Analysis
-
max time kernel
149s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
05-06-2024 06:04
General
-
Target
2024-06-05_81fb0fdeb18661ffddda8ae8885c00c5_goldeneye.exe
-
Size
372KB
-
MD5
81fb0fdeb18661ffddda8ae8885c00c5
-
SHA1
5b0981f410a31e00fd074fd1f6e16203a1cab003
-
SHA256
77f041c3f8a1b32640cd2631b1416b2876d3a7ef1cbb086d438d663b1fb6fd1b
-
SHA512
aa4712698a88ceca270eb4494b613ae34de99cf42cc79638c92785dd8de08784209322e47054537ff88553259689b4fc8b418a7fe583102d4efac02e4bb1ce50
-
SSDEEP
3072:CEGh0o+lMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEG8lkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-05_81fb0fdeb18661ffddda8ae8885c00c5_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-05_81fb0fdeb18661ffddda8ae8885c00c5_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2FC83296-47F6-4412-932C-E7661998B23A}.exeC:\Windows\{2FC83296-47F6-4412-932C-E7661998B23A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{269C9DD6-08C0-4446-8B30-467A7F38DDF1}.exeC:\Windows\{269C9DD6-08C0-4446-8B30-467A7F38DDF1}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C3D69ABD-583A-4012-943E-F440422B6CAA}.exeC:\Windows\{C3D69ABD-583A-4012-943E-F440422B6CAA}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4C13075F-CA91-41d0-BFA6-CA55F7D8C69D}.exeC:\Windows\{4C13075F-CA91-41d0-BFA6-CA55F7D8C69D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1D0FCEC0-2AFD-489c-9D48-C730CD5DB5EB}.exeC:\Windows\{1D0FCEC0-2AFD-489c-9D48-C730CD5DB5EB}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C85B6D4-1594-4c1b-942C-C7AAA668C461}.exeC:\Windows\{2C85B6D4-1594-4c1b-942C-C7AAA668C461}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{316419D5-FC32-4d13-A9C2-380608E4863F}.exeC:\Windows\{316419D5-FC32-4d13-A9C2-380608E4863F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E1FA8B43-4DBE-43d4-8EBD-E1195BD9FE1B}.exeC:\Windows\{E1FA8B43-4DBE-43d4-8EBD-E1195BD9FE1B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7723DDE4-5156-48d9-8DE3-644B8106BCAE}.exeC:\Windows\{7723DDE4-5156-48d9-8DE3-644B8106BCAE}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1037BB75-69F8-4319-9848-DA2BD352145B}.exeC:\Windows\{1037BB75-69F8-4319-9848-DA2BD352145B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA7FD2D7-B970-4ddf-9EE3-1575B58FF1EC}.exeC:\Windows\{AA7FD2D7-B970-4ddf-9EE3-1575B58FF1EC}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{87F03662-DDF5-4639-A2A7-0A9FC6EA664D}.exeC:\Windows\{87F03662-DDF5-4639-A2A7-0A9FC6EA664D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA7FD~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1037B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7723D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E1FA8~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31641~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C85B~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1D0FC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4C130~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3D69~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{269C9~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2FC83~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5adb33ead74f0e68a7ce2badfbe5b953d
SHA1cede1f67b430576784dbdc01fb970201e8e8a05d
SHA25697c0646a70df9613e4765716ba526980a7248ee2e9cd375e669efc4904c01e6f
SHA512b4512ff854435dd8bd5d90692593a43d3eb9b7155e49349434058de86ff23aa691155d7c3d18fcf7602e5832f13e72efc471f47cc14bc8607035d16bba768706
