Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
21/04/2024, 19:55
General
-
Target
2024-04-21_3e12ceb3b4c42a693159562cf68f3470_goldeneye.exe
-
Size
408KB
-
MD5
3e12ceb3b4c42a693159562cf68f3470
-
SHA1
1110cef0f6bafa3c719b487e13b944cfe8d45163
-
SHA256
48b98791455a8ab063992a86fb34dcc66aae1ae689f60c2ac0079f8d7be6ae38
-
SHA512
76b202110f5ffd9d419520f878fcda70781624b404afe549416b5dd9dd7cf9761aebef11ffe41f84282283e5feb94003b86f60f7356855a34078d1bf89019ac9
-
SSDEEP
3072:CEGh0oNl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGjldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-21_3e12ceb3b4c42a693159562cf68f3470_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-21_3e12ceb3b4c42a693159562cf68f3470_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5174534D-EDC3-4421-BC63-E033B41C722D}.exeC:\Windows\{5174534D-EDC3-4421-BC63-E033B41C722D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F415C85F-3665-462f-8ADD-80233CDC7E58}.exeC:\Windows\{F415C85F-3665-462f-8ADD-80233CDC7E58}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{988E61EF-7CC3-46ea-B1F6-65970451B1B6}.exeC:\Windows\{988E61EF-7CC3-46ea-B1F6-65970451B1B6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{36E306F7-9534-4095-86CE-16EB5B29353B}.exeC:\Windows\{36E306F7-9534-4095-86CE-16EB5B29353B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C4F49FF3-5D88-4bc4-86D7-B5129AE32D5A}.exeC:\Windows\{C4F49FF3-5D88-4bc4-86D7-B5129AE32D5A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D1663169-0C26-4aee-917E-11FBFD7F1DB9}.exeC:\Windows\{D1663169-0C26-4aee-917E-11FBFD7F1DB9}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1D51984D-2EB8-4b3b-B84E-D4F0D35CC76A}.exeC:\Windows\{1D51984D-2EB8-4b3b-B84E-D4F0D35CC76A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BF6AEC5D-81AC-4f6c-899F-CC437E8B8C88}.exeC:\Windows\{BF6AEC5D-81AC-4f6c-899F-CC437E8B8C88}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA7C2034-0D21-41c1-91E7-E431E2BC4CE7}.exeC:\Windows\{FA7C2034-0D21-41c1-91E7-E431E2BC4CE7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4DFA526C-00E8-48c4-9673-F9ECCAE138B2}.exeC:\Windows\{4DFA526C-00E8-48c4-9673-F9ECCAE138B2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B084329E-7597-4ff9-A408-D6689F42AED4}.exeC:\Windows\{B084329E-7597-4ff9-A408-D6689F42AED4}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1267965C-7767-4cc1-ACF4-D5FEC8D7B5E3}.exeC:\Windows\{1267965C-7767-4cc1-ACF4-D5FEC8D7B5E3}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B0843~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4DFA5~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA7C2~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BF6AE~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1D519~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D1663~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C4F49~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{36E30~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{988E6~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F415C~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{51745~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5f4b59ef5c97524af34bb8ed36396304c
SHA12d4b4af2f776397f0d6464a7aff14be5960b281f
SHA2566d4c36d3de2b289661ce38a8f1a4d9a459645af0f5b36a495b3bbca61f136917
SHA512d3b01a6dace1eb23a9a2ef2275c9e4d5f849f904a1a6857c44b4f5bab4703ffa8b8c538aba49718e1d227e22e1d381ef5e91e5fea0d3852c3673c74a92812fe8
