Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
24/04/2024, 14:34
General
-
Target
2024-04-24_c8a9d9fd6178d44896a9330655789981_goldeneye.exe
-
Size
204KB
-
MD5
c8a9d9fd6178d44896a9330655789981
-
SHA1
41992b5a713efee130850a780d5dd767250d5ccf
-
SHA256
81ab34cb1602281db56a3bfe977116db9e51113365b6504edf6350b6f2cdb9d5
-
SHA512
5e001457e64fe3ea5263cae2f22a9eba4464f4046f7c5a34eb55dd30e61a719121e22b45529ae946a5d0f2e84f88b24604e52d6995af100188d6a846ae781c2b
-
SSDEEP
1536:1EGh0oql15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oql1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-24_c8a9d9fd6178d44896a9330655789981_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-24_c8a9d9fd6178d44896a9330655789981_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A6351679-9986-4b7c-9FE7-11D33B4545AE}.exeC:\Windows\{A6351679-9986-4b7c-9FE7-11D33B4545AE}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E02D3ADD-CD2F-4889-A283-82DD2AE61CE6}.exeC:\Windows\{E02D3ADD-CD2F-4889-A283-82DD2AE61CE6}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C647815B-EBF0-4336-8096-DE83D4DD8A80}.exeC:\Windows\{C647815B-EBF0-4336-8096-DE83D4DD8A80}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{06389EE9-C1F8-475a-A3F3-158775F32061}.exeC:\Windows\{06389EE9-C1F8-475a-A3F3-158775F32061}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A3E10893-8DC3-404a-B548-63B1E20AF64E}.exeC:\Windows\{A3E10893-8DC3-404a-B548-63B1E20AF64E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C7A62CBB-F0B5-46a7-8D72-AA027E11FF5D}.exeC:\Windows\{C7A62CBB-F0B5-46a7-8D72-AA027E11FF5D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3BD33E7B-1F4F-4774-9514-BF3B2DBFC428}.exeC:\Windows\{3BD33E7B-1F4F-4774-9514-BF3B2DBFC428}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{44B98867-74BA-4c8f-AC2F-6CFB6CD1214B}.exeC:\Windows\{44B98867-74BA-4c8f-AC2F-6CFB6CD1214B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8F4D7AB8-F0B9-46f4-AA31-4B3DFD82142D}.exeC:\Windows\{8F4D7AB8-F0B9-46f4-AA31-4B3DFD82142D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94A2929B-D6DB-4aaa-A013-798B1D133D1C}.exeC:\Windows\{94A2929B-D6DB-4aaa-A013-798B1D133D1C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{027361F7-44C1-4760-827F-292EB117C6A0}.exeC:\Windows\{027361F7-44C1-4760-827F-292EB117C6A0}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4C73A84A-84F8-4d64-8117-DAD71379810C}.exeC:\Windows\{4C73A84A-84F8-4d64-8117-DAD71379810C}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{02736~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94A29~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F4D7~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{44B98~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3BD33~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7A62~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3E10~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{06389~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6478~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E02D3~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A6351~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD5d4fa707a1230be9fb2fd13b3b1216684
SHA1bb2f04471801d9bcba4482d4bfdfb5f86db77c95
SHA256ccc5caa114288eafb7a399b7a92d5b69d60d1313dd62f3870ffee738af08ff41
SHA51210cc6fed5213e2aa538ec3bdafa51ae14f68a458d14fd089e103af33194263afaae44b01ea22fedcccb2c7e467ead129d7337932122a0d928b5a2c18428f79f5
