Analysis
-
max time kernel
149s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
15-06-2024 10:34
General
-
Target
2024-06-15_7c87bb6045af8c76c0ada3757dc9a887_goldeneye.exe
-
Size
216KB
-
MD5
7c87bb6045af8c76c0ada3757dc9a887
-
SHA1
1b01c478b57f8a1e01b4bf2efb871d33c7850aed
-
SHA256
4bb9ae48a897342633a6a52a6917b058bafbb65d09f2149fba7695ab6e5134b9
-
SHA512
a03b8f9154c26572d5e56dbd7f0e5cc23c8dc08652c0f39c462d8674c9ab1e91d0c5a417835f70a8d8c440feaecd34dedcd16848c27dffeff39fa323e82f6348
-
SSDEEP
3072:jEGh0o9l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGXlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-15_7c87bb6045af8c76c0ada3757dc9a887_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-15_7c87bb6045af8c76c0ada3757dc9a887_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B71DBB69-B31B-463a-BA53-50E85BAF0013}.exeC:\Windows\{B71DBB69-B31B-463a-BA53-50E85BAF0013}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C5BFABC6-1A44-413b-99D7-C3F348E865E8}.exeC:\Windows\{C5BFABC6-1A44-413b-99D7-C3F348E865E8}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2CB658A6-B8ED-4087-8194-AB275A315D27}.exeC:\Windows\{2CB658A6-B8ED-4087-8194-AB275A315D27}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ECE19E31-50E0-410a-92F1-48DB38ED61B9}.exeC:\Windows\{ECE19E31-50E0-410a-92F1-48DB38ED61B9}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{919F5796-EC7A-4917-8105-B5DFF2ECD7FA}.exeC:\Windows\{919F5796-EC7A-4917-8105-B5DFF2ECD7FA}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9F94BA50-7859-49e6-A64B-BB455137290B}.exeC:\Windows\{9F94BA50-7859-49e6-A64B-BB455137290B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EBD0C084-20CF-4da5-8C91-45B58AD25BB1}.exeC:\Windows\{EBD0C084-20CF-4da5-8C91-45B58AD25BB1}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7FD6F2F7-FBB9-4535-A27A-3A977E708E9B}.exeC:\Windows\{7FD6F2F7-FBB9-4535-A27A-3A977E708E9B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D843F395-726E-4382-83F3-F869A322623C}.exeC:\Windows\{D843F395-726E-4382-83F3-F869A322623C}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AED18765-0341-400d-A57A-7A5B92A1735B}.exeC:\Windows\{AED18765-0341-400d-A57A-7A5B92A1735B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{307E0127-BE02-4355-937A-6E33642F5B90}.exeC:\Windows\{307E0127-BE02-4355-937A-6E33642F5B90}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6F4E36C6-E5C2-4c6b-B61F-BB11F8FF9A82}.exeC:\Windows\{6F4E36C6-E5C2-4c6b-B61F-BB11F8FF9A82}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{307E0~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AED18~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D843F~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7FD6F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EBD0C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9F94B~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{919F5~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ECE19~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2CB65~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C5BFA~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B71DB~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5c374c0037ee8ae00aed844238326dd40
SHA1ac001df38c904ff4c98eee010a5b3fb780c2bfa1
SHA25617b256d28f8f7e684fdc5a5b40a0df06a6c5a1efaa6d30c23ed6c06b4b48e842
SHA512cb10e7cccbc61eb62dace1b8ae4385a3e9785b5016c633523d8dcc7a0997c2fa6ad0c5cbe9208ec11a3d997f701c8ae4840786f095875ca288496c4f503541d1
