Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
20/04/2024, 11:09
General
-
Target
2024-04-20_75a9c076264e00a8f7d7eaf8719e3071_goldeneye.exe
-
Size
192KB
-
MD5
75a9c076264e00a8f7d7eaf8719e3071
-
SHA1
8067d86ab3f4df6360cdbf2c32ac487e89f0f615
-
SHA256
cfff9c80196cfada6ff3a87b3ee12ce6d9652bfbce1c990388a58257376415d2
-
SHA512
b58253600cd29ed171a891322c174c2c50c7b0fc989f7f65dc1ba8380508fd634520c65e2f723abdf78a4198f130f7f99cf87e8e8a1f57ca171e80b70139917c
-
SSDEEP
1536:1EGh0oqLl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0o+l1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-20_75a9c076264e00a8f7d7eaf8719e3071_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-20_75a9c076264e00a8f7d7eaf8719e3071_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{68DB9B58-F2C5-4622-BD22-5B21187E6B07}.exeC:\Windows\{68DB9B58-F2C5-4622-BD22-5B21187E6B07}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D9DFBCEE-00F2-43cd-8303-D38C36E8A46F}.exeC:\Windows\{D9DFBCEE-00F2-43cd-8303-D38C36E8A46F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{999304E0-1CD6-45b7-B533-379089A46CC0}.exeC:\Windows\{999304E0-1CD6-45b7-B533-379089A46CC0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4D42F922-C290-4803-9CE3-F38E4994C9B7}.exeC:\Windows\{4D42F922-C290-4803-9CE3-F38E4994C9B7}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2759450A-0A6F-451f-AD23-06E4B2FF033F}.exeC:\Windows\{2759450A-0A6F-451f-AD23-06E4B2FF033F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BE3BED81-4D40-4934-8601-5B9C015412B5}.exeC:\Windows\{BE3BED81-4D40-4934-8601-5B9C015412B5}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{52FB823D-599E-4704-B0C3-0B0B8A100696}.exeC:\Windows\{52FB823D-599E-4704-B0C3-0B0B8A100696}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{09EA31F7-8A6E-4d4d-B2E3-CCBDF8E4D28D}.exeC:\Windows\{09EA31F7-8A6E-4d4d-B2E3-CCBDF8E4D28D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1F85652D-82E8-4b32-90F6-D9B2776DA03E}.exeC:\Windows\{1F85652D-82E8-4b32-90F6-D9B2776DA03E}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{491F1041-C2AF-48f0-BF66-655C8332F327}.exeC:\Windows\{491F1041-C2AF-48f0-BF66-655C8332F327}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A3407E08-7E22-49b1-8039-BC02813AB101}.exeC:\Windows\{A3407E08-7E22-49b1-8039-BC02813AB101}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{37AD365A-56FD-4a26-8025-2DB383005484}.exeC:\Windows\{37AD365A-56FD-4a26-8025-2DB383005484}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3407~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{491F1~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1F856~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{09EA3~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{52FB8~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BE3BE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{27594~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4D42F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{99930~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9DFB~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68DB9~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD57f5dc591e8e29e30e0309e983d710eb7
SHA171c6ea5af769ca8a222d5f717ee7e2bb7f09220c
SHA25679bdc9a43dca7ec95fe432d7d5ae057b48c933a9b3927a70824ef974c20956ab
SHA512282b0db628a53852cc933d9c410a997963fd4bdf1af48eeb3e5d4ac6bb4be2a8887a81b406847d01a25be6f882082f9cf6337da9f02fc96f58767cd065175569
