Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
02/05/2024, 05:24
General
-
Target
2024-05-02_0a0efc974b1ac4880f1a20096083d274_goldeneye.exe
-
Size
344KB
-
MD5
0a0efc974b1ac4880f1a20096083d274
-
SHA1
9cee64ef5cf546c9a271194d1fc054fdbc15d294
-
SHA256
dd46791d814092e05c038466f15fe0f1e42d3d3ac970b9303818c285d7540b98
-
SHA512
cd8fe0de04c06add65e9e027816681d5a3979938550a0e5359e438d0be6d14b27061e1b337fd3972dcb5f205097a5c98def734b4fe3b99aebf3fa0d3b799d9ef
-
SSDEEP
3072:mEGh0oolEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGmlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-02_0a0efc974b1ac4880f1a20096083d274_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-02_0a0efc974b1ac4880f1a20096083d274_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA34CB45-82B1-4437-8B65-C075A37AE48F}.exeC:\Windows\{FA34CB45-82B1-4437-8B65-C075A37AE48F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{51F1D3D2-26CC-484f-9213-E0B72583A93A}.exeC:\Windows\{51F1D3D2-26CC-484f-9213-E0B72583A93A}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2CAF2583-097E-490a-B859-364B849CBDAA}.exeC:\Windows\{2CAF2583-097E-490a-B859-364B849CBDAA}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{50474564-6CD1-46a6-B3F2-D4D937FADD9E}.exeC:\Windows\{50474564-6CD1-46a6-B3F2-D4D937FADD9E}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9686D3A1-48E9-4c6f-A8EC-27E5C83D8477}.exeC:\Windows\{9686D3A1-48E9-4c6f-A8EC-27E5C83D8477}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0C1BE75A-944E-496b-B00D-FA2CA72B4105}.exeC:\Windows\{0C1BE75A-944E-496b-B00D-FA2CA72B4105}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AF896E15-9AB0-45ba-80D6-97E9844D8DC9}.exeC:\Windows\{AF896E15-9AB0-45ba-80D6-97E9844D8DC9}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA6083AB-2D9E-40f3-B2B6-371E5973FF23}.exeC:\Windows\{AA6083AB-2D9E-40f3-B2B6-371E5973FF23}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{08BE9600-653F-48ce-9B8E-AF62011DFF64}.exeC:\Windows\{08BE9600-653F-48ce-9B8E-AF62011DFF64}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C162FEF-C04A-401c-B4E3-424168F11D81}.exeC:\Windows\{2C162FEF-C04A-401c-B4E3-424168F11D81}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5D298372-03C2-4895-A6AD-5E97518D08A4}.exeC:\Windows\{5D298372-03C2-4895-A6AD-5E97518D08A4}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{51107584-3D02-42bb-86E4-1C427A060CA5}.exeC:\Windows\{51107584-3D02-42bb-86E4-1C427A060CA5}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5D298~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C162~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{08BE9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA608~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AF896~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0C1BE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9686D~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50474~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2CAF2~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{51F1D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA34C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4112 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD52b39a417b7e2cf839f5528b067f172e1
SHA11ed09c212d0b02b6b8f780869c3b63b39f468943
SHA256b5445c4e7f14db9f23040fbc04658ef09a8c742cf024d5e1c9e445edb6b99f56
SHA5121b43b505475984a33b61c188b0f0e701ae514af2f061946642b53279673a380f56bc496be6f46f2ba4ec18bb6e48f8f8557543b31e066652aa583d90c2da4763