-
Filesize
408KB
MD5e500497e75bef9846f28ee9531a0b5db
SHA1f18509ced5de1a76d2c318e76e8f56bb504c2c78
SHA2566e7602189afc044222b5e4f25d6482b5be7d9c69b341897ed04296fb5f7165d2
SHA5129c88fb47a75e14a5ce8b2338987948aca02c2c351435b82a9795cf67a81f3b0f84491a3cc86674ecd1bef1406a9648574b3bcfefbd80b09e64c742d51a835664
-
Filesize
408KB
MD5bd39583773929770d46ab4deb5c0d3e8
SHA1008cb07caa3f8cbf85a2fa1c9a716d1930de4878
SHA256ce89f7d26c8b5040f94b5d3ef92859ee4ac755df89a23b8373cf05f61e87641f
SHA51221a3d663991399b416325de9da799c1a3037ac3e19f804b3caffa6e684110effe287a59c0728a9f321738f905bb4dca942aee083521352e9e96a55fb321d7525
-
Filesize
408KB
MD5e514ae9396c032d90f14e5937f6ee36b
SHA1bec835d7c35ccb0f3180e535edd0fd19911ae4d4
SHA2566049f0416c074d0dfac64b39ff772b25bd4442602bac66b4084736a00f4577d6
SHA51249dbefef08566c16202a8062ae93b47ab202b943951b4a1b44e326ef71c7844a703597d625eeccdd88cf0dfdbc16cd49ab1ea0066b3e583a0d22d2bf2d6fcfdd
-
Filesize
408KB
MD5d4d8aecd8a634fa24aba6fb08fb1396a
SHA127e9a12a4b1f7a4bbc503de980679ddde171ce57
SHA25628848a190c593a7d0d80086f6508d2a287d2596541b8a9f8c6910f54b55e590a
SHA512725a02a975f36df61efa79e6d8436fb4f4046ee8c1e2862deb4c1ae6eddb6bdb27265ba3593844bfad6205fd64e5d2867badd45fb79333bfe0c0dcc3425d26e2
-
Filesize
408KB
MD5ca107df2bad78ca03de9b61964748927
SHA11508e529c183cd6b255c87419e6bae101e078322
SHA25678cc9e9115c6db3ed218cf8ddc4c6a19a1d287ae39823c85007cad03687bce68
SHA5122d58ce718cde5dcdf2377a3c18cccf348f8d4acdef14f895449f3b8728147acfd795a0a786657c581f73795bc7e808759c176a3973a313b8100574e51b0361da
-
Filesize
408KB
MD5615303d847205fcd5eb920060a214a35
SHA1fd02f39c7acd613890c088047cc50b4ee690b6cf
SHA256d333bb0eeb664d6df154ae9f8bc6265ce32d91677f03da4643e30b0cd0810bab
SHA51280e08e6c121fe2a7b4a481f78afab6f090a3f031b4fd3d4483d900e53ab609db4ca5827b9ef0924b0c3734d13f7ae158a03e196975c76b1f1815e28d1fa740de
-
Filesize
408KB
MD5a2c47b16cfaa647585f021df56b60d91
SHA1ae854f1b1121a3446d7436eb1b4de5d764673f13
SHA25602207889d992dc1aba104f2ede14355b34c66f2b7a003ea954dd792eca56512d
SHA512c068af3fd67c246e44ff1cc29048e2c2882fe3eedc7f7da01b180e2bd9e16e40f2486a918ca80b2abd38fe08400c06cdedbe8bda01ad9f69c378ce944a594cb2
-
Filesize
408KB
MD5122af368a3432612986edfb04f8aae64
SHA1b9484caac42c87dec8db9e1246cd22775703c9c5
SHA2562103782414b2694ec884932ba6a758f6a2841a8724857a3d8f887919b7dfc78b
SHA5121605f63e6d7f091c7df82e6b19187a897c04153475fafc927fe6add7246d718106af4b736ea1ebcd52c4a355eb6951ab274a735e1112c98866be5148c829ba34
-
Filesize
408KB
MD584c51205f8ec36666145ef41a58e6f93
SHA12bafb5f27582c9e2657cdbc49a00c8ac159016b4
SHA25677849de6358b3d714d57093cc08f4ba503627c80923ca55e91e8606def00e4e9
SHA512d8c6f33a2eb1734e1751d13f07710fad54c439ef74fd2a225ec98997bdd5b1a4e188d19432c57e509f8d37975af58f48d928a42ca74142e49f691ee21e082faf
-
Filesize
408KB
MD5dd7b36cb16159dcbb35eed581ad09b2a
SHA1a1c1f9914b39eeb25e8a60f603109864fe423118
SHA256761f3f5802c1830e42073a5b20ae63eeb51cc68e2a7f6424bfe23306f317a291
SHA512b47c2f90721a0eb003182d479bf42c994c0d55c370a1dc3d5a9b69c6cf9bd1ac8c0b8642553cc32d4dbd09b9b616e9ca15ce1804b19a0c7d62958a8b67237afe
-
Filesize
408KB
MD5da795b052f04113e0c1a7fea83b9316c
SHA1e5dc72d5d9c5f5ca5ee725c1e7debe75c4125b49
SHA25614992d239d309dc3038ec74951774f644ea8f8f5e5907f9a4e3872f0599c077f
SHA5123ab84719018d76006aef93db16f08355bb58fbf5c64369ef5144afcbd805ad97155a5f946a346b8a82a5a3ae3cb85a1dbe894700be84f15d727e7b383ade03ee