-
Filesize
192KB
MD528a6901777d2e2aaa8c263792fe2525c
SHA10c8eb13e1219ac257416b1815d0705a4a40c5abd
SHA2561843303f770fca16a5b34aca2e1d9b112b83562ed78f9342f57c6703cd695a2a
SHA5128c4d8fc1584f1217c367f16a44bfa388a9001064b2ae6ae1f188134a4b7aa1b0d4a37b385b7f2979719b93515cdb7fa1560285b5e3060852188cc58341689241
-
Filesize
192KB
MD5a3a9c2fb72115f110accefc210139a51
SHA12def25fda27019d5d1bd33b6deee435839d97a69
SHA256a1547de046ea556d59cb1dc834f0f67a69f69be956190585e63ae18b2a1cc635
SHA51266ad40501469eb83f042f6454491129b6ae65ff1e7e934b12bea2db7647f6e15f67828bd8d1e15187118c6c5b2d182b88db5a07c54de28a6cc2a5658f07f46c0
-
Filesize
192KB
MD54544edbe711ccc3535cae605c74a61b1
SHA1b5b4e299f10799cf978ca7ceab85eecb34e886c8
SHA256f8874342f840ddf69a007b4aadc642764d3a5540ad1a235008fdea417c92ef0b
SHA51227780a8e2863d3e2d037359597941a4bd2a5f74e6093f450f07f0d4f786ddb6e6a35ff8b2c5d8ccc844cccd4c507c98e34d54ca8eb055d7250f1fa227344d08f
-
Filesize
192KB
MD5989f06b87e36f6d16924f23f4a515bf2
SHA18a9a8fbaf10b3de57967cf5f901f9d4f4d655c0f
SHA25609508e319b9f03b49e6a971c60006a94eac40e6d5c19da748dd6927c86b39962
SHA512036f854fefd50fe14d6652a770c4efe6b575d61d6d88ab5d0e4eea295dbe62e35e6c70aeaeff55d49f60b58cbf0f9d3c56537f745c26234d9684910acbff8a26
-
Filesize
192KB
MD5a1cd12d1409b8b37b73191917e13f883
SHA1b29c686251853f9a2031ee69d139194e74911cc6
SHA256f12d1f09a87f5178f7809b35d01b20d5f1891f65dc02fcfedec3dcd460ce71c2
SHA512d66a2f011f5c19e578d43efc6103e33ad3b43f01e7ed678570c4fc79c0b1e3f4c27825246e3eed87177e643133990a71a91ce741a1f7c55995dac7ae1954d780
-
Filesize
192KB
MD5b0fd1e6aa38fa8ac1d464c7cad761b4b
SHA15452e197b5a49bb9ab9a976cd1cd77767d28541c
SHA256b54af50a2571052b4d1b0c3c82aee8695694bc03e3811905c5d7680c8cbe3a92
SHA5121d1f5e901ab4e09347b2fb04c9efdb1d7b5416f47b1ba2d680a058f7612736c6a224791bcbd5201f49d5ddbd486546ee74c107d2f85123f3256a9768de702ca6
-
Filesize
192KB
MD5113a8c076a99de385789c82b3f00de19
SHA11b593cbe1dfb4ea627c3b11ebcfc8e88b9bd4eb4
SHA256446cd1e9b794af02c4f40b8ffa3fae843e9348baa5cb176a065c0b8effc84e2b
SHA512458333eda482c8f726ef3806070bd2dd72627569059d2676737b16bb6aa98974c0b84ae6196f5f6f71f0493979e5aa80292b2a54a1b3d9b8cf073c6dcfd229c6
-
Filesize
192KB
MD560a5f1e7f97aa751c676b9515a7ff28b
SHA166ee2075004636ec9e19f20efad274c24cc203e1
SHA256903d14d1d1583db3666eac3a25595351dd11abad634c502fb4bab8ab0e2cbcab
SHA512d87c0931e283c30b1ac846b9fc5d1b4576fdc591d9206197867df3d4bb07e71b8e99a3adb8b6367d55c47083228401379e1022c8e4d306a9bffc14197fff29ab
-
Filesize
192KB
MD5904930184a96de59c72c42c68ddac6eb
SHA1258aa774cf427eac99cf29670e60209fe5218c9d
SHA256693f2a1e6a288e02e566f43121530b3d3a006e4e4d05cba4cb97a08671688ddc
SHA512989e761bb3ecc33abfe7cfc3c1421f0eb54dcc478712db944d2a53b6b4bf9eed5fdf2ea612a0fe33ac2e5479cdf6d5c27838bb2506f8ef8327cd5353653261c3
-
Filesize
192KB
MD5a72962e73ee1cdc8307374724ad9336d
SHA130823331c60471b835764b58393394c2a73ad3be
SHA256cd4a8d4634f3f09e418feaf84dd2d481602c6ad8d73eb7bfc768b38a402e3fbd
SHA512a799460179d6c45dc88fae0f041a7392d13af098069eb083ac6f9d2940408ac5dab3bae93cbe13676ccc45e97a7214fd691b79ca53bb758958e0ea1c9fa409a4
-
Filesize
192KB
MD581d47cfabc993a698261968e596fb4a9
SHA1519316658f958ceb61541d6824efe8e8a03d50d3
SHA25632eaefc43931fc28ac4c73c07caedec325034484a1a6a1475b66b8fab1f3c829
SHA5120c16c155607b58469520dd482de91a0d8468e83c4c7378675399105860f8250bbb85abf5d1def8d6aed3f69fe16c5e8c0a2d0e092d5d835d7a28d62d14a2a26b