-
Filesize
344KB
MD5addcd635bc484221bdcc4a4a0d404881
SHA150df03d63ef22b02682519fd51f2ce28fbaf940d
SHA256dde26d116c934f70034745e289bde77f7d7ab6de478aad54116ccae93608be1d
SHA512d4c0c7a4b0fdf120b831931a13a2b59a96b933d2f83147859f3663f91d2220cc1acb82d4c0b5bba545c8df229311b4f780d8b0f2f4e14bec53691eba109f515f
-
Filesize
344KB
MD5b3bbd250efcf76af90a95e99cd5fe2a0
SHA1bb9dbfb46f3c6f371aabd67e7cf2fe3f57e36fce
SHA25659d81acddef70c10d1b0e0ac04f2001e2a83598fb1ccb3e0f662520734e7d2f7
SHA512792d14b905ea0162fa2bd979319726efc0429f7c3f40aaaa1620b20c50a781fc1380a0f5c4738e3c493fd174c7a85bb4ef5b38f9dbc6566a183cea9a5bb98dff
-
Filesize
344KB
MD5f71e5ea4befee56a4f2346b84bd6f2e7
SHA17fc8ceed370e0f51720915988494b164569f41b4
SHA256763ce1ba88f9ca820c8bbabc51984b2319d21f25f8dced201d4a3ad66fa3bea3
SHA512752ac76ff387697d0e0df146c04712473aa82f9899e17adebc8057f06852c54389df133d162124021802f4cf46b1ad38c113b8b8d009030d183ba1b56e1a4c71
-
Filesize
344KB
MD5d9c74b314d8c72c76ff25c37db7ac4f4
SHA19d35807bdf4b9be664eed9bbe353a94423459120
SHA2567a9d93824f6714a1c0eb843807502150161926dd7499233b6d70c2757efa43b6
SHA5125548c045444fff986351a1be7fcb6f98c2ab10d1e61d5c621cfdff531986c6647d0aefca57e6c980d673f00e00bdaecd4e874d7e57804799a94304d0077072d4
-
Filesize
344KB
MD5d0d7ef65d9f54fcf863daa5522620f4e
SHA18ac662158d7515909046281adb5f48f83a9119e0
SHA25628a9f0886e9ed6be850a3ca4dd6cc9f485b68ecf235fac96fa52aa9773631cc2
SHA512394bbc8a87476de71d5f31b708e9cf205e1227d6bb91b4a801dd20b2781c4cc17b7aeeaaaed092125d2945a7cd309d26c7c26e5619dfd0ea245ce391455b1c42
-
Filesize
344KB
MD5828a2456b383cce1bb0adf26adba7f01
SHA1c493aa82e51ec72925c0cd0e1f091e240a523efc
SHA2562980d8450ff3efe1f4eb7d3bf6dc308bf2275fb93387c103fd4c6a36fe1bfd44
SHA51278ac125fa16eda78f3721d92434cd4ce4ad5f48f0b06fa8ca9d0191ee3f1aed5688b91de0f0a31ad46a7d0374c897986df338a22e00f03aa69e006e6b9dcf6f2
-
Filesize
344KB
MD56854fbeceddaa64ce43f996a765a8042
SHA11887ee36c50e7b26b283ee26231824041f9f36a6
SHA2564d1c2ee1a3eacdcfc3cb285766213e17714e03e9d5d06fe300b5ef386f927565
SHA51246801938cf7f785dc882ec08bdfde32034ad3504d8bc6005ce73f39f3f87fda5a3416f8eb42fdb668c6ae8af5bed31ccc91cfd1e97d2aa00667a71f60430a059
-
Filesize
344KB
MD58ac9ff6eec5bfc03a9a2e06d3a6bcae6
SHA136122be8616b7ace93736138cda105bb450a2792
SHA25626d205084cb5f4f4f28886887e246f5f06127a97955aa1183f01a173ef4b3326
SHA5123b131c5721cc72c3f807cc332d6f960f7eec07dd97dc54228fdc91b7c1573fedfb054921d8ff95f70353f0ffac2838ec6383671daeb4ded950726437bd56cfbf
-
Filesize
344KB
MD545c6979a0a907dd898baeddb9b49e53d
SHA1d11ddda88035903824f429b5c0637f1d89774839
SHA256304c733e40b718e7d03273e48b473f08a565835a8e08ec78ad701756a1568553
SHA51254c007f3beb3d37aa6047b91289abe2a53f17869fa6c95befd25db734d89ebf5c05a7e5d07bc4a8249977b1629697fb85815f569bb7b28ef5841e4b5833ee93b
-
Filesize
344KB
MD53cfebe3dca24e6905fe647eded8f1519
SHA196256a8f3751e94e8562b84411641ec2e95c4299
SHA256f0d27c0f6d68f7c38489ba74189e9c04f55e2f288de399199f89063163814dec
SHA5121db1cfa72ed4df9c6cc2c4525d59f6e135783b9c4ac345f38dab822811426a3fb3784e4120a1c0be46918876ee2b901ea9a1d71a1298722e14e058cdd4a9bee6
-
Filesize
344KB
MD5c8e6a9ed9f23ead0e22c6df359884fdd
SHA1d16ea44787ce11036e20dd02c2360c0e35a3de52
SHA25698e5cfd8afeba7207484004b87234e8c5d6ad47fee9bc1c4495657f95adec842
SHA512a03b40e1b4ebf56acef10752e34add4dda1f6a5d76cc585ae8b2bea8498e2b39fd6c100281f08d3dd25c3bf9fcd3def792d25b4d1f49b44effb6be302b4257ec