Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
25/04/2024, 19:41
General
-
Target
2024-04-25_e7f1c3896573ef34cb8235b21598ade3_goldeneye.exe
-
Size
372KB
-
MD5
e7f1c3896573ef34cb8235b21598ade3
-
SHA1
e244c0c421a946734209cbd6d1de048234ed482c
-
SHA256
a5c12aa57d0a54471df45aa9c3c039d0a8d12bac883a6707e0dd00de35c6f153
-
SHA512
755733376d21f3477935a15a76edea258301e4b42794b4549ba0282dfda2ed7c7e64c19f55fe5d06953ea59d7b789bb13d4ed6dbc0acb07dda048e018d59e4ce
-
SSDEEP
3072:CEGh0oElMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGSlkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_e7f1c3896573ef34cb8235b21598ade3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-25_e7f1c3896573ef34cb8235b21598ade3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E6256916-B069-4bcb-9CE5-7F5B7BC62D01}.exeC:\Windows\{E6256916-B069-4bcb-9CE5-7F5B7BC62D01}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A393395E-28D5-43fb-8EBC-F2A53725E2D9}.exeC:\Windows\{A393395E-28D5-43fb-8EBC-F2A53725E2D9}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6AA61394-0718-47fe-9207-274448E10D6D}.exeC:\Windows\{6AA61394-0718-47fe-9207-274448E10D6D}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA006A96-D40D-482e-8638-E4DB0906D2DA}.exeC:\Windows\{CA006A96-D40D-482e-8638-E4DB0906D2DA}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AD4544EC-81DA-4522-B384-52F13DFBC6D7}.exeC:\Windows\{AD4544EC-81DA-4522-B384-52F13DFBC6D7}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0EDE82AF-A64C-4490-8F58-381E243B0DB4}.exeC:\Windows\{0EDE82AF-A64C-4490-8F58-381E243B0DB4}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A6A6B0C-0AF2-4726-94ED-9B6C60A58C58}.exeC:\Windows\{2A6A6B0C-0AF2-4726-94ED-9B6C60A58C58}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{323CD168-C967-4769-8D46-00CFFA464962}.exeC:\Windows\{323CD168-C967-4769-8D46-00CFFA464962}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9A4A2B8F-F1B2-4e3e-998E-D64A710EDF2D}.exeC:\Windows\{9A4A2B8F-F1B2-4e3e-998E-D64A710EDF2D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E45ECB32-E87E-4377-81F8-70201D54B405}.exeC:\Windows\{E45ECB32-E87E-4377-81F8-70201D54B405}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA54C8CD-C277-430a-B8A6-B8BFE6F65058}.exeC:\Windows\{FA54C8CD-C277-430a-B8A6-B8BFE6F65058}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DCA0E4E2-16F3-40f7-BDA0-1BDEE62DA470}.exeC:\Windows\{DCA0E4E2-16F3-40f7-BDA0-1BDEE62DA470}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA54C~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E45EC~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A4A2~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{323CD~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A6A6~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0EDE8~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AD454~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA006~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6AA61~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3933~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6256~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5b72a76c3168180b8826a63e330caf9cb
SHA167651fe98c4a86c763a6db625df4ef098a32488f
SHA25635cd99a6e369bb0c87c6f18a9740054853190aff2b68ea648e40f4a81fbdfcfc
SHA51298b89fd47995e56710c8c534f3c5161dec2d438d831a9ad0658f4ea308687fdd531f63c87b264544df844bf7dabc8a0bbd654a7019df765f028ab6ada781bcf3
