Analysis
-
max time kernel
149s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16-06-2024 11:53
General
-
Target
2024-06-16_3ba63a96f74a5344101ee993e96a2518_goldeneye.exe
-
Size
408KB
-
MD5
3ba63a96f74a5344101ee993e96a2518
-
SHA1
6466ca9ada758ae8334a9bee398cd0ab1b04abc7
-
SHA256
7ba3e30fb89574a50debd780e72e07c51758c32145bc6943238c5cacf6410224
-
SHA512
4d39d83487ae4db73929bb749ae62b64abdb1f7178c5531afe649df8a98a4fef3f832e82eda729d0c03eab340f752703aa6521731dd9f5c8da33ac3405fa8c9f
-
SSDEEP
3072:CEGh0ojl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGJldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-16_3ba63a96f74a5344101ee993e96a2518_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-16_3ba63a96f74a5344101ee993e96a2518_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6B6A2A7B-AF88-4abc-AF03-5A72CCFFB281}.exeC:\Windows\{6B6A2A7B-AF88-4abc-AF03-5A72CCFFB281}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{04B9E7CC-8F60-4345-99AB-21D8E3BCE9D0}.exeC:\Windows\{04B9E7CC-8F60-4345-99AB-21D8E3BCE9D0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{19DA608B-BA7C-4f30-BBCD-8810B4A2366E}.exeC:\Windows\{19DA608B-BA7C-4f30-BBCD-8810B4A2366E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6BEAF498-FB96-4bb2-BF38-608DBD614236}.exeC:\Windows\{6BEAF498-FB96-4bb2-BF38-608DBD614236}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{96A363F8-2CF1-4ad9-84FB-02E2466CBEA9}.exeC:\Windows\{96A363F8-2CF1-4ad9-84FB-02E2466CBEA9}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F85FEACE-BC89-4778-917A-E4A736C91D3F}.exeC:\Windows\{F85FEACE-BC89-4778-917A-E4A736C91D3F}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{86FFD999-6360-4b0d-9714-4A1411CF2FC9}.exeC:\Windows\{86FFD999-6360-4b0d-9714-4A1411CF2FC9}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FE25488E-E258-4e3c-A67A-5404AABFCB02}.exeC:\Windows\{FE25488E-E258-4e3c-A67A-5404AABFCB02}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C78DE032-EC9D-4113-8787-2F2C3050E15C}.exeC:\Windows\{C78DE032-EC9D-4113-8787-2F2C3050E15C}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4F51ED2C-EF4E-4700-9E2F-4C2C3614C94E}.exeC:\Windows\{4F51ED2C-EF4E-4700-9E2F-4C2C3614C94E}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59DF2636-B551-41af-8603-92BFC99815A7}.exeC:\Windows\{59DF2636-B551-41af-8603-92BFC99815A7}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0E862B80-11E2-4dde-BBC7-BD55EF920DA2}.exeC:\Windows\{0E862B80-11E2-4dde-BBC7-BD55EF920DA2}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59DF2~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4F51E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C78DE~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FE254~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{86FFD~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F85FE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{96A36~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6BEAF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{19DA6~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{04B9E~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6B6A2~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD581b5ef42370777874b5fab731678baba
SHA1abc2847285bf9b97598863ca75668dc57ae2aae6
SHA256c3a570ada80f88957d3e84e4b57fd85b27a246d46c02e46e2aa086f56c3d9e99
SHA512750142f4383641dc39f42b85a1286599ed6a0c28a471b5b375341970ddb72a793183d8df06455861b1fe20e3657266d69b69ed9609343be37093e48afbcea148
