Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
23/04/2024, 07:50
General
-
Target
2024-04-23_f7caddd2003f4cd4c0eb7c6b9818e2bd_goldeneye.exe
-
Size
344KB
-
MD5
f7caddd2003f4cd4c0eb7c6b9818e2bd
-
SHA1
4c06c0022775db792d21bdd4f18b038617efe2b6
-
SHA256
54552dd4fac6af5148599285592eccb387215cc8a9bbcdf90f52160e76fa0187
-
SHA512
cf51aeb70d1630ef13e803b35baca8105860099a47939315a1f0e0f88fef63b8cae6f98f0df4f941db19a5ae3389e625495975ecfe0b11e7bbe0ef051bdcd6b7
-
SSDEEP
3072:mEGh0oulEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGYlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-23_f7caddd2003f4cd4c0eb7c6b9818e2bd_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-23_f7caddd2003f4cd4c0eb7c6b9818e2bd_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{622AE6A0-9285-4905-9B7A-876A60A827A6}.exeC:\Windows\{622AE6A0-9285-4905-9B7A-876A60A827A6}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{60AF7482-A6EA-46c1-AADE-B8023504752D}.exeC:\Windows\{60AF7482-A6EA-46c1-AADE-B8023504752D}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A8C945A8-50F1-4305-865E-D5631B72F981}.exeC:\Windows\{A8C945A8-50F1-4305-865E-D5631B72F981}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{79768B8D-838F-4e9d-94D5-0B454907619E}.exeC:\Windows\{79768B8D-838F-4e9d-94D5-0B454907619E}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5625FD4F-EB82-4769-A39A-73C509E2CC57}.exeC:\Windows\{5625FD4F-EB82-4769-A39A-73C509E2CC57}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E4DC036E-AA6A-4f57-B7D8-0AC510AB2AAD}.exeC:\Windows\{E4DC036E-AA6A-4f57-B7D8-0AC510AB2AAD}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{226BBFAE-3BF0-4420-82E2-387C3FF89FA4}.exeC:\Windows\{226BBFAE-3BF0-4420-82E2-387C3FF89FA4}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CCCFDC67-B418-4d76-AF2F-0D65BB64629B}.exeC:\Windows\{CCCFDC67-B418-4d76-AF2F-0D65BB64629B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E878048B-FCA3-405f-B97D-8F36982DE5D3}.exeC:\Windows\{E878048B-FCA3-405f-B97D-8F36982DE5D3}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3C74D212-6364-4479-A9D5-5B48DE39977B}.exeC:\Windows\{3C74D212-6364-4479-A9D5-5B48DE39977B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E12D2715-8186-42f7-A556-E35A5E08DD4A}.exeC:\Windows\{E12D2715-8186-42f7-A556-E35A5E08DD4A}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D6A76113-7D57-4460-8D2A-6C3BAB24FBAB}.exeC:\Windows\{D6A76113-7D57-4460-8D2A-6C3BAB24FBAB}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E12D2~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3C74D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E8780~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CCCFD~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{226BB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E4DC0~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5625F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79768~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A8C94~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{60AF7~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{622AE~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD51ca4c1ec726b98ceffd5b3975ac1519a
SHA1bcc074027ee03c25344db60383688e24c2a92f84
SHA2567740dc9dac5e4efea285fd77221c0fc357fb8af69bff3119278f695a886d858e
SHA512acfdf2bf1690832f16363e82b4dfab668d357498651b3d858eec13c285218e0dc76a441437fbe8d4a1e7814d558abdcb19c15429ff0ecb077e333aa303bca97c
