Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
06-07-2024 13:02
General
-
Target
2024-07-06_bbd2ad36aa1b9adf5f31332454266a77_goldeneye.exe
-
Size
192KB
-
MD5
bbd2ad36aa1b9adf5f31332454266a77
-
SHA1
cff894d7680556127fe6dbe464379cdeefeadff7
-
SHA256
83eb37dbccf3f2c7998b6f691bc6f9b26c0e746ae2d67ad0378b20aae86e1db0
-
SHA512
a9b982b2ab11a7089bb2ab7fc3ab0d06d506368796ad7da70d6e2bca54626188419ca5c90a865cac92e3bc121722af47be4e459dbd6b9fbe83d12d19b38ef671
-
SSDEEP
1536:1EGh0orLl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0o/l1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-06_bbd2ad36aa1b9adf5f31332454266a77_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-06_bbd2ad36aa1b9adf5f31332454266a77_goldeneye.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FF2DB775-44A8-4a4b-88E5-4ABB67BF43B0}.exeC:\Windows\{FF2DB775-44A8-4a4b-88E5-4ABB67BF43B0}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9FA59A40-9E25-402c-B401-5526F9BF9AFE}.exeC:\Windows\{9FA59A40-9E25-402c-B401-5526F9BF9AFE}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4974640D-6DD2-457e-85E2-573DEC6E3E12}.exeC:\Windows\{4974640D-6DD2-457e-85E2-573DEC6E3E12}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C7B7ED96-8B48-4da1-AB98-8410CE8F2183}.exeC:\Windows\{C7B7ED96-8B48-4da1-AB98-8410CE8F2183}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B3273A45-BEC9-4f5f-9988-AB23AE870A76}.exeC:\Windows\{B3273A45-BEC9-4f5f-9988-AB23AE870A76}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{73599CA5-5602-485c-AF7C-C46BE127D3DA}.exeC:\Windows\{73599CA5-5602-485c-AF7C-C46BE127D3DA}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{52ED5CFB-EC90-4eb7-9058-9B67A8577072}.exeC:\Windows\{52ED5CFB-EC90-4eb7-9058-9B67A8577072}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{03CCF21D-5560-4d41-A210-0BE626281511}.exeC:\Windows\{03CCF21D-5560-4d41-A210-0BE626281511}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8063D712-0B29-4050-98BF-CA6AF531E463}.exeC:\Windows\{8063D712-0B29-4050-98BF-CA6AF531E463}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{534EBD57-6184-4ba4-BC2C-40B0469A925D}.exeC:\Windows\{534EBD57-6184-4ba4-BC2C-40B0469A925D}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{531D4620-F6CD-4cb7-8062-78634F40494A}.exeC:\Windows\{531D4620-F6CD-4cb7-8062-78634F40494A}.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BE3B491D-F44F-4c37-8C32-8E3B29940F7D}.exeC:\Windows\{BE3B491D-F44F-4c37-8C32-8E3B29940F7D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{531D4~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{534EB~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8063D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{03CCF~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{52ED5~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{73599~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3273~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7B7E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{49746~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9FA59~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FF2DB~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD57f94d1aaa6e872deab7d012747e936f2
SHA14b940334164a3c45134f614147b6279b41168809
SHA2566177f92ba4523cacecb06364da38cc9c474d7705fc7253f9ecc89a62dcc1e0f6
SHA5123b19fa152e78e2eef8b651a75a9e75cd28c7e8ec0c03021fb70308d382125200add164480284c65f06a8301f110fc4f41ac0f9f5f373f4eb27c7b75a491c0153