-
Filesize
408KB
MD56140928124000d018789595d9eb09a0a
SHA1bed683fa514218b47367555e10ef7aa69b54f3b7
SHA2569e9cc4d81230d17ed2b3fc7b0edbbfe8d1c6ce910c51f8fde486c2aed6222b3b
SHA5129ba8e29187e884726267258d5bd69bebd40a74e38b7481947809d047741ad8f798250047231912166444669f6e6afe9ac1fc9d4a6fd0a6f67691419f472ca55c
-
Filesize
408KB
MD5d936ce38510f9b131f66b860a1edeba8
SHA18c17dd39cb12216645c4198bc86ddea36af66b27
SHA2567ae2237dfcaf7ffab72f1c91b3688456edd0cf45a6b801c11d8297888987062b
SHA512bd65156e6e6a466075e6b27c73853016ad2c90876517f85b664b17a7ffdcc8c62143d631b6d199d4cde1057456096126af67a7470cdc76fca0c4723e6e0f3beb
-
Filesize
408KB
MD57e3b355342309695cf28d95987f9262f
SHA11bb8595d33620b891ed922f47fda5a5944d14a31
SHA2561eeab169f8162fa01bb92aa57463672e7f9482485b7f39aa1f62ba5482247ebd
SHA512e69b5f6bd20e7e24c00c2b8fc718e808031f428da0f4b4cc95745f10484bccf918ac9412825afcd275cd112e53a70c69633a68f7e287f9be34049ce53b2b893d
-
Filesize
408KB
MD59631b5c75484a3ba3915043dcd88b66b
SHA1e2a7aed15fa9ba3b5d84f8a814a29c9ff1af0a77
SHA25666953e2aa0552233e9685bad17bdd5cbd3cf332dadb11cd425d4b1819baad7e4
SHA51217ef48f0d8cbe1d4853baa6e9d274a22402a6fa69d58c5d389224efc0413e92a70511aa8832793e0904e29e8ff0f301c070923e98039d3f183409588289848ca
-
Filesize
408KB
MD51a67218f517ceb076237eaab9d1b8316
SHA16f9c61ae976be29aed2625453ed2f5a110d90bc5
SHA256c69825d189c6ff71c236652cd181305ae7cbe9cd447db6a8d7175e652422a443
SHA5122d317ade15d82da03bc23e2a59de311ebe08ce106587830968996d1fd703dbeffd9a8d10008172b6590bf68146552628100297aa48e3e25e98d809e050a58c8e
-
Filesize
408KB
MD5f473b80e162d1c34f5e4b801641ea98e
SHA1ab5fbda63de38557c79431bb40704612032b5ebe
SHA256f49f216db8c885c2837a362cb07d88d3297b65d37b044a0d2e861631774d64f8
SHA51246033b35021840dd216897e6c5cd3b84ef31fcf39ff613efedaffa244dd3228a6fd2ea2ae870b7e484e21825852540523476e1eab11bc7e2d62a64c90e8fea48
-
Filesize
408KB
MD531aad8cd0227f8f99d952bb21981f8d6
SHA190de8d1a40255183ccff6ac8e4a6ea89359600de
SHA256e0e42e58ea39fcfa7b13626265d66368df9baed9f91bcd40a762164b19a9ef73
SHA5123cb745e3b6cdc8078de924d01c586b38a9001b62f7d58c1b15c17757969b91913bbc8ac8eadaa017698e84d79ddb370c4417a6b67aa2e9a4d1ab770e5fb58e57
-
Filesize
408KB
MD559215f1c653890e343bd10937cad6cbb
SHA197cda28e229c408cbb179245d6e22703a954f0e8
SHA25682746564f9b799011ac8f570b5feb727a5d481eabac2f6c0f4ff3a62c93bdb73
SHA512edd606ab99f41a305fc6248b1edb739f5c789f799369504bf57c0fbf76a9bc8a468ebf34314656b7aec0c2d09fba20941c57535732b48c0d380863106dd37887
-
Filesize
408KB
MD5ef4c629b4d8db9a3ba516234b6bb360f
SHA1d5ac371f4e966ff3d134d803781139e329b50a9d
SHA25678566fd98c4207cdcbd52bf427f8d84f3f787af27d628f08ef9826af29b4bf12
SHA512981cc79ded4f1ac0d18c8a69fcecf9b0ab08e72d4e7dd072247bc06a235849070e9aae1aa5df3573a21251321adaa59a77868536cf7438642593c8ba628d7ed8
-
Filesize
408KB
MD5753b459d800178c4e0f3437d0e2d8dad
SHA18f0f87260143573390080b80290fd0f4c2c08eee
SHA2565baa9361d2c600d469292bd522eb3f82c62d6465e1dfc65338de4550ab638aa4
SHA512fa76fd788c7048dd434a206a64e29926bd698770a583683054e5ca0e2f0f67d06a6149c0d0f8c3aac75175f6f3643d64be826b62ca3ef9dffb1ac5a37d24e25f
-
Filesize
408KB
MD57948c011dc879691963eab77b9894587
SHA1a86d3ffc1990ca5f8d5f4ef3699c411e55d3ac3c
SHA25690b0baaacf7710ff120ce953713ad4cf82bf61f4041c2b0037829d43eedb64c2
SHA512671df7869e6f323cb50cc5f6e40dd755bd76b366653b02eeb4c74926f76511460eae1aba7a637770889caa08c03e81d644d8067e10d7c282d38891f50cfa063e