Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/04/2024, 20:04
General
-
Target
2024-04-26_9f13e057abeea18150362726c2f01e98_goldeneye.exe
-
Size
408KB
-
MD5
9f13e057abeea18150362726c2f01e98
-
SHA1
b1202caa194d5b1a59452e51d9021c620a79f45a
-
SHA256
78d320e633b10211de023005590ca1979a1df04433a974d2c97ed68075d46d38
-
SHA512
f2239f07c8c511a44bbb9469d72f50e334cfcac1754c4480b10cc56fa7634dded4f62dae14d3b3e4000ae8ca6b69f2f3651e419c937b1b72e4489632c86e95c0
-
SSDEEP
3072:CEGh0ovl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGBldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-26_9f13e057abeea18150362726c2f01e98_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-26_9f13e057abeea18150362726c2f01e98_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A948C7C1-0456-420f-9835-A567553D281E}.exeC:\Windows\{A948C7C1-0456-420f-9835-A567553D281E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{096EFFA6-F6D5-4ccd-9744-B8295A08019E}.exeC:\Windows\{096EFFA6-F6D5-4ccd-9744-B8295A08019E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{86EE3C71-FE64-40dc-96E1-14C160C9094B}.exeC:\Windows\{86EE3C71-FE64-40dc-96E1-14C160C9094B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B3DC9073-D1A8-4670-A4C6-D6E63525EC42}.exeC:\Windows\{B3DC9073-D1A8-4670-A4C6-D6E63525EC42}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C27E9E05-6695-4e07-B936-24ACD2E51707}.exeC:\Windows\{C27E9E05-6695-4e07-B936-24ACD2E51707}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6F61F833-C3BB-40ae-A35C-0BCF5DF35896}.exeC:\Windows\{6F61F833-C3BB-40ae-A35C-0BCF5DF35896}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9E2B0F0A-D315-4fe1-93BB-CEF70F828324}.exeC:\Windows\{9E2B0F0A-D315-4fe1-93BB-CEF70F828324}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6A3F4E34-CF1B-481d-99FA-537EC0AC360A}.exeC:\Windows\{6A3F4E34-CF1B-481d-99FA-537EC0AC360A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F5AC59C2-195B-4565-857B-EFF61498DA8D}.exeC:\Windows\{F5AC59C2-195B-4565-857B-EFF61498DA8D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3448E3EC-AA7B-4085-855C-1DBB2E3EA641}.exeC:\Windows\{3448E3EC-AA7B-4085-855C-1DBB2E3EA641}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2B5A0D6E-B691-4fd2-A077-9900BF242971}.exeC:\Windows\{2B5A0D6E-B691-4fd2-A077-9900BF242971}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FA6C8600-8DD4-40cb-834F-7C7A211E3C5A}.exeC:\Windows\{FA6C8600-8DD4-40cb-834F-7C7A211E3C5A}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2B5A0~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3448E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F5AC5~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6A3F4~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9E2B0~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F61F~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C27E9~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3DC9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{86EE3~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{096EF~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A948C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD532dd596d482ec26d23ed29a2036615de
SHA1e2cb98b1bebff3b403de6aabf11f94da66b3a6a7
SHA256ffeada717593fa90ec1f53352216287b6368f8b14fd5bce0f24fbbec2854bf6d
SHA51252716bddeb25bf657bd29f142f43500d238778b5553bd923423733c2f242977e13e9bebf05638d58824f5412fc27ce97991d1c6eea40cf6f7cb116d31af3224c
