Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
28/04/2024, 05:02
General
-
Target
2024-04-28_bc3c4626fa812ef45e3e5e791c555dfe_goldeneye.exe
-
Size
204KB
-
MD5
bc3c4626fa812ef45e3e5e791c555dfe
-
SHA1
809e269db5e0fb317b36c8a65773a7da70e54168
-
SHA256
dc5f1066e1dce32eac36ca8ee45db3f9651438ea4ef8dfbff5edf1e178302d35
-
SHA512
c9edb15e8ce69bad467568e95a3dfd9469a1120eea2e7a206d9cdf33552ba3fc5628d6e16b241b0618ea8e941ca7a7d6c8e2d6a9fc4d3a9b4d023e86170eef04
-
SSDEEP
1536:1EGh0oGl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oGl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-28_bc3c4626fa812ef45e3e5e791c555dfe_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-28_bc3c4626fa812ef45e3e5e791c555dfe_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9ABEAE29-E299-43de-9E0A-712C38AD3BD0}.exeC:\Windows\{9ABEAE29-E299-43de-9E0A-712C38AD3BD0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8D884331-39FC-44b2-B560-2B19A8522069}.exeC:\Windows\{8D884331-39FC-44b2-B560-2B19A8522069}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A1EF7D7E-7C99-4d94-B0F4-C307EB8CC4FA}.exeC:\Windows\{A1EF7D7E-7C99-4d94-B0F4-C307EB8CC4FA}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CD8FFC46-3616-425b-99A8-EE7866B57FF8}.exeC:\Windows\{CD8FFC46-3616-425b-99A8-EE7866B57FF8}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{00B5F453-3F38-4aac-ACEE-02F494FBF43E}.exeC:\Windows\{00B5F453-3F38-4aac-ACEE-02F494FBF43E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{038239E5-38D0-4805-84A5-6B165152675E}.exeC:\Windows\{038239E5-38D0-4805-84A5-6B165152675E}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{71E8AA2E-EF1E-4183-A9B6-32AF0ED2C8B5}.exeC:\Windows\{71E8AA2E-EF1E-4183-A9B6-32AF0ED2C8B5}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{33704AB7-48ED-4514-9158-D9C79E263FD7}.exeC:\Windows\{33704AB7-48ED-4514-9158-D9C79E263FD7}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{18A5F8EF-210E-4857-8E27-3EC772D9D38A}.exeC:\Windows\{18A5F8EF-210E-4857-8E27-3EC772D9D38A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B9C33A0E-3438-4b4f-BF07-AB9842E70F41}.exeC:\Windows\{B9C33A0E-3438-4b4f-BF07-AB9842E70F41}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{230CA7B3-0E1B-4ef3-9124-CB4A60D5A7BE}.exeC:\Windows\{230CA7B3-0E1B-4ef3-9124-CB4A60D5A7BE}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{99DED99C-16B6-422c-B71F-B007BAC3DE44}.exeC:\Windows\{99DED99C-16B6-422c-B71F-B007BAC3DE44}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{230CA~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B9C33~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18A5F~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33704~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71E8A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{03823~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00B5F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CD8FF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A1EF7~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D884~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9ABEA~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD566ff0c2abcb17cad8ad2dbc09cf9f818
SHA181fbd1a4f64358a4cecaef4a7ed0820efd962e96
SHA256ab533c9ff74ca8650dc54aaf68edcdd58925b98629551b80e9fd97e09e203350
SHA512c6929e3b68c9664abbb0daa8a60823a1a32b86ee6f42a50e4aaa4c225dd061ce193bfb78208e3f2a33b1440eda4b9f9840de2c5007140933824878aee48f06d6
