Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/06/2024, 18:48
General
-
Target
2024-06-29_72ada85c4586a73b6dc363bd5343596b_goldeneye.exe
-
Size
408KB
-
MD5
72ada85c4586a73b6dc363bd5343596b
-
SHA1
819bd19bbce08f9ef28b0c7694286269a5a406d0
-
SHA256
dadbe5417003e0041b005e276e23950ba8c4bc751f39082a2feca25338f1a8f7
-
SHA512
2be1f249e3933708ba1cc90065715c650935d176d4395995345b6989db8d333cc59c470829f93b202a31cb049c8554f426852a4e527435b28f8b077397ad4c50
-
SSDEEP
3072:CEGh0ofl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGRldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-29_72ada85c4586a73b6dc363bd5343596b_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-29_72ada85c4586a73b6dc363bd5343596b_goldeneye.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1679B0F4-0E98-4261-AE4D-78D3FA29FDB4}.exeC:\Windows\{1679B0F4-0E98-4261-AE4D-78D3FA29FDB4}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C3498D5-B680-4013-8CBF-1B349206AAF1}.exeC:\Windows\{2C3498D5-B680-4013-8CBF-1B349206AAF1}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A8FC5A0C-FFC7-4152-95DC-BB3C718FDED9}.exeC:\Windows\{A8FC5A0C-FFC7-4152-95DC-BB3C718FDED9}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E8FC9DC5-C46F-4dbe-808C-F10EC3C19564}.exeC:\Windows\{E8FC9DC5-C46F-4dbe-808C-F10EC3C19564}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4797172D-7856-4e49-813D-8BED35AECCB7}.exeC:\Windows\{4797172D-7856-4e49-813D-8BED35AECCB7}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{68FD73DA-5E0C-496c-AC2C-652CDFB0BD35}.exeC:\Windows\{68FD73DA-5E0C-496c-AC2C-652CDFB0BD35}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AB6D57E2-E681-4ded-ACC7-E7C4C6889513}.exeC:\Windows\{AB6D57E2-E681-4ded-ACC7-E7C4C6889513}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E4F8FEB-BAE7-49ce-B09C-7257E52EEB6A}.exeC:\Windows\{2E4F8FEB-BAE7-49ce-B09C-7257E52EEB6A}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8F45CFAC-D056-4666-AB21-D4E6E778E911}.exeC:\Windows\{8F45CFAC-D056-4666-AB21-D4E6E778E911}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D21EC04F-D044-4eaa-B61E-C560156AD079}.exeC:\Windows\{D21EC04F-D044-4eaa-B61E-C560156AD079}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C92A0053-5D0F-4dc7-BBB8-B44D62CF7EB8}.exeC:\Windows\{C92A0053-5D0F-4dc7-BBB8-B44D62CF7EB8}.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B34C628C-DA4A-4631-9487-B443775EA4DD}.exeC:\Windows\{B34C628C-DA4A-4631-9487-B443775EA4DD}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C92A0~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D21EC~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F45C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E4F8~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB6D5~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68FD7~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{47971~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E8FC9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A8FC5~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C349~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1679B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD51cd612f7ef1fe3885cfb4ef9ce68c027
SHA12023597b8e7d91b803782e4490f5fc01f358cae0
SHA25608f490c0998f515abcb6af76f6e3f440a497882d5bd8d148dfd82b63a6eefbe9
SHA51294aeb96387fae2e2dad990f94fa37a6ec3813c44a05050a51a6a97fd4950809c60169c91287bb06f962a01491fc217d9d971a66db2cf26efd7c7fb120dfe484f