-
Filesize
408KB
MD5bb5e4a595d190da5be33b444840ed81f
SHA15b373a443571627ff9fe349fd81ebcb430aae1df
SHA25659217bdb54f267154abddf642fdb184c1b55d546da5445341333c3a482334917
SHA512d058be38f33fdcebcf87907eda4ba2e050523d46298c5a97433f8d685fd8999666c7f9a10db2ca110ab2abd3fabbae0db9613cf4b535b0cb6ab47be9157a5182
-
Filesize
408KB
MD53f35e2188f74dee4098def75cd7af4f4
SHA102a5fbd4245d73a4fd41016b624cbe64ca0c1ba8
SHA2563e755bb49e3052067c2f8207e43a3c2138b7035c73e1bdbdfbf2b62741ab4bdd
SHA512116eaf0f4817d1109fd1f27191f6cfb105a8dff13dc51be9f9128bd8c1c1a52d11ee6091a92dd413977c3960c30a0e367d2c8ba10b679b3772d82981684efddb
-
Filesize
408KB
MD589d47a0168738a018063b285ae4c16a5
SHA1be4b2f544919539bb31f1d81b1a2e289d2aaa38e
SHA25617f1975820766d24bcb38b68a24d2c15c12eb924ef182b52b845d29358146c7e
SHA51222666dd769e424dc30b7182ac2566cda2efb24443d7ee9711c6400d40fc704ceda461b0d2054620c496e44bcddb4db75198d99789c4cbfaf5d944bbb821167d7
-
Filesize
408KB
MD51cc5f0e1ed27962dcb5d334aaa14fee0
SHA16f5479086762db1b3ec1126f3c17bed5b8fbba4f
SHA256c865b864d0d665a7c31a24cf3e35fb6b8ead11a4e0901a71f31bf4c1e8eb1174
SHA512893b2d47c0ea26238203a5d43a7cbb9312e6a33ff5838a0d0797ebeb4c69da56fb61c3407270467159ed45346026af727c0c6d7233e1072a021770fda95ebeee
-
Filesize
408KB
MD55ad4495413a092bebbcc6fb2b00a3762
SHA1e9481240f7de9771958fd16bf6350fe5e5725eb1
SHA256b4a39b843f8b300bac647faa8366bc937ffc705a6fe204378417897058690c1a
SHA512c4c5c7ad955cd3146dd4873be67ab7da7d60e7ed7aa4066d6cf43ab50d7946d413b8df719abe6384aea4ce352906aed08dfb1940a4ff130daca8b78a57ab789f
-
Filesize
408KB
MD56a571cc5997fd47096589cd2aa4a3cf0
SHA1bb02ccc425509329d010af6198191c5042db6698
SHA2560da8c1f6293e8033752b51e06d123ee63065d5634f066f06f6f09e8f0bb2bb76
SHA512cc63a43cdd8ff4a42fa0c2a8b9f9b1a314b6459249d4f97cec308cdd6c59b355faf4cc3d142e9011dfd00a848060923a188ff5533b7b8724a20b4d38e7757856
-
Filesize
408KB
MD55fcdb54cba70d2120c234fe35f70a4b8
SHA19d2b94c5b8c613fcbe7b2d321d1c052a1da30606
SHA25678b8b50683051296bd1ac08a3c689682284b0be88bcb66b5c393d78649f0a369
SHA512d9a30744dc8d8938e94eb7b6c46b194bdfb588131d4193a4fd138bf57368d101d3b7ccf1ba25d114116e0e26e0af1732db8f617e376b3cb61d97305a06068fce
-
Filesize
408KB
MD52b7a5c3eee586f7615587759a68ad6a6
SHA16c659037cbd48c8bfcaa6b896d5b87e78fa83714
SHA2563dd0a927861146ac3f53ea514245f335b358951172a871326864d899338eb2b3
SHA51283b12f8baaf0586587d3139cc5d2dbab6421ff3606f277176ad54be848574e3360708b167489f6cbd16f7b3dae749e8c2cee67ac8fda5ec4c11545d8ef7fe1c9
-
Filesize
408KB
MD510c4bca65f3ffcf15fb1272864a35292
SHA116d3983db4bd77b8f3805da9ce303f359a6b9dbc
SHA256ddd94b449010d0c9bf873fd1e24b559289fca50edaeef611b64ed46af263b570
SHA512a4bd5a36ebb022dbe1f840cf2f98ede76971d8172bc64f1f48a0de6cedf7c01831d16777ebe04f89493766882dd0b14f75098a59c4a02ac8fe9d4759927d2a13
-
Filesize
408KB
MD5f2c5d0bf02945535f3f30fa5a40e43c2
SHA1d253c1ad61a8904bc6c3370f1e07336300cf1b4b
SHA2561e7e6112f61f3311c42473f79b6e39f05743a3b130c4d8f2ddc5fe46494510e2
SHA512be454960a9c7d89ad87da3c348463e1dab9d14585c570b477abc615b92da58ecf2e28538afb654d892e5cc5eef722b53002b730d6033fad21879c95b3719afcf
-
Filesize
408KB
MD5d8442af12945f3479920d541408c05f3
SHA13901ec0375ad9814aa533eefee649c0f910d3a32
SHA2567be1955d7babeafacf9219490bd9957ebcc8da2a1cf92bec67aa7c38f2dd819e
SHA512b006adec34cb7bb664c340dbcb577f1796ab661cb8c87065d41f75a70fb436cb30b977339766407035b3981e10d4f4295e4afa21f8044d22972e9da21411f80c