Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30/05/2024, 15:04
General
-
Target
2024-05-30_cbf7da80d22c6327a4ea83b22d0d8e15_goldeneye.exe
-
Size
372KB
-
MD5
cbf7da80d22c6327a4ea83b22d0d8e15
-
SHA1
68c0482b0b86a56442bf77211a42005481fd3a48
-
SHA256
b3f44861dcee9b39924dc45c912a746d276607bafeb45e7b54594ed4e8cb724a
-
SHA512
7bb05b882a1f3dc009b6d148ecb426f1318135426f8e9e6aeb6efd7e3231037ed71869e49ba12fee56c990dc4179d8b175287a445adc5daf38e0f13c0a02e69c
-
SSDEEP
3072:CEGh0o+lMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGQlkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-30_cbf7da80d22c6327a4ea83b22d0d8e15_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-30_cbf7da80d22c6327a4ea83b22d0d8e15_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{24DFA510-7CCE-47d2-9E43-33AB47FF51E6}.exeC:\Windows\{24DFA510-7CCE-47d2-9E43-33AB47FF51E6}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{428AA1E7-05CF-4ec3-8849-4DEEBC65BD37}.exeC:\Windows\{428AA1E7-05CF-4ec3-8849-4DEEBC65BD37}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4F776DCB-749A-4625-BA6F-7A1E2E9775C1}.exeC:\Windows\{4F776DCB-749A-4625-BA6F-7A1E2E9775C1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A6E49B37-24E0-4fbf-A748-88CE9BF9B8FF}.exeC:\Windows\{A6E49B37-24E0-4fbf-A748-88CE9BF9B8FF}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E963A99F-3B59-474f-B5F4-84FFFBBBED4F}.exeC:\Windows\{E963A99F-3B59-474f-B5F4-84FFFBBBED4F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D3FB3BE4-019D-426c-BD42-56B4E51C3544}.exeC:\Windows\{D3FB3BE4-019D-426c-BD42-56B4E51C3544}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{04156808-9B25-49cb-B865-31F51086EB82}.exeC:\Windows\{04156808-9B25-49cb-B865-31F51086EB82}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3C79408F-315A-4870-9A01-38E68F7D86D0}.exeC:\Windows\{3C79408F-315A-4870-9A01-38E68F7D86D0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8D2F0636-E6E2-416e-88DD-56112DF3BB79}.exeC:\Windows\{8D2F0636-E6E2-416e-88DD-56112DF3BB79}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{27A1B2A0-789F-4011-87E5-E9CAD2B9F56A}.exeC:\Windows\{27A1B2A0-789F-4011-87E5-E9CAD2B9F56A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E9C8456E-E9FF-4868-BA7C-466CB7EB5D9D}.exeC:\Windows\{E9C8456E-E9FF-4868-BA7C-466CB7EB5D9D}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DE3281B9-5076-4fb5-9524-507D84A9C167}.exeC:\Windows\{DE3281B9-5076-4fb5-9524-507D84A9C167}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E9C84~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{27A1B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D2F0~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3C794~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{04156~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D3FB3~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E963A~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A6E49~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4F776~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{428AA~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24DFA~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5858b3db1666910c0ed1b76a5661ca05f
SHA1e5dcbc62d0a9ae21daabc88957557f46a34eeaf6
SHA2566fa1e0a2f672bc4a02bcea23fe9a93f5bcaa8b13df6e6984e6d67e082bced956
SHA512fa82da32fb30d78e7959e9172c14842a21d13ac1ebec6a693a9a7a098753dae5ad1ff17b350f0f408735c84bd14b0111693a3fbb1f8ef6e3048bca252429a5f7
