Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
21/04/2024, 04:31
General
-
Target
2024-04-21_d2257723b6d00864e5c6d2eed6058edd_goldeneye.exe
-
Size
408KB
-
MD5
d2257723b6d00864e5c6d2eed6058edd
-
SHA1
be3eb3063be252417d52517e991bc416f3ea4013
-
SHA256
c171573c9603124924e6fbf9dde6c0d634a2dbd9f30c88bb2fd0fd942298477a
-
SHA512
dc3a26374f76958dbdf1336261bb20b86331dd416f8e6a9837d27337300160dde3580fd139f30a3debeaf5ac9465af3c92fbc103f43104194fcff62269a62482
-
SSDEEP
3072:CEGh0okl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGWldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-21_d2257723b6d00864e5c6d2eed6058edd_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-21_d2257723b6d00864e5c6d2eed6058edd_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{98FAF726-0BA1-476e-97A6-92F00E420621}.exeC:\Windows\{98FAF726-0BA1-476e-97A6-92F00E420621}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{519B9A4F-61CC-41f3-BD8B-339D618CABFB}.exeC:\Windows\{519B9A4F-61CC-41f3-BD8B-339D618CABFB}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0F6FDB80-E32B-4106-B3D8-460994EB50DF}.exeC:\Windows\{0F6FDB80-E32B-4106-B3D8-460994EB50DF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CFF2F549-901E-4e61-875F-AFF8E8F6984E}.exeC:\Windows\{CFF2F549-901E-4e61-875F-AFF8E8F6984E}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{514C49DA-98D4-4090-BF91-159692370787}.exeC:\Windows\{514C49DA-98D4-4090-BF91-159692370787}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{76BECA9B-FFCC-47d5-A9AD-C56EF5498F26}.exeC:\Windows\{76BECA9B-FFCC-47d5-A9AD-C56EF5498F26}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BE23B0E1-B0C5-49f4-9CE9-B4B8420BFD96}.exeC:\Windows\{BE23B0E1-B0C5-49f4-9CE9-B4B8420BFD96}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3253BD52-459C-4ebb-9064-069760B92619}.exeC:\Windows\{3253BD52-459C-4ebb-9064-069760B92619}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7AF15254-D1E8-437e-B6FC-9336F9304722}.exeC:\Windows\{7AF15254-D1E8-437e-B6FC-9336F9304722}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{25B1A293-AA26-4e53-89DC-8845EE2AB792}.exeC:\Windows\{25B1A293-AA26-4e53-89DC-8845EE2AB792}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D5D5EBCD-760A-4951-A5E1-3F041DB6349D}.exeC:\Windows\{D5D5EBCD-760A-4951-A5E1-3F041DB6349D}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{606BAC98-D3A0-405e-A07B-402021661D36}.exeC:\Windows\{606BAC98-D3A0-405e-A07B-402021661D36}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D5D5E~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25B1A~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7AF15~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3253B~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BE23B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{76BEC~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{514C4~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CFF2F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F6FD~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{519B9~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{98FAF~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5aa96862d024b1a8a14eb9e30f42d6c89
SHA1c7dfa822002f04e17fa8ded901f24c6aa74fd219
SHA2561f61c1f73ed2998599ddbbce7b486bd8d987674b2be51433cc3e6c5f2e554343
SHA512d8322ae211ac08bf8e7543cd20c243b902fc751bf46771c23c0e309d23f53318ecb7f01e7665e16333937d86bc4ab3d68747ebf9b2fda3a6eae2e558e58b16b3
