Analysis
-
max time kernel
149s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
27/04/2024, 18:14
General
-
Target
2024-04-27_857d91c625b67d4a6f3e670e8932b4a8_goldeneye.exe
-
Size
197KB
-
MD5
857d91c625b67d4a6f3e670e8932b4a8
-
SHA1
218ab8bee6ee1e4499aa701fc3a0b4c52e7096a2
-
SHA256
4c00122619923c9063862cdf89e238f9cfa8d931224fc687b0069a780a84ca40
-
SHA512
19c80f633fdbfd13c8e198e5c881b63c530c04cc7867f8ffbf31bb3bdbe67952603fa1c732c5624b3afe2f577bc8ea99117e751817b166a4361858a6c0dca61c
-
SSDEEP
3072:jEGh0ogl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG+lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-27_857d91c625b67d4a6f3e670e8932b4a8_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-27_857d91c625b67d4a6f3e670e8932b4a8_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{43CED3BC-73ED-4674-8DA2-2CED1AD5E0D3}.exeC:\Windows\{43CED3BC-73ED-4674-8DA2-2CED1AD5E0D3}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6939073D-6028-4e89-888C-0DC7C04B3713}.exeC:\Windows\{6939073D-6028-4e89-888C-0DC7C04B3713}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DF44E349-AEE4-4ad1-9733-D0EA23E375F6}.exeC:\Windows\{DF44E349-AEE4-4ad1-9733-D0EA23E375F6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4E168911-8FCC-4e73-8F78-3DF7982E1D28}.exeC:\Windows\{4E168911-8FCC-4e73-8F78-3DF7982E1D28}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7B11040F-1062-4601-81E7-452EF4925AD4}.exeC:\Windows\{7B11040F-1062-4601-81E7-452EF4925AD4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ADC53D83-DEEE-47b2-B03F-F76DB21B43C7}.exeC:\Windows\{ADC53D83-DEEE-47b2-B03F-F76DB21B43C7}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3B1A7896-2234-473a-AE30-DEF44C571863}.exeC:\Windows\{3B1A7896-2234-473a-AE30-DEF44C571863}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9CCD71E2-10C0-4331-B11C-4DFF3FB5E68F}.exeC:\Windows\{9CCD71E2-10C0-4331-B11C-4DFF3FB5E68F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{50FD04BD-639A-427a-A0DB-0D8EAA349ECC}.exeC:\Windows\{50FD04BD-639A-427a-A0DB-0D8EAA349ECC}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1FEAE160-AA13-4fb3-8590-5285177E4B28}.exeC:\Windows\{1FEAE160-AA13-4fb3-8590-5285177E4B28}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{029E9221-6479-4f4e-85B0-AC395C46C358}.exeC:\Windows\{029E9221-6479-4f4e-85B0-AC395C46C358}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{44FDEED2-4812-4f42-AC3A-7EE078210DDD}.exeC:\Windows\{44FDEED2-4812-4f42-AC3A-7EE078210DDD}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{029E9~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1FEAE~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50FD0~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9CCD7~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B1A7~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ADC53~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7B110~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4E168~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF44E~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{69390~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{43CED~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD59e35c346cd3d91eebb0ec2f83340a114
SHA110d4a5ab9e426ba9739e1e012d230f0d5b49af0f
SHA256b4d929d01468d953ba07133926831bdf888d97916ae72af8dddccea37f7014c6
SHA512418db411bd23ea0bd9ef747585c47630f412b3dbbd4d374beebb60cb7bfeb6d1b35c51ba6f7fad10c841dbf696fec19c8e90b058c6e1ff5f4cb724d3638288ce
