Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
23/04/2024, 21:45
General
-
Target
2024-04-23_0d50bd0f87c9504e51c0778962808fef_goldeneye.exe
-
Size
372KB
-
MD5
0d50bd0f87c9504e51c0778962808fef
-
SHA1
7679eaebf1b5434d4f4c40ee01de4e0d6b6aa374
-
SHA256
7fc90c8d85d42019ba02a6f78821d958407a03e3b4f3f4ce603c74d61bca8710
-
SHA512
6dedc26dac798c06e041d5f7ea1b99a14e608f3549d04f026a6b129ab5a62af0a2998f44213299a166b864046eb15baf193ae4222d468aa424eda7696cf70091
-
SSDEEP
3072:CEGh0o1lMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEG/lkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-23_0d50bd0f87c9504e51c0778962808fef_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-23_0d50bd0f87c9504e51c0778962808fef_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{940B579E-9637-4cfa-95A7-88F8C1683EE0}.exeC:\Windows\{940B579E-9637-4cfa-95A7-88F8C1683EE0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4C6812BA-A895-4934-A350-3BD9CF181402}.exeC:\Windows\{4C6812BA-A895-4934-A350-3BD9CF181402}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A497E50D-B4FE-4c5d-8B20-403DB199F52D}.exeC:\Windows\{A497E50D-B4FE-4c5d-8B20-403DB199F52D}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{58C1FE9B-E980-41a4-A34A-6942F5FB6C1E}.exeC:\Windows\{58C1FE9B-E980-41a4-A34A-6942F5FB6C1E}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D99426A6-EE41-4573-83CE-A9D66FAB97D4}.exeC:\Windows\{D99426A6-EE41-4573-83CE-A9D66FAB97D4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B537EFF5-1F21-4af7-A4B7-9FC88FE9C18D}.exeC:\Windows\{B537EFF5-1F21-4af7-A4B7-9FC88FE9C18D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C0C0CE2B-33F8-4b09-84B7-3D54DE1A46E3}.exeC:\Windows\{C0C0CE2B-33F8-4b09-84B7-3D54DE1A46E3}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F9485E62-D493-4853-AA04-92AE2FB3D27B}.exeC:\Windows\{F9485E62-D493-4853-AA04-92AE2FB3D27B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7F20A7B7-8BB7-494b-B9E2-5D1CC43D0041}.exeC:\Windows\{7F20A7B7-8BB7-494b-B9E2-5D1CC43D0041}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9D9E019E-A8A0-4341-88BB-701DE4540B7D}.exeC:\Windows\{9D9E019E-A8A0-4341-88BB-701DE4540B7D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F9E5F774-E51F-4b5e-B277-388867EC2560}.exeC:\Windows\{F9E5F774-E51F-4b5e-B277-388867EC2560}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BF3C0B92-0E17-4c01-8194-32966F260C7F}.exeC:\Windows\{BF3C0B92-0E17-4c01-8194-32966F260C7F}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9E5F~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D9E0~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7F20A~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9485~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C0C0C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B537E~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9942~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58C1F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A497E~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4C681~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{940B5~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5024c6a4f66836fdd89a92cce0291470d
SHA10ea149e4dad2b3a5b7107114a8727ef7686d9f88
SHA256ff8c771da26d433df44ef4a6b644a85268ed561625396bf749747e8ba63effa2
SHA512c776bdcb2ab89d805f1ce7efbb4188486f8b01f0b99d43cc7d014065c88baafeb95bf6333c168d521a91288bd23d5d567fa10593b6619e7aa81c5837f0d9ef1e
