Analysis
-
max time kernel
149s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08-07-2024 11:40
General
-
Target
2024-07-08_566b881c0b5202056eea3b88fbb6c50a_goldeneye.exe
-
Size
192KB
-
MD5
566b881c0b5202056eea3b88fbb6c50a
-
SHA1
cb3d131f1a314307f3b2491f22d6220408358788
-
SHA256
650268c7d42e99e21ae54263808e6e24ee776a6a1b1ce3a3e01b0dcc202e391d
-
SHA512
46b12735fee5b75e748fdb1dbb57a610c36a8eb25e670090864a102a5d87c6d8d3d880c94c9783b2a9159ee517f20f863b18d1e9f54e8b903fb7da2b30464a36
-
SSDEEP
1536:1EGh0otl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0otl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-08_566b881c0b5202056eea3b88fbb6c50a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-08_566b881c0b5202056eea3b88fbb6c50a_goldeneye.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{42D01F82-D7F1-47fe-B74A-C8AD75C4720A}.exeC:\Windows\{42D01F82-D7F1-47fe-B74A-C8AD75C4720A}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B75BB127-82C9-495b-B576-FF350504C85C}.exeC:\Windows\{B75BB127-82C9-495b-B576-FF350504C85C}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C76E57CC-EBA3-44b0-AE54-99601FC6EC63}.exeC:\Windows\{C76E57CC-EBA3-44b0-AE54-99601FC6EC63}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{68624463-E74E-4543-A3AD-0D2BB61C504E}.exeC:\Windows\{68624463-E74E-4543-A3AD-0D2BB61C504E}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{87FD3D43-1BE2-46cf-8EFA-3DE9E12FB169}.exeC:\Windows\{87FD3D43-1BE2-46cf-8EFA-3DE9E12FB169}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A1089BEB-6772-4ed9-972F-7D0D22EC6000}.exeC:\Windows\{A1089BEB-6772-4ed9-972F-7D0D22EC6000}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E1D4DB2A-2F2D-42dd-96BC-82393B3AF874}.exeC:\Windows\{E1D4DB2A-2F2D-42dd-96BC-82393B3AF874}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B1AD9D3C-7270-413f-8DDB-5327C5017703}.exeC:\Windows\{B1AD9D3C-7270-413f-8DDB-5327C5017703}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9186A73A-F982-49d2-91F7-53871B58C678}.exeC:\Windows\{9186A73A-F982-49d2-91F7-53871B58C678}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B06BF50B-FA44-43c9-8210-11C5A02EB2C2}.exeC:\Windows\{B06BF50B-FA44-43c9-8210-11C5A02EB2C2}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3BD74ADC-A713-4f5b-BA98-775F8DAF23BE}.exeC:\Windows\{3BD74ADC-A713-4f5b-BA98-775F8DAF23BE}.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A68F93B3-E930-41c9-9471-93E18A06B72E}.exeC:\Windows\{A68F93B3-E930-41c9-9471-93E18A06B72E}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3BD74~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B06BF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9186A~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1AD9~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E1D4D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A1089~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87FD3~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68624~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C76E5~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B75BB~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42D01~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD50dcf718daf37633fcff94b0476ddac66
