Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
22/04/2024, 01:47
General
-
Target
2024-04-22_4c46c1968360c0c8ddf32a0eb0ee1828_goldeneye.exe
-
Size
372KB
-
MD5
4c46c1968360c0c8ddf32a0eb0ee1828
-
SHA1
7d2281d5d009f8df6e21d872c7bf81cdebe67b84
-
SHA256
876cd2d3429a994e3e9d70991198dffabdb8e828f0539c037246f60051d4e00a
-
SHA512
45195ef579498f9219b881b66c18339c01a28027ca15c439cff3e29815a3239daf0f92db6a913d12d849a8194a7141bb6b0df3b1fc9467eeb556f9bd79ff438b
-
SSDEEP
3072:CEGh0oslMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGylkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-22_4c46c1968360c0c8ddf32a0eb0ee1828_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-22_4c46c1968360c0c8ddf32a0eb0ee1828_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{10A5C153-2C6D-4cd0-8EC5-C9C618555C09}.exeC:\Windows\{10A5C153-2C6D-4cd0-8EC5-C9C618555C09}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6A5256F2-7177-4469-B97D-0F72254F5808}.exeC:\Windows\{6A5256F2-7177-4469-B97D-0F72254F5808}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B74E5E7A-B9B0-4d6a-B179-82DC0D977571}.exeC:\Windows\{B74E5E7A-B9B0-4d6a-B179-82DC0D977571}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{85AC172B-2A02-483d-ACE3-B0E6EF9CA32C}.exeC:\Windows\{85AC172B-2A02-483d-ACE3-B0E6EF9CA32C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{66D0386C-1801-4772-9FD7-FDCDC461BCC2}.exeC:\Windows\{66D0386C-1801-4772-9FD7-FDCDC461BCC2}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F04AFD5D-45D7-4baf-B97E-F93C71C076C1}.exeC:\Windows\{F04AFD5D-45D7-4baf-B97E-F93C71C076C1}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{92211DB2-B4D0-4c87-BF8F-B8AC9ABEDA72}.exeC:\Windows\{92211DB2-B4D0-4c87-BF8F-B8AC9ABEDA72}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4F63641C-AAC2-491f-9E22-B19B4BFEEB38}.exeC:\Windows\{4F63641C-AAC2-491f-9E22-B19B4BFEEB38}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{97B11CB7-840E-426b-92A7-8B8F3969BA0E}.exeC:\Windows\{97B11CB7-840E-426b-92A7-8B8F3969BA0E}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6887D4B4-71B6-40e2-8910-37F55B6EC8FE}.exeC:\Windows\{6887D4B4-71B6-40e2-8910-37F55B6EC8FE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{435026D2-5146-479d-8E93-BCC0B20239A9}.exeC:\Windows\{435026D2-5146-479d-8E93-BCC0B20239A9}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{20F5650B-F05E-4646-834E-274A48EA9834}.exeC:\Windows\{20F5650B-F05E-4646-834E-274A48EA9834}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{43502~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6887D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97B11~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4F636~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92211~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F04AF~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{66D03~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{85AC1~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B74E5~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6A525~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10A5C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5ece75e3e1177967ee80aef34704b2cc5
SHA1586fd0ac29b3c1e76110c6be22f7a6f5c42ad928
SHA2561bdf732884cb4fd04023922975ba58ae069d9a9ca493cdc94efbfbdc0468217d
SHA512588969abaada535d0d8114e97cdaa75748387de74d722d17a3843fc7bdcfe615844948a5c0e3d70d39d3aa54c929b5710bbc6a2eda356faca9ff439e39017c3e
