Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
27-04-2024 18:51
General
-
Target
2024-04-27_f90187d179ab6bdc6cdac5c3cccd00b5_goldeneye.exe
-
Size
168KB
-
MD5
f90187d179ab6bdc6cdac5c3cccd00b5
-
SHA1
401988cd21b46edce1ee1f0be72f4e2247e01e21
-
SHA256
a3d24ace632bb6aa60fb381a15b33bc973c2b0045acb7b0b6ae8ccc0dfc35ce3
-
SHA512
e49bcc0102054645f0b39f29871e7751694955d3df7ecb19e84992493e259b9cb87527e3a9e2264dde1df87928c0291b3105755300f254934203c647757f5d3f
-
SSDEEP
1536:1EGh0oXlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oXlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-27_f90187d179ab6bdc6cdac5c3cccd00b5_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-27_f90187d179ab6bdc6cdac5c3cccd00b5_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E583660C-E557-40ab-A8DB-B55289E43E46}.exeC:\Windows\{E583660C-E557-40ab-A8DB-B55289E43E46}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{625CB511-C8FD-4451-9C7A-06AB42D730D8}.exeC:\Windows\{625CB511-C8FD-4451-9C7A-06AB42D730D8}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{840FEE47-2F09-4939-8CDE-754EE2FF7D18}.exeC:\Windows\{840FEE47-2F09-4939-8CDE-754EE2FF7D18}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E6C80EC-51AF-44db-900B-F9FA80629B62}.exeC:\Windows\{2E6C80EC-51AF-44db-900B-F9FA80629B62}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{51C57816-E38C-4980-A1F2-1E8BEFA9E8EF}.exeC:\Windows\{51C57816-E38C-4980-A1F2-1E8BEFA9E8EF}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F467F2B3-6EF3-47ac-8F18-4EEA3D7EE7AD}.exeC:\Windows\{F467F2B3-6EF3-47ac-8F18-4EEA3D7EE7AD}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DF91AB44-0882-4457-93E5-382D8A166F6D}.exeC:\Windows\{DF91AB44-0882-4457-93E5-382D8A166F6D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E9312FA9-56A0-41c1-BEF7-85F55968B1CB}.exeC:\Windows\{E9312FA9-56A0-41c1-BEF7-85F55968B1CB}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3FDE81D4-DCCF-4903-9B19-AA6B1DB42B24}.exeC:\Windows\{3FDE81D4-DCCF-4903-9B19-AA6B1DB42B24}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DF94C685-1DD0-49b9-BD2F-243440AD2A5C}.exeC:\Windows\{DF94C685-1DD0-49b9-BD2F-243440AD2A5C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7F1E2CA0-88D6-42f8-98F9-25EC7F21A9E0}.exeC:\Windows\{7F1E2CA0-88D6-42f8-98F9-25EC7F21A9E0}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{687A8289-A800-4c39-BE59-49E3F76FF448}.exeC:\Windows\{687A8289-A800-4c39-BE59-49E3F76FF448}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7F1E2~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF94C~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3FDE8~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E9312~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF91A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F467F~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{51C57~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E6C8~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{840FE~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{625CB~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5836~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5986d99c1c5b11777774557225e1cfb50
SHA1dab94d829f3dc3b06e496ffe1b93d29e5edcc275
SHA256fefadef99b0a4d07ad955b824fbaa310aa20f7740cc8fca27f3176ccae273ce1
SHA5127327124f9981ad07c1ec2a15eaf2f9c9927c9e8d98d3384b90be86692bb35b144df3cd002ebf6433dad2dda2ef419a628e6bc2a2d5628a417e4da04d159a25cb