-
Filesize
408KB
MD5859ad3f05fc1caaf046b5a9a2b762c04
SHA16f0c39d98cd433c09ae62370e466a17dd3f3f6bd
SHA2568716884a0bbc5cf7968d932504b4267b7bd6f6337309d7fcc874c938c0665721
SHA5126f8d7789bcd5148019b53a047444441fccf950727b969515d59d4a85fb22b76c59a0afa08d2d069ed9033363ef5677b6aa9afa04c7444d2064997dda4e8d1507
-
Filesize
408KB
MD5898db6bfd81b7e2e7e48e134b780beca
SHA1aad440bba782771031afaf0423f71a03d7d49402
SHA2568a479f2f2befadbbb71eaaf701bea9998571bb28e9c40b5c3905d246bd40be38
SHA5127e008db9965a62fee7dd2353be118b91333ae05b8cf068494f8ac6e6fac7a7fc2fcedb08d764d6f0f56f5b77ed0e79581b850e61278f70e5e4c85bad4cb02005
-
Filesize
408KB
MD55252d1b92c273dd031173e942e6ea48c
SHA1ca29656837b7358e62595ca3305e66a07484a6c6
SHA2562a462713a86bef7c2d30b1490fffe6966f0d3c747122e65daf5361116cd76ba1
SHA512d76611f11f3bec697413149508b641f2728e498a1556fb1413676539222ab17daa0222c7ce933e364e389cd6dbbea7e02b5d65dabd06c36c96edce8ad56bb7b9
-
Filesize
408KB
MD5e0bab4a681cf80515ba1bfbea403f118
SHA14997a48f495806611da9a962231ca53e6f2b20a5
SHA256d9030d35ee87365783c04b0148e799d47fc06506c9f0497d1a08fd7dd322fd73
SHA5127670cb83891904c6e92a2a9f7f75a2bdf547a32236b44f325343b0038792e7a687c1b2eaea6c5bb9f16ee463cc3bb7541d435fffc944cb9c122df3cc63d70702
-
Filesize
408KB
MD5be570b40a74dcf4079724d5f5f489392
SHA10f4067ded6ca9fcf262d1437157652047d702b42
SHA256af18083cd72b3cbe3a2918fbdf6e2cb04aa20aa9d8e5704fbed9b83a1ed34093
SHA51247d0a39878d1629bb06f9e93f6054d9efb82d0c2ee1457c95ee4a32b0db4306b79cfc84168853f5893d947d533cb5acb0a5ede0ffb60c39e2fe4ed34c329e611
-
Filesize
408KB
MD5a34cab8187a3470bf5101501b5082790
SHA12f9e49847583319dc180e0cba99f2748709350ab
SHA256b704f331e12a1046011f45111a28afc5651b10c6223185b24f04422266f1d648
SHA51223c36d1c9803eb15f7f3f0c23c1b3a43c74a76bf0b268cffee6e0109f4dbe399efbfe2db0b0a0157ddf399f7cbcf7182a8f9bf24e484547c3fe44f721dabf986
-
Filesize
408KB
MD527f69c7ca1e4ed14d115ce9b88662e21
SHA176550453cb5bb44bc67936ed380d39c4b470e228
SHA256477fa6aa2607358c8c6108a7dd53f37a9c5a2230d397b45eee49fb729793c74b
SHA5128f3e957051d33200284079d458f394f195c6349cf9bc04a848832c02eb748ffe679dec43d67952d3a911d920a38b4e7423eabe2dcffa5c7ccd821fdc880bf613
-
Filesize
408KB
MD53c28ae853e91668b2699d4d1a3a2bbd8
SHA1d323f4b9daa86fcc849d2b53c22cf748e8e7ea11
SHA25624fa87cd4e9d5c758b29ac5aa7d076f71a116fb2827338e2ea39d4cb4dde7396
SHA5126790d15bc2bd36c02685a00c7a20e03f62122c05b74909f7fb5cc0589ee7579ec7d5afefa0f11ef30aa284d1846c76db5179b68c85fe6bb77b27560bc1ac3ba4
-
Filesize
408KB
MD584d41dfd695f4895a42ed7759a675541
SHA1d34f7d9d10fa6242f34158f4ee1a5216780167d5
SHA2567a995b72eff625f5d2a4e641c3a89a296fb551f87b9a9754d6a7821ef19ebaaa
SHA5121df0fa71275412df34f3d33649850b8457996f4170bbd37c069cca23e662ac3b583749093e4fd473bd8d30495efe4f83044d2c5935463ebb73d7e811199ae09b
-
Filesize
408KB
MD5a60f7a60fb36e1ea84da561ec356e283
SHA164d63e8c00843382042025aa9ff67b78145a4cd5
SHA256d3ade27c0908064645088bd4b9cb20386796125f101b88db19d55a07833dd4ab
SHA512db230800128efcbe5e1b122aa54448fb2389aba0eeb09c25288acb8af313ad7117aa86db4a91e9b9c54901556bff57478acb6fdd8848f35666f5c9bbacae681f
-
Filesize
408KB
MD5e84ff3a9ddc7daccf52943c62ef047f2
SHA1278aed93e5cad4e92212e73973e3d32bc02bf063
SHA2568fccebd5ad36864d4050b203319a5697587fdf3001c413cb0d03c2b92c0e0982
SHA512728192edf674719c28be392eb6fc445352371e9366cf476d6897bcbc4cc0442898defdc2a028941bacbb35946170f61e966e2c93dc700e7fde0489fb0c7b1756