-
Filesize
372KB
MD5b28c23754cf2a4ee80382e6222eb6d38
SHA174d1f4d7370b8fe13818a21a33f04f16ffb4adca
SHA256ba0e1b4933a3710b2c7886fa660f40e837daa54c70620d1e3ef376fd7b04ff63
SHA512d91ee96e21d919391a5214b6e18a18d411c2fd9db8a83c68b334e7ef65f6fd86c4f54232e2b986c2aa9926d393807ebb12d7be23d30568871550bec747cad86a
-
Filesize
372KB
MD5ffd1024f53d654f03255e4cf21be9d29
SHA18db606a54945b64e6ee775a2c07832fa77db5a1f
SHA25695f82816fe2dae7b4f44268af3dbde7d270b7207cd2dadac94e626ba2f27736b
SHA512259ab42867fe5e5891ded964f1db2f7ed1123a268a60988e68aedf74b280e65ea8bfc7db372aab55ee57cb0c9e9152259736eb69c4907a22b61afa82a0c15e12
-
Filesize
372KB
MD5c9fe207205568569ecd93221f25bb1b9
SHA192e6d5a89554131cea71315c138945ff88073fc4
SHA256235e5e798c341379fc06d6fed3578c5434c295a672d3c1be3a13743106fd4aa3
SHA512ed62f2ffb822ca2f8a5790c71eec2330d1433a1365460752825a2d9d6b212e12b11e914a70f236b0a3020e9a127d17bdfe12286add5825ae14eff048d8116240
-
Filesize
372KB
MD5900e983f1c42ec7f40f39c9df9ed7bd3
SHA1896cb1a1dba24724b235d9ccb8def1992e9e0ba3
SHA25699cf02375c75d89592325ffd52fd1e28735d5c9196ba06489e620941cda074c4
SHA512838735d618ec2a3f73943be93569a04b8b3b3d6f60662501f541d95af3bd6ec50d027a509a766455f141de76cb3f35f3f388642130053b0d2a5dfbd8a7f5ab13
-
Filesize
372KB
MD503ea99a5a8b862d6e0712260f1e8eaf7
SHA186cb05b0613a6b6a70cf7c0ed307e32578b8909c
SHA2567b4c3acfeeae890a9b74368f0e3accf4d6e2e03c12224133dbdb286fa800c804
SHA51262c1e97f253dd090b2ffcc805a76232e4ede5faf2192d380718012b5aa9c37ae2a997130c9978a765c7c3cc01da42a56dea6b9802af9fbbf8e16ce38e737042a
-
Filesize
372KB
MD55697f8943621e806b6eac62f732f9efa
SHA12d09abc23adcd616d3832f96fe068b3021bb62e8
SHA256627460ae09e4d0997700dab612fe5f9df02a07b22d426cf2797e4518beb30e1d
SHA5125584bbd1241771af1ba51f270248521e60d519a565e1d31ed2efd9ac04f67e0bc5973a97e459ac1a2805c126b696ba4b00c0309a47639a2fe6845506bc88526b
-
Filesize
372KB
MD51be41b55cea095632e27434dae194050
SHA120362330b78edd6ff8ba3401bb7167cf2fcd5bb8
SHA2566f940d0e835d0c117e67799f26d5f838f38a7c1041ff7f420b51b438d01b0a47
SHA512e00a4d31985b61ffda5527626bc7eb34648269064dea45e957110399b0f186e00c8f34d4c0bf4edaec48c2aa293880c70cc7c4358573b51b4a2c247c78681738
-
Filesize
372KB
MD5b182c49c23c6ca7d8408963f78de0f41
SHA159da8aea5a8ef00dc264136278ef2c2df36da587
SHA2563f5d87e48eabb1aaa342b2d7236278631cdf5a41bdff9aea0e09a1694f3626db
SHA51223a34218db532803784b084bbe740e67e7657ca278d8f7d789af5640ec57723bf4f16da06867c2e93d74500660a8b0f99e8872b3e6dce873e731a7f5818ca088
-
Filesize
372KB
MD5448dd43617241e9e26de329c23be2618
SHA10ae46e2f304ce7317ff09fec286692c04b299004
SHA2562623465936dc8e846ac8e30ec7b3a8310743d4d066cd2f2736c6260d2a2a078b
SHA51244c46f7ec80040d132df92ffcfef60feb4006b65865dec78f098f9c3f8751adb75ad3ecefe1e162de1203a54e06d21c509583706da220b7a643e3e8f4391ccb1
-
Filesize
372KB
MD577e799fb207ca2d74843c8f8838f0a81
SHA171b473d7c3ef09563588ccf15013b3d84e50b0c4
SHA25667016cfe444d1f0e23904b77e9fcd29bcbfa427141ac8ddfe151419e9abbcb24
SHA51254d53e339a7ddc4b216f38e26ca0c936d5d78487e6e4d0fde112894a7637d0b8ced4736b1ab850dcb82663c7c7e681260f7c9028f7b0beca2cecb6a6d65d6e5f
-
Filesize
372KB
MD5574dfe56656db3c76f700ee2ab8801e4
SHA16f419267f1a39451757626f6770617e52043c223
SHA2568b2cc93e57859ca5b115ed34eb991b421332b00e9ccf1f49c9aa12d587450c15
SHA512f568cd3438a26ec370a292e13b69cc07325156c44c7fee57c5c375ab33269a8b13e7a42a483e0660f854fa46fb072736f8cb413690fc0cce12a77b57897bf766