-
Filesize
372KB
MD554e6d142202ccdfad6130e8bf9f607c4
SHA1e170b5c5895412317329bea3de6ed1cad7b1b36f
SHA2561f242754250d263e243e75de6e11e0e478d37b415dcd4f7e37093e29d85a99a2
SHA512fbff359deb05e05da43147b6bcd0b494812e7917a3be0a587a6e7685860e2739537748e71a2f5a3a11391c0e47068048e099de44e91165383f9e531a14eaeee1
-
Filesize
372KB
MD5a6dbfcf4df6950d3bb6702b4fa277d3d
SHA1eab2545c5014152679d5444e3441026e5f1f07dd
SHA25653e17f0da041b13441b261712e83dc7f921aea16a91490e99a1a2f39d1ffac33
SHA512791856f1b2f72b77561df46bd6004e71c428261c191889173ebcae6c2d11d745345aa8a820ee893b48c29fb885564a3fc3f38dff18c316992973240fbb19240f
-
Filesize
372KB
MD50787ad6329917cddc65681b3449e6700
SHA11815171e0a830240ddcdc61d868781aee0d777c5
SHA256ca56aea2f39e37ba066c6525b065198d1c67c522aef03ef208e6ccc34b112415
SHA512508b241bc978333d05d3d18f981026bb77c5c74025770f5aede26774d032a31a88df375eb63bbeb4e1bf7f309eace19804af73a1d262f9e3a512012b1909ad33
-
Filesize
372KB
MD5869f1bdc7b7bdc672f3606a6904a8d54
SHA115d9c7527605c29e9e05965c00b51d261560512a
SHA2564a05cfca66fc53f3c9a78ebd3ffa3814e258bfb0cc1903139e3bc04e950c3e99
SHA512b97424d21ca251dc9780eb2aba9fb17a25ac1838fe226f4ae7ab4363ba09992bb234338657033d1d05fa166ab882067f8c5dee22cf28ddf56bce677c4f38c00a
-
Filesize
372KB
MD5d63f96e1a685f8a524f67d39b0d7ef94
SHA154a514e172773cde75470509df1137f06a98f464
SHA2564c14da4dd291c039672370afc6d7e2b8b3983eb758640d0b59cd3adad3e7eedb
SHA512c35718852f5e60be5f96a78d0b00b49d5a6eb8719fc7a10988511e67c94182f5e7eb4a25687f58f7323cbc01f249f953efb96d782bf103815e97b593eeda3e51
-
Filesize
372KB
MD53d4dd00a72e916028dc3183993f5d84d
SHA1b36a33d6c340292a164d960290a372f61414e09d
SHA256a91cccf78664d5bb6b20a40f63f91ae4e0325ffab752fc2f2986320cb00a2e29
SHA512a3ab624b4af4e01230f59329956ee7c31fa0d6179a10f52acbc1770f9a782bac0ef65d390f3546a68084832e2c10b6bbfbc39d0393903bdc47b5d47f759017b8
-
Filesize
372KB
MD5e2833d1b645f74e37f6c77a1c374d5f1
SHA121c28597e8b9ce1459e78d02c87b621277f19777
SHA25697ba624f0b9ddb6db53c189f525193b5b349fab3b5f5104c2032cff75600a5ff
SHA51203b24d7f31a78d823a92e9042b5311766dd0f729bddbe34cd6f25729c7a47a717afb090afd74a6f010dd874c9a07a4d04e561ebd92ba8cf8d61e60029164faf4
-
Filesize
372KB
MD5ba8b77f40ed1ebef894029d08ff1caff
SHA1121509984c27097bfa1e0d14abb3bca8c79edb26
SHA2568d6373b17a0bd3be1084aeaf6f468a25b7891e4cf562ed85a33cbb33de2e5673
SHA5129303f47ba3219839208648482e22e97909b22f638f29cbe8a04dd8dd5eb1be1050498a7f2ea1448fb636c873449edbd994106ae42764c1c867d8b94853f0ac95
-
Filesize
372KB
MD584fd538035f07dcc929216c2bb02f14a
SHA140fdfcefcfebd0821723aed37d116f2ffb65ec47
SHA2565034790f429a5beb86c796fa4d38e095698e3df59f0bcbd6248f9c394a1899fd
SHA51228c3174fbcc7ad50598fe302d36e764447131883f28f016e4ac9e64ee198541797865df96157b5c71c9f144fa12e4a42b9b8c1a3a4508f9012d8714140a37fd1
-
Filesize
372KB
MD5c91a181256338da0bd150a539a86d998
SHA1ba6a3029d6130973a6b27bafe0b116cb91e13b59
SHA256cd6d6394e5df147ce1b2f2809d02058fb44e9dc85aeb25d688e297ff88ca8180
SHA512c89fee5798fa9070ef1658a5d95db32691d26cba6d81c8fc7bc85606ca21b12cee681db50f5d8daa719eaf202cc9b9e62c40b21be0b34507df3167a5c71564c8
-
Filesize
372KB
MD550bc2b99060e280f931c75d61eacacb7
SHA1c7e881fc47cce1b343a93d9f93a39c381a829935
SHA256f8c4a47a581b09c34bc0bace1b9305da1abf5e66bba9df64e9730fb733a4757e
SHA512f70cf30bbcb42962395d833d0bff5bf303774ed3ac4a1ddbf9e466a06cd21f649a7280c0716cd1618795a5614e7d20257de53f8d4d07757aac22801df7da8231