-
Filesize
344KB
MD583026e3c229d2da5c4600e0260c37134
SHA188152d75b0050921a2af32f9cbb64e01cbe7430f
SHA256947d2b22805f2f1277dc7533a8ed6050279a272d5ec031dc8448ac6412f7fc16
SHA5120313eb53bf9f51f97b63a07fc6fe63369df3b5ab640f7725eeaf82fee4b26adb0c83754b698e83e4b616c10f504b2e66bb52a30a1c97e1ab00365cfdf5722f3c
-
Filesize
344KB
MD597c0fbdf075914fdbeb107e706603c18
SHA1cc0ff19590c113e7a9d87d48178c889a6f4bceb8
SHA2568104f8561cec547fcb24a2dd519868c6f2dadb372b39db25f722b5d56f050620
SHA512607287f63db21358d50179d075ad337c9f302d07439a9d697c052741fd97df22462c5bb2775d9c0d58a51d61589d0e822033cb901c2d1e8a316ba48614a2ef07
-
Filesize
344KB
MD5149fb44b3f507f651f9511112ee6a054
SHA1f7a0dab6623e98e94ec9fccd1f7c7b8c2b99babe
SHA25619ab710b64eba9d497822d0cfbd80cab8c0e27585f40c653209288a9afb8934e
SHA51253f9c34c5bbcbaf939723b22128b6e94e6dd80a366e88821d01262e81985f8e68ef7e19b5252791ae0ac8fbf098ecca8a38e9419ca0ab9299681df4eb638e2f5
-
Filesize
344KB
MD5bcc7635fd6221c8f60bb8d6dc89242d0
SHA1fbcbd9bd9afc0b608cc3cd21ebab64b04a3d504d
SHA256b0631f08690b88c22a1ecb1b8f3234d2ab9d95e0e1b7a04868f26394fcc09c48
SHA512c2496a9b1b5969c142b5d6f1f92a49256a4a29bb85d3fbc89e4bc17da6edaa4f50a541ba87b6bb093a4f24af99e38dab09f56e6a326bfc1a585a62ed4df26169
-
Filesize
344KB
MD59eb11f220b0ee76e4b0d9cfbd50e6d9b
SHA1af0d6f66394cfee421d1fa3f562ee61c7f87ac09
SHA256c3797c96d159b6900151aa57dec6eedeb99f6831c16efeb1acafccd88142ab73
SHA512bedffc3e2962fe27e01d6b676c21f5d1debcc300ace96b5b6945e3e033694573ae6670213f97eae2cc89c8cf5fd9a476df3d7e0447487c5b2cdfcb76415eb006
-
Filesize
344KB
MD5135746382baf5281ba8fe266220a9ab9
SHA1a8b566aa9c830992b67c28bb9841e819c5c1333d
SHA256a0f02fc7a49f585db62513d875b770a62fc98d780b85e8d18e8a778c347a0a4c
SHA51225dc0b3f62c0d80ddadc00eea88934689a01b61bb2cc9e2e003aed29bb96277892ba6ea8a56dd4099967a48ed124a49ffab0f69cd1a1a68c2abcf40141a535a2
-
Filesize
344KB
MD5e6c1c31374b5a36fb496db571687a93c
SHA13a5a838d566183011b7cb8e4044dd04fb5a33667
SHA2563f320b9c7f503bbaf3b5655b18d3bab6191b188a153be9ecd9a842b873d606af
SHA512be41ab552e02b2aac5cf8fc6c1da94572592d923fd5f90f9bc8b88d2ae57a848a0cabbc9cbd63f5cc50a3b49f8f75390b9a3cc4229e0af9a76bc089199f85159
-
Filesize
344KB
MD5eed313a9e8ba84b298e8c140d78a22c5
SHA11aa819e36c30104e01ee4c419b1b100d0ba81963
SHA256e0bfc85eff9051504bf84146a8d4f3a89a987ebf926f03b6743a6e8ecd985a1c
SHA51255a9603793190bf301f5a873e94a58c6fbaecfdcdab96c1c50521606444a8a7cc164cb20a0554943301582932942253152f05b32251f4c71ac87a959dcbf043c
-
Filesize
344KB
MD5c9512fb764ee87dddd2536f2ecb51993
SHA1f17377fe0374a945c394643d4ffe110f6535edb0
SHA256282498e2b9dc820b925fc4f6689bb7800bbe3bd1641e6f66c64a9b74872cb568
SHA5124d6df95483d7b3ac8f46a7f8685ec5afcdea0a6aa1747f2f5f421d92a05244b2797be0f973fb0562172fd3f115b54e3415f3d268e2cee98f51fa7bca240ec4b5
-
Filesize
344KB
MD598d72d69996b0f25959b7b2dcac84684
SHA10c8294a414104de12ab5690ba3a31f94229bc350
SHA256cc29105582e499d564ba8411f41c09d3306d848dd09d11434a84c40c22e92d45
SHA512e9ff7271d8d634cda7afc234a63a175b3fdcd79c3df53cb41cc96e98f0d3e1f9e17a39c64d45d4ada64684a5870aa3e48ae02b345100d6cbc20e0c2abbe94ca4
-
Filesize
344KB
MD594c96a6fcf71394c5f7701dc9c19d171
SHA154d6f2504f2582929bfc73c5cbf27600406d9898
SHA25680a3e9cda178ab901202b3154237a24d8deb35d36bd5998cef95cdab6a986cb3
SHA512a93924e08138c36f22b05d2e1433c63ddc91e5a53961f8e1bd02c94bf23e8ca1405e6f9b7b5cc2e72213fe464ce62eb3c40b084b5aa6ffdf326011f5535c54ad