6635D}.exeC:\Windows\{577C01D6-827B-4e4f-AEF5-97910DD6635D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D3DD18E2-9841-4719-85DB-E2C1CADA11A5}.exeC:\Windows\{D3DD18E2-9841-4719-85DB-E2C1CADA11A5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA1D400B-A28E-48b0-AEF3-E756F6221A89}.exeC:\Windows\{AA1D400B-A28E-48b0-AEF3-E756F6221A89}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
-
C:\Windows\{338B6791-4E5F-4add-A667-08DCE8B040BC}.exeC:\Windows\{338B6791-4E5F-4add-A667-08DCE8B040BC}.exe8⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{517AFF6F-DB0A-4036-B174-D848200A6E6D}.exeC:\Windows\{517AFF6F-DB0A-4036-B174-D848200A6E6D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{255695F5-0397-4e10-9B01-1999C81DCE4B}.exeC:\Windows\{255695F5-0397-4e10-9B01-1999C81DCE4B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{06104F50-38AD-4491-ADCD-F28CC1C261F9}.exeC:\Windows\{06104F50-38AD-4491-ADCD-F28CC1C261F9}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{358D3D52-A2CD-4c86-ADAD-09530F42D47B}.exeC:\Windows\{358D3D52-A2CD-4c86-ADAD-09530F42D47B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{754C6393-1643-4c53-A781-FCF190F2CB61}.exeC:\Windows\{754C6393-1643-4c53-A781-FCF190F2CB61}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{358D3~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{06104~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25569~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{517AF~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{338B6~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA1D4~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D3DD1~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{577C0~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF732~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97ABC~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F538D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5ad835d47410209f5defd90e4e9e02e89
SHA1eff01d1b249930b12a39126c52e796d2eabf2f75
SHA25609ad259629dff8fe45d8f86fc773e5944bddcb2601f1956064793eae1bcaa221
SHA5124ab320136691b34755f22fdef95a06c5a9fe31141033615785e937ee3391fb98dc5a67dd193b81bfb45e4c7c7ae67edd99b92b786c0dbf47b2ee354ce736a7b6
-
Filesize
216KB
MD55f1fe0509b073fb702aeebba8a58cad5
SHA1d17ffe6127af3373bbc8594cdae3ab9f0d26b726
SHA256ae6938d0c1a8bca32e6344645ab1321788ea6b4856b8d317b31e4e36fb34ec82
SHA5126b840b5e05a9d86b893a4e2c01ac4a7a6a2a6e8286c126f02eccac13b9230811206c1f3930f7645cf2a7e060fd3e1e89b14c510a02061ce3c012f41e0e16945b
-
Filesize
216KB
MD5896a31dba8932555dd6efe125b0444ba
SHA1512244496c0b47bf5f264c4e1cb782b1c437a961
SHA25684f7acd66360f6748658b3c6313548e211c2007a33f5d1c7b8d89f1b8b861904
SHA5122251ab89ffa2bb9383b4cd8f38a5335229fc708ab42a1b5205cf56130168ef9884d3bab7e8e62d7abcc5ff44a0a799c7da2097cfb8b92afc7a97a94d0cc57690
-
Filesize
216KB
MD5dc87351a75314d364d6465d9224e028a
SHA1ae1c832f640eaff743cd844bff774297002f808f
SHA256c53faa39ba30354ebe83e73b0450c709788b16e64f9f1c19c1da1662554db930
SHA51280699b44003ef01fe9a65a1fd6b2741e3401308ec656bfa27ed39c8323ce7b302af1281083bfa104bb47b9bc2ba11776840f0a3535bdd60c072d21275c0af121
-
Filesize
216KB
MD50855daa9c2fee41987fef6bd16f810a9
SHA17e7d8259919fbb7b2a250b3320fbbbe5d5402f1a
SHA2561fa59095eaf78ecb3a339cd39e97125fbabd729e6ff2f89f6291fae78675c4a0
SHA512f8389366c83d1581c4760428fbc747f46a83ac75d9dd8273417241357220217744ad0ef0678cd6fb08d4f360abe78a9f2eec131917c7ba799f33bd7afdf69c72
-
Filesize
216KB
MD5d71a1c2c4371e860853101e68409996b
SHA1a3e6ac5ebb4b82862304d76e5b4ff6fb4cb47b6b
SHA256cd85db108fc23b15cf8526765f7b2313e0abeedf36d7a6a1550d387a019f04a1
SHA5126891cad9daafe6b02b7c23558a325b15239bba90699cd13bd645122d193b2626b6694f7c0b5bd551f3e8dcb73cdfca0e5a4464d8a169f659d934a8ba3a38f71e
-
Filesize
216KB
MD5898ea48c9c8536e0c3391b76b846d468
SHA11fb5a872ca6bf4ffb03f6932ca2ae7d365a73a5f
SHA2560a79a2b7bdda1f66b4ba2103b7774da9180d424fa9cabd13ebf83622a8c97481
SHA51259b0783b2d034d4bb42b348a0618ad2361880f7344e0ff26fed1838a10f861c2f88b093978010156501d2c9e28e6d7e06499740d3065c6a62e7a2f8e773ff7a0
-
Filesize
216KB
MD5cb18c3254f74f20a4b1326f97c74143e
SHA16b1bff69b749028c90b7ae2c9057b354ab39bf12
SHA2560dc0528101f8831ffcd817ed5c9f64a0511d9327a4d9ddc3384ebc471117c366
SHA512e5c74f7f26025a5ea34f4ba58a5ed5ef01e035fd7dc68d2ee5ab36b0ca8bc8bd2e54c67326e8eb4aac8b7d228a727e0d4784e9d420455883628d748288f61da0
-
Filesize
216KB
MD5acf681766612a958a2143cd1a7b060c3
SHA17406cf55c89a9769beeb38157c9a839027e0c69f
SHA256fef93e43701ef7654890ff44fb6da8d83baa0e450c33c6051ed1cc6d20c16540
SHA512db6404ff0360f7476065bdd057987ca299708e7d35382734f43f67e9a663f411e281ef21b2402a5ccee74de9786a4b74dec310cbeb204774754794dc6506b32b
-
Filesize
216KB
MD58222ba8f6fc32a3c22ec6b081b747f85
SHA10999ef5a411e07a4a865e502033aeb23fcf58e4e
SHA256e7bd0d70420cc0da4b7a0464cd393557068bdf2c097f85a456c6d1ce3d5638b4
SHA512cf945183665205889772eb81d3f5565ee4fbebf81809a3bbe16f560976a6b892a61e8c5d0fa4579d8738b11be5a96f0fc73c1be28d5202da015c14996c52fb37
-
Filesize
216KB
MD50da7096dfc36e952da043c9f414c2c1c
SHA149a4c5559bda5c227c2e85ec4eb6c1dfec07b4db
SHA256c303e0eaf20dfdeb9d9761eb6b864b1837595f6924393a18a641ff2641840573
SHA512ecffd648c8a8d628d4a7d1172b208320905009be80803b5e4b30d53cd5ed63b27ab692a7c575d687af3eefab665d5c14989da10bcdbd3cb2d1d4bf99fc3c02c7