-
Filesize
192KB
MD5d6ae2415832fa8ddda2b584a2bcfe0c6
SHA12dd139e94fad505b81f1c7c8a9a012618d584999
SHA25687c884865612901f29f0c6a0d0da962603fc04b57a1b41002bb7e5eb3bcc9636
SHA5124e0e9ca561df3937fdcfb20b5b403ef39b426dee8492a376ef2e91d75db8dea82211a8a974ac5c20c9eb90b8c634a848f878677dfccd875a0466d4debfbfadc1
-
Filesize
192KB
MD5f66af52e8c70793348a5b0ad4d606613
SHA145bd25990e04fd62c152b97a177932c5f2365fb0
SHA256b59f8fc83889eff37c8c69f74ab892f6660eaf900303844739937867cfabaeff
SHA5120669477fe4b5f93f52ccd4f87985be60ae645319aa6583cb0f9ef3451883ceaabd1a86f8b50804efe6c6ae5b69a47c71f2fc171a34fc2db1d3c623b776dcf38f
-
Filesize
192KB
MD57db49c9960f16777f00dc16cfe1782e2
SHA118c17e1d2ab474f16b0e877f352dbde808e269d6
SHA2563d28308d743294ee929328e4374e017506a8a80a6559a7dce5c8dd4d0b217d46
SHA512eac05a9c32091538fbe41f21f37322dd12214108a6b67be6f1064962a685a77339c6f4c863079bc066a62f3b1c32e991b373b8496a43db4caf2d975a7a9c2f68
-
Filesize
192KB
MD581ebdfd6960509c54258c8341fdec31e
SHA1ad61156d557368b327b1bd12435b0a049faa8462
SHA256c753fc024ab7815edaa1673a6cb135ead15074a02127b2bfa733a5305bce79a2
SHA51298c62c00f95136a18438f59c21f477c94384d3bda70f7e4aaceeb9ec633fe7ff1e822c335e9be86625c0fe5b129b594b67aecfccec9765f38883366d6a4348c3
-
Filesize
192KB
MD5f97adfad6ec48e6fe397ebdf54eb9bfa
SHA1462b1b765ec5a008e7ad9512ea52726891e47156
SHA256b51c0ab3d2ec9aa74c7cb53340dcef986c4f9043c6600b275a74ea026e2fa33a
SHA512885d8d4ea9458260baf36a19e77bdaa081cd5b0ce5eacf83596b46131c15cbfb1097ce7ed9c4317dc29e934c11b804cb7325f7735bff7137f8bdc62ac339a63e
-
Filesize
192KB
MD593bb4c6810a66f219e6116e2ff0ab245
SHA123d49ea884882d4f7635b39578de6551e6c27ef8
SHA25688790282b84d138f8bea4c8e1aeff3f7c62edf036f1e1c960aa2b8037d644fa5
SHA5125bc75fe82825e08d0a13f952d57364edbbc431bf88442880858438cce9934c229a3ab603cf126db8d720fbc5113c29c093e3075522bd499ddf0e7c49af9a00ab
-
Filesize
192KB
MD595fde7af85a6d427e520ac12d8026d73
SHA1eb4b75252caed98caed14babf8c002b47d0bd87c
SHA256f1c46ac1d1e6614951f0ab28487aa23ac1507bdd868b7a709ad908b9ad69cd15
SHA512f005bd14c1c12ecfc798c1fbadfc9a1a876406319258893c6958103878cd993291b8bbc2db8b3c9d28fba2407171ef416da9e6764ab1cd00d0d2a1a19229e7d7
-
Filesize
192KB
MD5d98cfcb465f057667217a72673c8dc4c
SHA1f57441ad13a99f2146af83f1f8cee84f1d4d3037
SHA2562baa11b38e39455ecffeb6090023bc0a512349850ac552cc610c8fcbce46c294
SHA5123e6369d6736a70fb52497cf69db77b9ad2dd86b977cb31705f84123d7ba6c2a6a503bac6c3ce4987b81345206a0273ee028477829751f3604cdd30b55d3afb09
-
Filesize
192KB
MD5bcec79167104bb6a7584e815dcf86e91
SHA1fe1bfbdaea8217f8fe1b5eb0fa1f0b15c6d34304
SHA2564541ba04b78f19d8ee361b09f415f9be96a3c82cdf2e19b81388c0d75eabaf63
SHA512d059d8c40fa86ac7ed10ebc56316bf0a6668453bcf67bb148dad70c0899c7ba4ad5bfd2f6d36941bb3a4c0ec672e26dfd69a2282c4d94356d5c5954ae6a7d29c
-
Filesize
192KB
MD537b282db700f3344078c9a0b3e55d946
SHA1766937d5395b8d295a618536ac2d74b5a3ca123f
SHA256e69d05f64834b8abb3dc3bae312a993484ecccbe65342225e49acbdccbd90eaf
SHA5122611dcfa75798c360d4029625b7d30167217d5693e677b5d1a5d64d5d528a8d3e300d8324c3368d5947f5db31761ca95c24e245cf5be28c5cce2d17fd3df6962
-
Filesize
192KB
MD5f6f751a875757aa8132278b0127ceba1
SHA1c041fe484872a2ff7ae67598e59a1bc5fe8d4ddf
SHA2565308cc16c3e5bee9a59c6acafad86c1d755447cc7e84972185b994f403b9a8d8
SHA51242038646374e1baa605e088e0b710f94499bbd07f95bfb3506ede7ea12471ab4f66e21f0452e89a436ec3011844c865e9c70a140d317a35735ae4bea3a42e064