-
Filesize
197KB
MD5a754bcf1c61036cbe54f2fbddb7b7854
SHA1f1dbfb9084a603610a2d4e10852cd5c39ff8c6f7
SHA256436f89606973eb63b8555ee5ce8a5b3b47248bc2dd8a9c1408df645bf8ac4ffa
SHA51267f78bdc98c37a711073e0bb9dbf277a4fb89b8249bf356f83a8a665a5d47c981eca5ffce49dc6937e4eb2b22e9d3582f575b950dca1ea169662b4a228a20a51
-
Filesize
197KB
MD5e45939b6560782a1ff1192b21f9e423d
SHA1ec3ffd5ce458bf4fb09751f4dd477432411314d0
SHA2560b168600018365a86f77d577fa689bae1d59eb49476b7fb37d1c00906e63bd5e
SHA5126b7fee4de19a103ff4ff69169b473abbc5cfaabd66500bf514a738bc922508c9b856aac0c70ded15a2cf38e7403aa46c1b16b0a3fa2b0e06154898d9b15b429e
-
Filesize
197KB
MD5927e9e399d1a846b73beab2027d1ffe5
SHA171edfeff1311b3ef6d3a0acf2c454e84c7fd4adc
SHA256c8279bc43024b2fb6d422f60b4dcba262187b6a05f940c6cc4d111d0e8a6c4cb
SHA512c2aa83b5b3b091d57816afea63134795f04aae8c87b8318049bc2b5001de5ee66713c3e943c9c1b21b7efcec2085117d74c7487a74efb00308af05ce9b1e3b54
-
Filesize
197KB
MD59bafb7358895f15ba704acd1b530c405
SHA142e7aed9f71fd0af56eb00b8e2ef7dc35829fb07
SHA25671f2fa2639e8bfbf163e97d14e6a721d580092a5335d1ea8344a518487850d1b
SHA51234acd3365bd7276710285794abaadeeb3542f5ae28fdf7dda113bca843cf5fbf3a15d46b5b01589e3b7978ff2d21aeb1794e1c44ded47c07dbf198e819ff6c85
-
Filesize
197KB
MD5328b96b2bfbe9d2b88f6ae833ffbe928
SHA1a0a2047439f43d43a89606aa35c2d3a9a1d212fb
SHA256ff49420ccd29376c12ff0f343916240a1cc1aab47393502e3d22015298cf7f93
SHA51202d4e52f0086ddec16dcf0ca7eb2de9fb5f27a01c4cb89e9290ea248f7606f7921054644cb96f59fb4123bb46bd1dd3bafe859071b73c0d337ebe99a2e61ef13
-
Filesize
197KB
MD5e8ab4e9819534ab454e1614afea1649c
SHA1fbffcb94213ef0f76239c75a5fbad5746b09878f
SHA2562bb4c7efd7602641c35ba3c01d7f5e81f8bf7627c34b4120d31e997c06b9976c
SHA512b5d765639afaaf27ff965a4be9c165c7a305f31875cde5954732ba63925a068f304ec27ddd28da16df0ff9dbdbc10b18423f6537783276ad6a4b19f5aafe4538
-
Filesize
197KB
MD59257fc036579ebd2e3e97477fbde087b
SHA1c750fad064744ddd10eb061886bf16989941a600
SHA25692404692f643eee11583ce4a958fa42b69b019bde1ce225ce406b606cde7aeba
SHA51234714f03e745f91e9a85905104353d57539086100b06dd216019d1e9ee4c27707867dd1b588d5879d853b0f1f40dabc6cbcb9558012c80c89e3383e89c2ac299
-
Filesize
197KB
MD5b1bc88b7a815211c86e05511e413d9c1
SHA12a8d54c71b5dd86be33a4daefd6bf9697f4b749c
SHA25602071b39c30f80e9af5e0c077bb84b37209be67f741a0a9ccdcac562c6f704f5
SHA512dcf1299dc75a7e4c473a8a555db4bd92baf610c4421df2dea7f269d4bdd9e75f1ae0ff967c27718f177a76ce753629f435040dbddf89cee2991a8b2f386aadf5
-
Filesize
197KB
MD55d3d38fa7f25af898972ae4f511c21fd
SHA14c90d09d9883e7ed4340329db523e4608a87a691
SHA2563c062e02ffb2a3b2209a87090cf75c7469220aaf6f1671a2d263846fd61fb0a5
SHA512a370b055d28cd0e18dc900f451e94971b51804b5d7bb2e18d57216e44c55101210b344352a4e866f6407666266336d18cc0a4d74ae0a7f7be8f3d0b5c8b51763
-
Filesize
197KB
MD5a7e22d1b4f24deb8462be0ca538d6660
SHA1415091e6283823384ff787829b2eca3fae788c1d
SHA2562c22d064db0acc9254d267288230cd280ff035cfaa16fec5e8ed57d7ada116ad
SHA512c7da8ed08d73166974e64c000551ece0a50eff239a95c5f0b3fa5100ea7e9823b64ad7a665042d5bc3c43cbc54b1929646d998cb6308aac9589ef427fe5b949b
-
Filesize
197KB
MD5c35d3d95d496a0505350415d7cfd0b9c
SHA1da0134b3dc31a221f118a91e663b1227693116e7
SHA256694308f0dd2a2af716edc71cadaa37f3e511ee864174accda4d0a87beade90ef
SHA512528b79c10da146460e1feb98b2325fec9fb8bc7a7e34edd0888e2604415ca06e38b92c02b7b048ac55304d7c7a931cce2a1d473dce4708db8456ba0889453cd8