-
Filesize
372KB
MD55a066f6e17459c61fbb81e0af5fbc912
SHA16cafd4269b19bd7c6ee62d5249bb3fc59ec10173
SHA25699ee22d35f50dd0f75bf7bdd39d0abdc7f01a914f1102b3ff3be3d5584cbf80b
SHA512f6b9f8608c3c8a11c2d44fbff2ae37ff6b157da85201e35e5057b8cf549366d987f359ea7dcc154ae30a3d72411983fd2706a35fe59b2535186834cb1325dd00
-
Filesize
372KB
MD5d78d93433075da139cb4fde0c6cb36da
SHA1edad6afc63a8842cb30926e0686b57ac69d6233c
SHA256f3da4fea21769670f450f8b27613129252cdf580c5b63040a7b82bd978ff8060
SHA512714ead525c36502594a2784bd610271b6a0e7e09bcd87abfa95b3a3e4eb020fc2ba7f8e9380657576f5522a364c5a64f03e9984fa09e3204a1e93a3eb55f6a80
-
Filesize
372KB
MD50eb1a06e653e2402452a8cd65e3fbd20
SHA15de42d8c254fbd503b3cc7f3353018201effb00f
SHA2568ef309e0c81baaffd47ebdac67237fdd318109804d249a072325398276fab90c
SHA512369bc9dad5c9566140ecf8bc0dc41eb4209861b6204c4f25fa9c8e24c3a293653dfdc94cedc36659e503dbfbaddcd5173d035f6eb56f739f39228cf245d10f62
-
Filesize
372KB
MD559c733f75c2304abbf4c7b6a3483427e
SHA1ce89ab63e633e26531f187ea46b3635be2ca4a05
SHA2563fe6c1ea0bfcbb651856f50833b0de0ae60a1a6c07f66d1635085473fb29f19f
SHA512e92672ed4a82d75f96d51862c4e8d51bffda36dcb1a5c86a83134db3c4d7ec0e88dbf0c4b7a88bda813f0fb559ebe8e9ec1a1ce754a59e31d956b810288b2729
-
Filesize
372KB
MD5b05e90351cb93f2a6e881257d6257b97
SHA1f5a042b3e66e995e431c247f9c927e1e5a23c9c3
SHA256578ab63f9aecb6f8871a4a49538f38f7bf1568b379937c5a5df9edff4502d816
SHA5121a0dfc297ca8dc2ea57eee53ed38ceb627d199b76e650478f38d4c0a3f0da59ea585b5fe6fb0b9f2115bf99baa2ecaf77ba6776157e12724a62e590f2d8302a9
-
Filesize
372KB
MD5037046cec7974887d57f023bea380a8e
SHA10ee407e74d29bbeeaa49ebb0bc7cbc92057454a7
SHA256d573bf725b7a78b954329b77bbd054f335cf38c85dc60180407b8620adbc6c40
SHA512d60045b9ca66080de8db38922faaad308d72a25f0935c57a62cf70aa4ac7b1622eff8e4e5d06e13afe3fa42a6ba87b96a08da991b8dfdc15726c0ba0c8120859
-
Filesize
372KB
MD5a70ee976ba6030de88125d207f52e060
SHA1fc4d48dfc584db06c4589c2184463140daa7a0f5
SHA256632079da8e73c9926322297d0b75711ef9c8d6a5d4be4f6a3c263c7007c65ea2
SHA512ce30dfed4414761da259e61401849ee497afc9e861893a8bb89ab747334294efb83f92e619cf920a781c42f892fdb8a8ab383cfe3042ad0f308c94ec7ef7d433
-
Filesize
372KB
MD5671e98744b381a91bebefa4cf7308100
SHA1041201703c2f1b5aa8decd0544371870a0e258bc
SHA256cd345cf2bd5028778e13cd8a66dc62174b12fe79af005b3e65b6eb5fc8dff617
SHA51249267a21e94b660e71c841abb1ecc00d356b69d26afc09e1b6357dee9d6abafe28af05be33eef26c1fce02816b3240c60987b978aaae066bb00b332ab212ec7d
-
Filesize
372KB
MD593c9955aed7cca0d31802ee31f43dfce
SHA186b74c4fdb4d314b108322a732d7660ee99a1b66
SHA2563e4707996de8ab427dc10e6c2af8c693366040552122a14cc43e6bc2c13d2d6b
SHA512b919ed8f711459c6723aae94a1e46265cd7c5207d1b985ac8de6328a25732a5e6a7f91209d0cf8c72e8166afe2bf0b3f33cbac384653626fb0b73b70136c4a3c
-
Filesize
372KB
MD58cf5def02fb51de2e99dba0edd0aa9d3
SHA16cf169fdc988bc72de42ffb95f7bc53cdd67dde1
SHA256ee7811bee201b9e75761b540fcb3bd4338a2c44cd7ac94dc8400c73ad4afab3a
SHA5122ba4edaf5237a6a65b7a979b272d6243bad04b756f19c4e25055c20de51787d0891757398a3285d333b244dd35829a19f3f5aeef63ada25188475434c1a18dcc
-
Filesize
372KB
MD5b3de3f80736f2572490548afb9766b74
SHA1ff8378fc9459966b4df5537f206192a516b5744a
SHA256996f3f0bf9055a53b0302106827738625736b14aef690e59e1793165df400dc1
SHA512856510e589fe913c3d01ae49003c62cb107ac15c129c7de0bca50b502c68bc4a2e7057d137214ef77c4ba8d1fd301a9272fce1a4eb18cef34505d12f0c8180b3