Analysis
-
max time kernel
149s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
12/06/2024, 11:49
General
-
Target
2024-06-12_66182377f7188dad8ae4d1fc3a2df772_goldeneye.exe
-
Size
344KB
-
MD5
66182377f7188dad8ae4d1fc3a2df772
-
SHA1
a56b8a187405e47778c6d647d6a3c88992bc6ab0
-
SHA256
904147c27963f3c001688455bbd6deea0a3cfa28e20ad908578887709fe828ad
-
SHA512
c07ff812870c82c4851a49f86d931420e71f77f731283fdb58e9fa03968a14c7145b773e7d6709d9efe23b327f7ae8ab16cb47c9c4cd941ee58758c5a8fa2b5f
-
SSDEEP
3072:mEGh0orlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGtlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_66182377f7188dad8ae4d1fc3a2df772_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-12_66182377f7188dad8ae4d1fc3a2df772_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{558504F3-EAB7-4abe-B41F-9B37FE62640A}.exeC:\Windows\{558504F3-EAB7-4abe-B41F-9B37FE62640A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{32C4C9B6-475C-4323-A153-DADA05AA4762}.exeC:\Windows\{32C4C9B6-475C-4323-A153-DADA05AA4762}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E7BAEA1-015A-4659-9954-77313B7F771E}.exeC:\Windows\{2E7BAEA1-015A-4659-9954-77313B7F771E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B6EA3EBF-1B22-46b3-B8C1-FA7589AC4FEF}.exeC:\Windows\{B6EA3EBF-1B22-46b3-B8C1-FA7589AC4FEF}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{200D8153-9EF4-4400-AFB7-DFAD7E53E387}.exeC:\Windows\{200D8153-9EF4-4400-AFB7-DFAD7E53E387}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1D990A98-00BD-4d1e-893B-68FFB48BE673}.exeC:\Windows\{1D990A98-00BD-4d1e-893B-68FFB48BE673}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E814F545-7F3B-479c-9393-03A6B8122C61}.exeC:\Windows\{E814F545-7F3B-479c-9393-03A6B8122C61}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0ED4953E-9180-4697-B3F0-38200F798114}.exeC:\Windows\{0ED4953E-9180-4697-B3F0-38200F798114}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4DE175F5-3650-40c6-867A-D9246683F225}.exeC:\Windows\{4DE175F5-3650-40c6-867A-D9246683F225}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B3C88C07-E324-4e00-9744-969BB0863CBD}.exeC:\Windows\{B3C88C07-E324-4e00-9744-969BB0863CBD}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A7A0B0DD-A362-4812-A8DA-84A5F2299E89}.exeC:\Windows\{A7A0B0DD-A362-4812-A8DA-84A5F2299E89}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E2083DA3-DA7B-4757-8AD5-D448A0BC179C}.exeC:\Windows\{E2083DA3-DA7B-4757-8AD5-D448A0BC179C}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A7A0B~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3C88~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4DE17~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0ED49~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E814F~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1D990~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{200D8~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B6EA3~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E7BA~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32C4C~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{55850~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD5888e279e348c8fa4be3bcc81616f07f9
SHA1348f94752916dd253007cb8d8e05f634fbbc7eb1
SHA2569ae7c57bbca2695e69a52192f18abae24e9e9e83ecdd83f2e68bf297459732cc
SHA5120003fbdfaf45a01d60aa6a3a599209594a215469ebda8b9b796eaea4ec1fccce102353e291749b2ebc50412ef8e700a2979dbe0dcd68e3836f0f9646666d07f6