-
Filesize
204KB
MD535bb92f163aa69963b58cb77986b01e4
SHA1cc2fac548fabaf53e2df8f3cafd9f5a1198b3270
SHA2562010b64a6942b3167b912e3e588118ab970697b96b726d425e1e04a0ce982a98
SHA5125bc555dedf96dc1a1d3eedeb91d1d7b66d3669db6d5243a9b76d663b277ba80defb4a5693949536bf54b81f70943fa28ff99cc30780ca06b836c5dd3087e1d41
-
Filesize
204KB
MD5a4fe1c6c8deed94565fccbe09784efd5
SHA113bd813734608d4ed09fecea2a27b5375b736035
SHA2568ca5dba9e2360999f83a720f71c622a66b59e86b2fb65fe2061689eec6559ad7
SHA5128b390d39103ed314b8ed6745a2965467a2a219676a40e6e00fa8cce680d7e4ac43d395fa1ef7a4bfc7037efb6321bbfc366612ab39a077295283adbe1f1a36b6
-
Filesize
204KB
MD5367fafdc372f191b7e83d8a77bb41fb0
SHA151b9a708ddf3caa8b7dfefc8133927d533e63802
SHA2565046f654f513143b64c9476cfbe712f4c4d38883198b203a09ccd96f4bb845e8
SHA512d89cacc6196316e1eac761189ffec2146d0c891f1e191e130f94719fc9b25b1fe78cecedcdcd5fccdf7a15d3935ff639af1e45b6a0d3652f9ec8340c029e58fb
-
Filesize
204KB
MD5acc9b405e84c5ea8e0dcc54690b2d725
SHA19932361b4273e085f927130b3092d461cf78143f
SHA256932c874c8378388276792b6f6b998164ef7d4fe214ab28068740c5d7d2cd67b6
SHA51202b3514894f4bda0cb819a6f0f17153b45f281f07219eb7b9039a173d6083f438203ecae704deb8dfcb1e90d5462fe1da2989c73f02fe5ed9bb4b13476703e7f
-
Filesize
204KB
MD5627a842bd2438ea66ed03124413db2a6
SHA1d1f14f6d796595d2c7d3fefd97a60cafa7bd253e
SHA25642744a5506c39b3a96bd63fd747d459f775de13fc96a2b5d805c153528057e4f
SHA51255b80b02ff0b6046015c8817fe33f8bf9631f80cf5e0182daea9da782cd77d6d9cc702a4035b9c6678d68d4e1cef94d2389973966ef3c692adae9e58be5d7822
-
Filesize
204KB
MD5411b438df42b42f3d84fd35db1a45778
SHA1cd314659132547157cd26bb2bd1059f9c9a9ea15
SHA256272c3765c6ed89ba5d772acd8fdbc8e0bc67d973330384581adc1a81fa614dc6
SHA512606f245eccf78febce631a930960c9a7e2376315bc77918ff8950e5d96b195914ba2f3ab53fc03700c568cf4c468949800e3b981f0791ac87d56ad9f3fcd4a3e
-
Filesize
204KB
MD566fbb4cfb854c4a1c5be2e87b7203051
SHA1c757995d6812540ca346bfeaa41042dcf1da558b
SHA256aa068f4eb0d0aace701347ac5d56934e768ee4ef299e0d183adcca64f96f348b
SHA512bc8b96d87b0aabb8e83f89761c1675a6a4c5b45e418a82e34f0729c3e01e86826a55368524e8a89bd883420930d59c9b2ea3530575ce409f8f11d730d115cd92
-
Filesize
204KB
MD5c379339bb330498fdf1f25e2eea35d78
SHA1c4a7d38487b2fa3571a8a1b3beed583cf67ca285
SHA2564603c8e94c1371a611eb6be69499f7cceb0b9ee6d9037919b9c736a07ddd5eaf
SHA5129387363d509c268fea6a9eb2f40abb02095d5722ef8c6d85f70e02413bacc8517b7ae91f0db8d331cd2a6b51c1d6ff67c0b2b15f28e885d4b67b487277d68b1d
-
Filesize
204KB
MD52a2ea6b858b205e0e298c1799547ddbf
SHA1bbace7ae86d378684a7a4ee236a938ced6b671c3
SHA25630adfdb63ba989ac63dce3d65c8dc07f0b2034c3510f31534faab04fde540927
SHA512f7edb26b3a2c30f018560a5eb26047327cc2ccff76f1d4a1bf120ec495c181ed6f783eb87ed1c3c953c507bccb59ead56983912b80d446f25cdb8fb9d8096adc
-
Filesize
204KB
MD5f7c57fb875c7fe6ed8990f82b41bec16
SHA1cc6b6d2227568265e20c482fdd8c1e4ddd1ba109
SHA25611ccbec36424ff34eb71f1fc317c3334459092b5364f14051d1a5034c97a4fa7
SHA5126571dbb60d2887be9391ec0067662d1e40678c99dddd5cfb2849072de116fa72e6b6b82a62192adc7400b383b52a0e7be49b5073eb8f9aa03e3b881b038e973e
-
Filesize
204KB
MD5c5f03f1bd4cde047ae401511326ac2ed
SHA1266def164c4938b1276a792349de26d149d6a3bb
SHA256713b70f48393be02e168ca9d6f04c072c7c261fb5b1d5f4f07efe868944a8c43
SHA5125950f67fba84ff49c78539721012d47f031b708e4bbf8ad17559ed161a30575b3b3db954bc733b8e6b993b6322e64eef4e3151f2e010d66f08eeaf454e345b14