-
Filesize
204KB
MD5fc6ab6037f9a4f168a1c99578231ddba
SHA1db0653bd126fec4190c29c773939af1a73e917e6
SHA2561cf21f3398838e4cd95e9c5c18981cb7a1253c785ef0243d6a3e62d35f324af8
SHA5123630c01600b528b410605d56238678293c805bd08905db3b22f186c4a67081d9187f0e96c063895bfd96cd3698bad57f0085791d0b4f30780e5d4fbf1cddc50a
-
Filesize
204KB
MD5c3358a31ca5ffcec51ec80cf8d3a415e
SHA1c1468e33de869686bdbef91ae32d9396fe75c791
SHA256be4edbd6e67f7e9ee8baa687b375a024904228f41f7cff716a13cd5132f894f8
SHA512174f25fb04cf06e5b0a2408082e4d5149bbba9239d6f34d1b154c381531e230252f19d498fbc20757804e3ef3fd33d635fb7abea0a4e02de63f7a4aba76cf10e
-
Filesize
204KB
MD569697a2435563bbf793ca42105c189c7
SHA12ee8e027c3225697e06575c423864a1891bacc1c
SHA25664fe76964bf2a48e2f686053b5ceb1f4af791a343cfa02606e4aa5fb742919eb
SHA512cfd2038849a09e87230a08aea2397edf843dddc10e840bb2a88094adc1c80625f35236bd99c88055581d4e169b89a546fe753216c4f74ccf8707be14f62f6cce
-
Filesize
204KB
MD53287f0840d1950b795f9a9e40bc41a96
SHA15b78fc230b5f3298f468bf0156b46596198a9b7f
SHA25699992a383d0d8fa0f3fe36bb3f3fa0f237e3f81a5ffe6acbe7ca6a64d468bd45
SHA512aea93e1e80f4ff259328bc25e312beea82025dd4a6b6fec4467595cd1ea11af70671daa76ceabda3a52b5057307b7e76d4f9beaa11174ec8af0e471e07b46b48
-
Filesize
204KB
MD5ee2777617d1afeb5a626ee99b3399fed
SHA122031ac2a34e8a4bedb412da8b7d1f4c722da7c2
SHA2560efab95d3bbbdb958120f9af2c1c08193beb2f6c532eab7f783e655aa2410534
SHA51255d65bd70250f35e99dda2157a356d0e8711d066edb8bf7fbbfad05d451269bbbc52fb2d76fef450f78c9d6b4aea4aa83670e8663a2d866ebb909b0044a57bd4
-
Filesize
204KB
MD5c238a5e536dec9d7dcbf4314268950b9
SHA18ce1faa0b43abfebe1e67b85f3c4d0a0a9114716
SHA2561e452f58b3a9e27c41b996c48ca5acf8c5e56613a2ed412d2f996ad5a6b5793b
SHA512f0a41c099edf9ce21de3e147a29d37572e14d1bb114e8fd7e9bf856c9d6b8eb5f1fa7c864961ad0197db462f100b016bf45c0440ad53802486c875e560095d99
-
Filesize
204KB
MD5698fc13e1c27f899620df04a512ba4de
SHA1daba69b6be6d229a9194ea0317601fc50df939fd
SHA2566543ea5a63c17df75f41e91619fb41843bda517c44b5af4a8deb1e2a4fdd7701
SHA512fb075dff8b4c274727da43b7b93892d176e4e6c4639da0cd71bc7ce8a9a32194a7f45c1b79ea1b50299d18c0637aa971a972eb7ee38c62907464b6aac39c0816
-
Filesize
204KB
MD5669258618386d0c543ef162e8ecd5a3f
SHA1e57938de3fb8b9492ba6ab62835509c8703f3325
SHA256acc1970af8781269e73c31c0acfb53a79369b6b43b3bacad38b53c1535068d4e
SHA5126c94ba2dcf75e2d66cfbb08d4ab29bc111101ce0781ce7e192e6090bebd46daad4843b46fc7681ba4d81e811ca30c1922c167193b37e1665e0e7fff05d240937
-
Filesize
204KB
MD5c0c9d93f91a022d23a0119d5bd149992
SHA1026b869b2c2ed3207eca4f1be094dc4d3427ec84
SHA2568ea7975dc22e5e07f76a64b3a228522845a0541322c3949a6ddd923424bad584
SHA51242762c5d85878e12f1b1668b06022e98b0716a942ef7fe097bf8e665f82fa92cd27f99244dde36752060b412e1561dff77ebb2cf3370ec99316391efce39941d
-
Filesize
204KB
MD578734aabfc0c71df7ed03288a276f52d
SHA1f322252044e6b6cd8afe2a6991666c8bff4511f4
SHA256da1c08348415a8bb6c8c778b355a0a40e4752047136b0b0bfbb21b3b69091df7
SHA51298bfe2b568180936de8ac2703489734b15e86cb3cef30e43fedccd6e4d7d4c8f597c2f500ae65c9a4d8db6cc6754ac2ce6e64a93fc3f1078d6a2f77739a10df9
-
Filesize
204KB
MD5dedcf5f8b8972022c44b53bcbc78a23f
SHA113255650500769d5517cd85da86ad4d43872993a
SHA2566d275b9168a94d7c9665f2879aae6f9e207aa909ac9548680e3c88bdf632a8be
SHA512ceadfddd1b074af306c326ad5c2ecd1a13bc6a85433b7e5ae20cff2881b01bfbee28f69e336ea101780fc7e3b20ede7e51556ab56afc352b9bee6a3a11c7892c