-
Filesize
372KB
MD557679ccece2162ac47b2626d51d5f2c7
SHA16d4ef5738f7ba8259cc99c4a5f897508cc7dfbab
SHA256f2f632c11a3016184588c22604c50a73424b5eaffa5aab4c59deebbe02db7bcd
SHA512ae3e31f055cbbbea3a4aa74f77fc1f3801eafef5e4eae35a8b8b7518cb14fbc2e90db1a285f9b602debd2b98640107b30e7b72d9091b5637df6fa92e655954ce
-
Filesize
372KB
MD58bc41ed07a2bc511a46afafbc5b18b4d
SHA10d5ee475b570d7dec20edf63cb926712601c78bb
SHA2563a79ece5b23646793c85f30400de3ee1510d9036ee8e0ab389f2619b9dc34ad2
SHA512fc6f6f7a10cdb9fa7e6f1f0d050049e682587fbae19fb18f645a8f0e5b01134b4be7097b12ed3687f31a1fe70192bd69d65d748206f0e6c0e516c163f3cbf44a
-
Filesize
372KB
MD54012e0c895224f65a601c0b831950695
SHA1293df117c1e974d6799fa7571c9a96ccb6d0a602
SHA25669585496a9243beb97a1fc4da633d262672ea4705a3d80aac4cd01c8414a2970
SHA5122562a83a1317210b01589360aca81b63443ce4bf907ac8331f7e467e1c76c2877e02b4dce6f860029b4e0e1be61b0b0e05ab467bba9a818af4621022c0382a15
-
Filesize
372KB
MD56089032b0e8279db8a7a3fbf2be9665f
SHA1f2960058216016d20131abdd83b88cf293ddc944
SHA2560519eb7ff4bbeac42aaabfae2eefaa9fc1a06485fe23fe56121ef063d47bbbf0
SHA5126cb0fcece4fc38bbd83f51702f78afbe8a6f1d960e9411713e5ea041b3a5cd998fba2bece8ae20ee9f62ca47fafc11539456daa464950642509b75c059f97df5
-
Filesize
372KB
MD5d2bbeea92e5bbbf4044e1c347a791442
SHA118a3e241c864e4b439e7398cc804cf5b959482f8
SHA25672dc93c16a4baed1f50a5400ef8b83e2aa4f7e60f2298895bcfd67ddee14b781
SHA512a0c7208b285ffdc520f2d905982994a5fec9b2fccf5f1a75cde26aa43ca7beeac9b11464d8505ef5d69f1f23736753fa874e86ffd8c74cef6537f09c2d51a612
-
Filesize
372KB
MD5b31c1b84e7af713ba98831ee3e5b96cb
SHA15b1c085b212d4555f6bb39c2a5f334d9f2f8b8f2
SHA256034f2148a1b3bcdf41004cf022af0606ea047711c90e7b8d239c4ca0dca82628
SHA512ee93bee1a08e72a3ae435fda01c9c684216235ac1d572e63fdf290e94a52712b26d6e9a03dfc990becc2c696c4d1b10ec9dabc8123d6452fd926e23a5cd0c700
-
Filesize
372KB
MD5ace5fafcf3bee977f41bc7412f6a85a4
SHA118b4871f7d22d2a9e89dd9fcb8590ea634ba47aa
SHA256c10d7e4ed161a196af838f24702828f2208308213cd862c7166124fce5b3c386
SHA5126d6721c2276c25028baa2194399dc593c1d3f481924901c800140a33ed7baf4817e32d736a159dec158f3ed9cd263760491df06ef42e9997070d955f59ea223b
-
Filesize
372KB
MD5646d4240d9a54a13f2cd450873504669
SHA145d1187f2e74dafe2d0b59e943a5f9f5a20108d8
SHA2566410ba898a9495c729cae727daae8eb40082b207e41ca4d049a2bbf8f8165541
SHA512502c7ad2d714f05b07ca9607ca5837b2bca3b5237237fef7aa0cba9c3de728a9866f390231e3862c72da94b839faedc46e329af89ba30bb197bf4a95717b5f56
-
Filesize
372KB
MD5597ba6706aa5c0a5e570c34200137028
SHA133f0f3e36c8aedfedb8873d36fc607c3e65a363c
SHA256cf51752f7702ab3cbc8fa7d09eaf47b167559e05040022aea45bbe7ce2c2ea97
SHA51229479ce34f14ec645cdce553a2c929fdaad463bfbc62a8cd99b35119d84ad115d47edb9cf2ce967d2d60bb8b5d06b9262522c7c0ba5805391310a85356787771
-
Filesize
372KB
MD5cc73028fec803dffa13a41b7b883d0d0
SHA1ad105458065863725e71369bd387b2138ebf1d6d
SHA256b99d8dca23fc99a600a10443591e326e19e3db7714eb12f596453f9381f63ee4
SHA5125cc5c262c283ec21c37540bfc92dd5851c0ba627647d155f3503a38411ad7f1a8b882b14a4d02dbe41f7319f2d6c25682f7b8b7dd057cdcdf8bc277e42770f74
-
Filesize
372KB
MD56a319addc66c0839fdffed9b5d5cabac
SHA17e89207d17455f144780da915d86bb0b9b3b7ec9
SHA25667316b1a124a037419838341ac8a4b9f354f3ee304fec352366f9af79515d76e
SHA5125b785ad8dd694dd263cccb76e3e27ec9601104ff314351e05b37d651f7fb5596646664d4bc3c5f62f470a6d8276868060ccebea9c17f38d0a829ca43310dba90