-
Filesize
372KB
MD5669793e81c4e8e1e6df82c2a9ea55742
SHA14f9617baba59b80158b76684ca668a610f761fca
SHA25654ff7e4f18666b4f65cc93b969ebfe28ef329d407a81540c3bac9098369de2cd
SHA5126278882b7a299f343095c15e29c14a18c7c354b6533a88fd69ad2660ec4291b4e220464da47844edaf74fab5004baaf7a0cfe00840394a57f9638294e9b3dd2f
-
Filesize
372KB
MD534a3e6eab050841368ccc61d30836441
SHA1ce880f541de9b19cea9fe184b2256c534adf0cf8
SHA256a946eabb665597ed3d6a00ca4460385c4e6a05b21bc7be4d06b6f27590e8fd74
SHA5129d53a39b431d6e4d88bc49fab76781ae405eaf40d643e77141641ed93bfcd61bfe417262c5ba8e21b17a9aac7903a4dec4a5fb29fbbca62d8d067afbdef1ff3f
-
Filesize
372KB
MD5da6663df72bd5be26399dc5d5ac0d8df
SHA1940ad4f97620e6ad805693f908a351b36f2e2795
SHA256e8e76a10726971b71a0be857eaeda1b5ad2e48fd6082a80bac661df641a01cd3
SHA5127e860032c1671e3ba6bf5c5ef7664b2779bb4623812cd752badd2228e789cdbcd1a85d80cae499d8e7edf7e44785a7032cbdb0937c8847b8ed0ae4598260573d
-
Filesize
372KB
MD5a42221661bba751fba37e1280c8184be
SHA1287679bca2b845f2a60447353439b4cad6a0e3f8
SHA25604a88df35b0a4c5584038f95b22f9d26286b39e0ab1214e2d5337566dae584e7
SHA5129a2b9e29bfc432aa7904543b8ea40bed1ec8efe6c6bcc75a19d712045be1a9de70aa9a866857bf6252b524c2986bf02cc2ad2af33759078a68f9da8d0e3fde76
-
Filesize
372KB
MD5dfd9988e167c379cd6317fc651a417c5
SHA12e4e17a457aa8e9fe2f6d11c85b1fd7b1c415da2
SHA2562f3c89c36a303981049d1e042750f96f95278307bb5043d84951e64cb669281f
SHA512b82ee13614e4427a8c47555921073fcf6647c975f8f754d50e706229d3ac5f786d40f7ddc6bd0936f1517736c4c16f8d796c8c149bf0a70722371b36c268c78d
-
Filesize
372KB
MD5463a14215d9ae5a23eca66978a3fe0e4
SHA129c36e8734f81d0ea4b0c4c6fe4419349388c061
SHA256818ffca33211bccd72c5700110d2fc56ccd45e54efe73042a6f323f27250b9d2
SHA512e5cd04b4a98647879c89e98be35a02ae26cb665aaab930d37e2797810cb3fda3677807b6818e9c7509e8edbf25077743ad5263b0fbba80058e4557a5479d6daa
-
Filesize
372KB
MD56b4f91b8e6d7ebcff269251f9060fb23
SHA153a225c4959d3e7ec32dde5bda3c72575dffc3a5
SHA256e2cdab5e0a1515499e4997276043c4bdba71f291a9d3885b273bc41c9426f93f
SHA512cb36377b8656e93ffda3353aef5e94f3d4b8fb567209c328467d416d8e8f4a59a11cc9f95e5f8c2d42bc8a5077ee777559259a846b5e7d1c01521cffc70045cc
-
Filesize
372KB
MD5602f0698dc7934ed64f20f1704017d3b
SHA1b5b8ca9dc45d62ac1be1ae488c7b260fd3a65822
SHA25636e945836d483f3f33720089ab32b4609a7df47c608285882e2ba134dc9ac7fa
SHA51294e5322e3a7ada997b105da7ed808e2b7efc29b8dacd3d07c33d2932878c569a661c342654633d18c725c25791295fde509dc2ba008f69d610326b6df5c71db6
-
Filesize
372KB
MD5e752b03035c929e0e9561d72d708be9a
SHA17db6552e5a6942d978c584b6edb26b718767290c
SHA25617751876a23ce340fddf7fe4955019b1b5b7d3491dd42e79f2b8de39352b2c04
SHA512ed4902869719f19be3cc9811b8458a14617a783ec608b88e0ff5b7335a281bec205b36485a13aa8feefb3dfc7608f184be010e7d3ca2e42fdd5b3711f3cbcba9
-
Filesize
372KB
MD5c07ae11cf772b0a97cc237f550cfb8f4
SHA16be96a202c39d5a86e3751ab20d6961f39ae166b
SHA256e8bd7d8520b3b8624a66e47003794e62b7cb61038d04e81496433d6ae35026b1
SHA5124ad20646bbffd214768215bcd9a158619daa5c3197e2ad18482b572423f7a90dc37611a032d63b9a05c21b39f3fc7a3caf231d27a454c7c69253600cdac38b57
-
Filesize
372KB
MD54dfc1f8df027bd3f69260da6248413f7
SHA1e3e997879174014c68f7db4659a567bbadd66add
SHA25661d6269222a186a42fefac638061b4a33aab6453b4fa05fe6d3aa08c682f5842
SHA512a0dd84172a5d0f3c5156fa2645d9f3d2696f44ea35d4320846a427d4ef786e0cfadf7eac98a856833f630040d2747f876fdd2548fbdbfa07f5d7fab6f65b6b9e