-
Filesize
216KB
MD512f5d1a53b59b9a5aa10af475709342e
SHA16a491cd58d0361a2d4c63c4d35e08a6261e3038d
SHA25697d767a8ad840aaa478d7129fcd13d943454a372a7cb59e8133ecb5e8ce6cbe8
SHA51248157dbfc2519f0977921b6347353365337fbec0e064905e6715ee79b2c7aa1ed3df157a7b4ea731c866c8f45897cfdf14ed7c46b0912958c05de146dfa5066c
-
Filesize
216KB
MD505ccf0887cba86b358b96cdd76ba6f8c
SHA147b099ef35782ab3110c4380cf6d9b0b99cb20ab
SHA256d9dba4f761425c157f9e7677a78204357eec406cbe365e2f91f58ddb67ee3487
SHA5120641c16d6ad31019f39d371b7f636a622971ffd10744999bd772038c3b01a1a00e194797ad14b2c71f26819f1022882e2bc5eebbb38aa2ee6303f940e97504bb
-
Filesize
216KB
MD5945a275186d5a50653690f8c57bd687f
SHA1e18ef16624cdd30cdf8191d596753cc1678dbe12
SHA2564433f2acd94daf9288e9d8ba7c5ac87dbf7673900b661e369c5ce2f00673df33
SHA51241a41463aa149e4db1c095f44e4a6e21592adce6bb23faf4e054e49dc7f80e0de2910b2a52a806dc1c781374f74ee8916979f38b1db161396c9b9665a38551a4
-
Filesize
216KB
MD57f57c2e8ade84b266de194c5a0effa49
SHA12ddde77a7807125a903420d199ac6241d0e2748f
SHA2567b4d4696de3f081790be38b5849b272c13a1506104be4c9b9d8bd2712aebe1aa
SHA512bbb47557b90f17bf75d74d694d5a99d8aee51b3a366c00e78e401ea508da8f9b19ed96bcb9790b84fdc0fc4b4d9f47c8b98eadb742811304034f83120826f899
-
Filesize
216KB
MD5faae6f8418a0893501424f428e94faad
SHA1ec1589461094687968fdaf4cb43c4b116157d2bd
SHA256970ad12840b5854acd34375409ec3dce4584124c7c88b64e9462adc34a598404
SHA51222cd484285d3e03a4234fb608f1f09a2c0a5dd3f96b8a1e60f3f91ad59197faaba0c8e5cd141ce4ad7fa4f44ec99a1a61cf45fb3bd0435fdffbb28ee1bd3087a
-
Filesize
216KB
MD526efd5f6cf54ad0d65857f5bc4c34c6c
SHA18fa46816ed50eb23b93e281a97c4ef038ea220e2
SHA25660a96e95889985f3895e0a360db89499d187fbae81d2c6093bc51031222f65d0
SHA5128b338a13a3b44fbc8671274431c04e3b691d63562d3fba0a4ee99fdd2c14f4065c41f7b049015156942c88285120572f7039538381b9eff2dc083e5be6afaa13
-
Filesize
216KB
MD5cce3f6058f34e3de9ba42c74b82907b8
SHA129cd143dd5a1088374730a5ff1cfb18fc8caa37a
SHA256eb686e7a5f835f9797c2dd9d62fad6baaebb80ea6ee03f966d174e57b7942849
SHA5123a22f83c02538df785595698d144ca0f369a602ef3c65dc319f85960e0b2321adaa26d67eafc9138586ec28f981a911ef55cdffe2dc613488f6a1cc7675296be
-
Filesize
216KB
MD53591f9dbe05854345a284892602a79fe
SHA18b6c2d70ac0d7924516eb43c589331bd2cfee432
SHA256dc257e7d3b30d331be4aba806e7ec148ae9a7dddc1111c8d46b74f4156d496e9
SHA512496f2406159e5d82c5ca84ed3a0005dcb35f5a9662886ada85eb69b41fb76af1623c6383888c0725dfbb6451099278f768294a17581278582549a5f85a1b110d
-
Filesize
216KB
MD5e9d55abc11015bfbac453199766a57fd
SHA1a86e0a0f87d292febe003f63ce21e10773b95061
SHA2568c9db618e942fd5346df7259dfd6d4c34dcfd2a49aa6db3fa81bf1367aaf6fe2
SHA512adfebf4b3ce45dd00cec3b9a171a4f2d9a16a17b1b4256f2d1abe15e516c907ce187b0fe35fcfe514d147ab46a6720df8fa507baa22679c7d5999f07f5696891
-
Filesize
216KB
MD5a865228ce74a8a8c22878e12c1786926
SHA1d80874a0ebbef4984cb48a1203032f90a3b13177
SHA256f2c86a8a90bc3d1758c5d3158795cf544103b8fd3c7cb0ba09049f6565a0fcbb
SHA512d6235947414d48aa0e6e2b9d3946d6589347b985046a48a6200a10c36f5ace248e7f913282abaa2c76fc1c8d5cfd8f94f4dab04e5016a523db525a4f8ca2a130
-
Filesize
216KB
MD5765f07102124cdb2444fc57eed7e07a6
SHA1316d1d9cd1e60d8c6cf561be82b13184638b06ff
SHA2569ece2aae1bd6900c44fdb2316641f3437d7470172a874015259063dcb53a1648
SHA512768749d1f6d69bb40419d30f1f2a782963c0eff7670e6ecbb7aa8dd4d8f9061386b4e35a9c6432c3063c38974a5d5711f6b5b595878888a3c6b8de209af0a7a7