-
Filesize
344KB
MD5c5b0ae1e056ee34cae1212b23ffdd687
SHA1434b6f2f7cc0aa46c73e612b972437d216757ca0
SHA256ac6da8a441afbb762bec115570f19f151b5bf028c064e070d4fbb6d24a578370
SHA512288ca781ba4833c1fdfb0ce0092fdb1ff3ae7ad6eca6d016b6e9094acbbf70eaa0b5a90759f2e649d7f2d1a97cd6a7a52f3cda07c2e04f5b08e2167d3dc251e6
-
Filesize
344KB
MD515cd55539a0f2b8fea8eee4fb6248c54
SHA163bca56168ac913de1e72e21f263115c50341ab0
SHA2567b925ccebbad85072cebe0efc11cee70427ead52312a21f2621381472c500cb0
SHA512fac5ac1b342fbf3366cd6043bc461cf1ebdfdd9ea1b73d5edfaceb049bc4a440d4d012f932868de0ef472a1d1641e7ac05c80269c88502c9aedb1dae5fb39fa6
-
Filesize
344KB
MD54b211834647423bb9f0975e60aa5b2cd
SHA138eaa520668a7648b6726fa2f1a55ccae67ae922
SHA256da15b10fdbea1ac068a563d03f2049994920a8cdd4e5dcc25c33c3424e50dd82
SHA5123200e91c73b35b17c2cf4e1a532f076e7db0d55d3c7a0583f457acea6c5eb5c810c5aeaa158fe2357ba876af44cab2453b51431ab393e032669c72f4637176a7
-
Filesize
344KB
MD5acf871d8229c8d582985be26048db743
SHA1c2030ab5d66a12aaddc17f90e19865c3cdf574b2
SHA2566cf884840737fe9c64b1372fc064b41580c207bf3d074f9156a963d8720338a3
SHA512dc7692c22642f1c49fc81e4a0024637d7b7a37b9c7e6e0494470ce5f6462168f3a121091abefe2b52ae52043f5f5e97c8927e93b96e229b8f06e525e2bc58331
-
Filesize
344KB
MD55d2acf2ff51cebd27d7149ee35ff16a8
SHA13de4b53c63e1d45daa6b76b0244ca899e20fd0c5
SHA2561487773d2e5fee0e792929c416bff144fbfb9c75cd1e7b08bc1ff81340f335c7
SHA51204db85bb600cfb3a846dea8050cc724913a00d34b7ec47a492c38fd6ff343a7c90b69a05cffe0782bcc49395106b9a5d810a9f7205ae4d12205e1a5ec106f374
-
Filesize
344KB
MD5b8be1c735f5d74dadf7e2c86fc35231b
SHA187f0f99fb97aa05ac793a0864a0763fe1ccb9bf7
SHA25673ca68341ab9a1152fbcd5bc751569f6ac2c9ee7d63df1913cb456397cfaded5
SHA51207689fdd8d326e20f38ab797a20a76537aa971bcd11cd5d4a634acc9c756acdcb43886f20266b4b798707a9b659c900e6f9acfb4668df7122b27c6e54c4ef20d
-
Filesize
344KB
MD5fcd5d467db5a5a905a0d1a54f287a7c5
SHA10da24396dff21b476aa61efa5575c7a134e5248c
SHA25674ddc39b7019bf3883691b284ac83fa9957939bf6ed113ae5fee669121a2fb2e
SHA512d4fdbc6a95876d631bb875d47c23d445e0a37bd5669280e4963e8ec2fb8156dbe862ae1187ed9114ac382ba4a3eb7cfdae877853b58d593212acc682ddcdda35
-
Filesize
344KB
MD59ad89b9e031ebc9c42fd0778f0ad66cf
SHA1154c804cf7bccab5388b27e6481642ef1407dede
SHA2564582cc904a38ee95137eb77fa6665bc9e2b2259ca00ae0b7bcee2555f3bbde97
SHA512a24b25a7b25ee686ebd835563024acdb979a3b1572858f30c6ff20b8be5b6372684359d1c7d32b282616aa232df3b5096b005c4c14d69602ccc5267bc82f25b6
-
Filesize
344KB
MD565e30ebdaabcf354a55013c0615d8d29
SHA12afa5f6b1f6d4a47495c0f2f140a7b4938763bf6
SHA25605df05ebcb4485016af4eac1500d684428ecadf57e9284e2480430446b0e8be8
SHA512627f4934e69e1622f5a76561d4046ec0eef705216cea297e99106b7947ad01ba0a69eb534c936730786a54471557e04388be494737deaa5307e2d7a66403e8ce
-
Filesize
344KB
MD5cb6cd5bd10f5307242495a5fd801a2a5
SHA10f9211b80775d2b8be1cf29ef11c00b735439334
SHA256b0d85d539184e6a4a8fc7beeb655ff31a86c09672453001546593d532e6d1602
SHA512fec3a09826dbe03bbcb8b77cbbea6482c70852c1e7065bd5b55ab7cf2df2867e72858b7ef10f53a9e9824dbe15064aa9ea79ffe38fc283d21955c039d4fa505a
-
Filesize
344KB
MD56e3fa410ea64fa3527ff1cd72a6890b4
SHA1a32f18ee78b4d08524bed4c10129365575ece286
SHA2568d35cae32e16285d3192ae0be0f3ddaad3523882741e354c24843497412e0a30
SHA5129a339e36e3d064fb6c2498b6b1561da5e8a538092f0eabf170d14ae297a92dd2d9a04bcc3a627da764eabfa921120613f0e4b6aecad7f02ab24e3d642e311163