-
Filesize
168KB
MD54e9082fc9791cfb5d33da19e50e29122
SHA10437a25ba172670274dd720e95091885285256d9
SHA256cf28bedbd8dd523c4c3d99de1e15f8e286cb56ab6576a98a72a65bb04282bae5
SHA5129f67a3703744f8d491a4e5949c3908a33219df52cefd7bff123ad41ba692843afa6d79fe75fb833eb3896b9334ed1fa2341ef53901350cb5eca14d0c15c2f2e7
-
Filesize
168KB
MD5467b68831a5d073421a4aa01326edba6
SHA1e041a6a5a54f31cf6a1f4a51df381d785a7c69fd
SHA256763298956d7d42fe61f969b18d68cb05a14e5c6e344cbdf583d2de1ce673d946
SHA5129c18bb3eb1d4573c300144812dd27dd23ac4ea4b2cf3ff6e4170bc6c6d08951645e6117fd9ad66d2345c7ef07eca0691c64f97846ea03f62b150c4720cdc938e
-
Filesize
168KB
MD5028b33bc5ecc96364c75438ebe737297
SHA181d38f1476b2368d7d576bf01dc22cc7cb6634a2
SHA2560f8bd56f7bf971323fba191e059b9d69e65eafd6f2fcd723f5d2758dcaf32100
SHA512f28f7f92227623daacd1a4699e24857a08fae9dae3cec603177cbb16a488393d0c2c4140e526bf3b16665ec5ab2a187141fd59b903b9af553a872ab1726e0eb8
-
Filesize
168KB
MD525182a3c78d22488c6c521ac19987346
SHA110ac8c60370b0b66213a827d69123a675947f7aa
SHA256280eb4cfdaf736ff56a6f982b59dc58777cdceaec03d9b1257b47c45381da4b7
SHA512c5ec23929782ace8f7a8e05080a39b4bb46d46c456b32489559d54d1fab3f97ea5a12ec854097c33830e0051e0b2c7fb20f9055b89b52ca757837b5c2cf51795
-
Filesize
168KB
MD5d4a1323bc46a5fbfb1c64cde30f0cfb1
SHA19f292b1dfa0e61595d505f50fa82b3b115a5774b
SHA256a63768c27a1e997e89db809f1b72bc60bb14cde73c094966ecbb73d030ab4f52
SHA5121a6e98e692921fa9e440db8f06db4514dbd3451498ac44f7bbde875f36752bfb9672765fc6cfade45b9e48902a54ff660bfb5ef9d67391987863d9c25623b5e4
-
Filesize
168KB
MD5288650061a01a5c2a305ddbc640ec093
SHA1ba092709cffc5cd4d3e8f452a0842ada715b26bc
SHA256182cb3132e52bb9b59552af3a3f1ebbe1f9d1f89be93632c2d3c66c00a44b85a
SHA512820dd3db2468a2811cf860ee7d532f0551eaf20fe710d7cb55f3739335a44612a51ef2a352eddffc1871a7115d1f886e3e7d1b57b35e48a76e13056a58447534
-
Filesize
168KB
MD5457b6bca472cc5d7093847737a8e7b0b
SHA1aafaf0870160c01ad2ad751f013b9a48a73df259
SHA2569dfd73ff1b26a9d193751ea7c7e7fa4d5b865332a5fa5988130572331690d7c5
SHA51266ae14010be2c13ce1a8010ed3dd64a6856198435de035a5926a6677bd3e9a66dd4872fc011abaf470b0b39a7454849ca63e2cc119783f6cfbd828d13c68af87
-
Filesize
168KB
MD5f4befe909fa4af7fd286b31ef5d0e644
SHA1b1eba7ce431fb0ba60a9c5c95fe0a42f0678f856
SHA256275b9804f5c4779e49b56bc7a31b8cf2b24e646e03fdd2d82298d5f2e01e5418
SHA5120da0bd830ae5281cf9b7f8425d42ad2597ffd306b286ed20e3da21f36b72886ed777ff444228223adae16be3bc2aab035e31cb152d1f2fefbb017779a3596252
-
Filesize
168KB
MD54089de314b34228ba45db0c5c0deee6e
SHA1043628587c32927d0c2270166579b4d44178bc87
SHA256a3c2f1c03740b7c61d7dd2fb28ef461876c7fe5d12a17d247a9d1f9b773e47b2
SHA51204f61f2acebab87057220e5391fc28372e817dc62c757231c43c156e163e2fd091c9a4fc3cd366e96cb6682c3a6235456620c91d0978c8cec439b68f403cee72
-
Filesize
168KB
MD5175fa74741a1b9d8dd6502f62a82d62f
SHA1f3ba513c5d899ab71c844b97040f7f8908ae9326
SHA2561d324198b0cd09fcb7f437bd6eb7e6963d6f46da142ce980a4b14e3ff1178db0
SHA512dff19167acd1dd01753dc36967dc60d50c9120abaedffa8e380300a72ce9e1f80d60f5846cc12e95b65f3d9322911840f10e419e3e00a437a641b03ff5a49f72
-
Filesize
168KB
MD51f24283da18d683fb6bf6eefad446e00
SHA1be55c25f755321524d19b028e068f9ff390563ac
SHA25643e913221ef078aba2c01b450f5e89cc466eb4f8d835d1c929fb25281218e184
SHA512a2811a70ef3506f2eebc9a13a469d1678150d3c8ac8af1f5ba0bce9015a6c8549980eaff4e950d0545af93204a9276d8444130543794a8b7662a9a975b5a32e9