-
Filesize
408KB
MD52432ff63a3e117355f7576568b1a09d5
SHA139339b8e00497fcd34b35e6510ef122592b6146f
SHA256228fec5b0fe7e868eb935ddd04ba2da34aaf764a9acb5520b1c3d5fc6df28045
SHA5122282263271d85312c5005d2cab58f7da18284ca04770a8468c979d4a18ebc341ff16430cdc059c4e900afaec29e8f4377fe903cf05c4525551f6853223269af6
-
Filesize
408KB
MD5f25b0a1956080148b63403a68e078a2d
SHA1a23a8eb13b1096ff1770449b9bcc137c5ef19e0e
SHA256f171df86987bf22ad66181be12c9a2af3b5c4fb088a5a53985973ca1b74dbcb1
SHA512826b525a47ac329a60dbdd022168322e2c80383a764abfd3451255a17273dd34a68735352f7b6fb9f7da89e17e74b07b15c3d1c19240376ecfcae59dfdf8cebf
-
Filesize
408KB
MD54b49eb08184e99779460aa7b71c04ef2
SHA1a44d3b43e6ec417d749f1abcc47583d9a9612e95
SHA2567ea0862bd144f1204a2fff903f011445120b91c7a600598b202333480a04dbaa
SHA512886c5d2dbbd615ac9e82b9d5c225f966e02e882c9c5194e9d65afd16dce78b30c4531859be86530aa20343eb59e3cb4c614ac56c1ed6542fd7cdb55fb6ef3dd4
-
Filesize
408KB
MD5b14d3182d91c9087c25fa3ff45ad8aee
SHA181ef1156548c14c5d5913739d4ecb0794cf85c85
SHA256d7f187c1efde988d0a0c6c1af9add500428fc9863a6b615e093fc51d093c8416
SHA51257fa7abd6efc0ada0bed549ded7f4eebd26cc5234e0e53866faf9f2ac15ada253c7184d04fbeba3958a0ba084c013a408a67479747152edd8672cb9fe8fef303
-
Filesize
408KB
MD5c8630dae7a77eda9f717379bcfd387b8
SHA10a6d9bae0c4b8aa4235d216d0a1321f87709cc24
SHA2564a143c0bda56d178c6d3ed131126c920f63bd427ebddf1f473c6c5fe22e76621
SHA512532c271170876e909538bc0e08c803e88732edc9255f4213ab8caa0527239c800e04c2f31d4bd58c4e6cdb7443c1210cda0296b5fb500986594b7c0c08e20287
-
Filesize
408KB
MD561c57b793836756bc4c381581dac2831
SHA1d63c88714593d7efedc78adfaa038f86bb6cae35
SHA256e9a9d455310925868db765922d54e8c5e94bf0327023f2d5f61370251f2e25de
SHA512d6bf41f935c6a5839af2e9695ebdd52d7c9fe8768ff0a8e3c54be50e7d331e44ee9b41fd96b13c676141fcdb3d2f20ef33a28922f3c24b0a6b494237cf997851
-
Filesize
408KB
MD51cdfc3d15653541f5f6571bc0f883c83
SHA14732e533ca5a716541405ca61719ff085e73942d
SHA256fa04f9741b8d5a8aa3d9547b677b80cd291a85b1f8406f7bf837a02eec0dc0ec
SHA512e9ff1c6629630878491a90df82e3781ba4f1c13cb22fe58c3e3c63c9a9345cde675554d09b16f6218aca778ace37870af12a801f328360702b9b3b2726b7b4a4
-
Filesize
408KB
MD50bddc0f776e0183e6d600143694ea15d
SHA15e8a50e935803e5bfd373ad17b52eedf26b3d2af
SHA256b4a5a4c0c1240bc676eba2a7dfa39cc12835580cdae978205fdc654241c62e92
SHA512c9b7117d28b6d41ebff292d987d0f43fe6eb1a7fe71a4824b3a555dd6d9c35a4f60bea7afaa4865b81436ad2621a103459c0124fb7042cb3af5acd31157b5164
-
Filesize
408KB
MD5a7ec2f07d7da13b03e8efe21b4dc00aa
SHA1a0dabf4777999a27a99d55e68c6ee189c8895a33
SHA256630e8b833c5975c4f0a4dbfe8574298ddb93d1bfdbf2a3062334d048d59e65af
SHA512501407a777cac15106837cc6996d96d982d7dad92eaf5603e613e65fb5a595570c17ba8e08e10558507e5dc839240c8046999f674970848c252df2c98c90a967
-
Filesize
408KB
MD5e59af22a87b77458e3fa1337ff93a268
SHA1db5c950ea1f5c319f309703c1d4072b13d6617aa
SHA256161347e0c83415ec9dfebd34e9f6031fa39753f824f708ab4ab18efad70378ea
SHA512494efb68a2ed143a4940b28b41f6de171c81cc06d3ad81f842702c136447dd34e6d2300fbd4d72c25584bdf87fb879bd4b1af438bab1aacdec11823a757d7578
-
Filesize
408KB
MD56625fa4a5c151b018dbf89540cde10ed
SHA1e1ff76a4d36b1b8ada2ecfa147fc7da8a8bc2646
SHA2567206d55bc0019a2879f2681b2a68b7b95c3d20435454ed9b2a7a416b7fea974a
SHA51298b27411325c20543a9cda7f7045139f2a6e79d6b05be2b5371d5f63011d130f53b2eda6f5bd71dbf48b2af9b863e832dc7213843b32e7d21016573552495883