SHA15e3619f520450131a627ab913fa9ae0088f3ecc5
SHA2560395093f1be093f69b5b1deccdc8cd4653b948dda99332a3a533d327bae512ad
SHA512fc1592caf16a9f6f813a0323f9d0f29844963fcf50341333b8594dbcbf8da4e1d44089e6106b2845b95c1f3fa9d897d864ed28d0a2b2f1abc49b569fbb0cb6fa
-
Filesize
192KB
MD5027e8c84add4254481dc8b7e2e935c5e
SHA1ae9194871a5a118ca4e43324ccce63c4c0505fb0
SHA256527f3ccfd553325403acefe50ca64a0eab399419d4c02db0d9252fd4fa814297
SHA512e115ec35069b2cc552a266de81a6f283d9697a72e99e0c990e58b722147b6f0bef2ce54215e75d10eed1df5f34fb9aa4280b668c909a9fac60b4d12f4f182cdd
-
Filesize
192KB
MD53fae71e92638b74744a25d52102d678d
SHA127e92ac3ea249383e057734002f616b84fd41178
SHA25692e22925a4d9a5e0603e3771913f139f6b75074b75b5c4b243ecce31a140c50d
SHA512ce8a871e0eae7a6f0cc16cc944c48f933b44c82a74bc91c41876916670b019ff18bb35f7c95fd36b0032a8c242f5a0d98122deb11b3caaae0d734ca7478c333e
-
Filesize
192KB
MD54dd54e2e99b63297fc02da39fcc2cfde
SHA122c4c360c7a3a59c40097362000965c6dd8bfd10
SHA256ba73ff3a5997cde1600f3975657ccada823f90407b70a1cafb547afc0e24fb1d
SHA51204c40dc7102541b807ee096b0024ecbc0daf4760f14392d91cda13c1eee15e6ea1c596b5493e0271ee2fe5d50f18b825d4e4750c4d5720a9705d9528eca145fb
-
Filesize
192KB
MD5956e707cb00ffbf3d2adc4b540feffd1
SHA1ea97304428d36d269c67ae072e5e4cf5b1fc2a59
SHA256fc705b380cd33679d11e6074b5dacbe51dadd4b98bac711bcff0a3fd13a20e3f
SHA512a01887c48f1d459957db0b03f4d74ea66d39388dcb5b71b7a789208157b34c4d31de2059a5a5127b4eb4019b87e9e2c90dd54e6194d40e2c7b8b6b619a900878
-
Filesize
192KB
MD5b1bf5b75bcec0e23371079efd7ea1a71
SHA1133f82204b8c22b1703c18fd2bc37d0f1c433f36
SHA2564806d3078e91868acb28c716f6591a4b3f2ef26df3a234c46893645134929d76
SHA51238a9da697be3bb8364bc6fba6b5028ef337878295b2efcfd0885c09f4c7e03930970ee2ba63e26a9abbd767be3561a9964b957736fce0402a33cb413e072fc3d
-
Filesize
192KB
MD53fdb17bdaf68153a993ed324803775c4
SHA1c642e797fbe325424aadf5ae41ea6dc96b34ea7d
SHA2564572c5a941c365f453041ba42073169e37b60ea5c26f5f4919139c563acca901
SHA512baa7de75b3c3c963fcd5e7a9ed62b678ff8115a8f789ef571cf18fee016fb886cf7ef460e857445b8e76078ff4ed4f79b6d961cd7b3ceeb7dc0de8d1d2021a7e
-
Filesize
192KB
MD5bd4caf5979817fd4c0ecf34eb31b86ed
SHA13175a56d9939190a8be4ac7cc47c8d6517f4c337
SHA25671a400cceccd845ffa6166c73b3592bce665651c3c89879e81c9411e0bfcd157
SHA512970aa036ad0ccbbfbce2abf60d6a11780c9a46aa3bcb12dfc29d2a1fe451c3415650e3f98c905310685983ca6cdba16913b028257389f33ffaac77fb54a8120f
-
Filesize
192KB
MD5afb4fa2da6ffe797562daa094239ba4a
SHA19013e2268b3da38902081ef213340a87a1253bea
SHA256f00676d123460e5af75fd18d65e42058337a9c02c3d9203550b2c1c28b2e8466
SHA512df5a6d17538786f8ed32771d09081105b1727859a63b20901a4fa2bebb1e0f3e804cc394daed3936071e940a6c10254025ce31ab6a0ac2cbb40e2f0f3015a533
-
Filesize
192KB
MD59c66c8fb51207c6c858f5002c521269b
SHA1c19a0e579ac4d5a65219eb934ed5daa287c5036e
SHA2568005b5ed914900038cc3f6883324c5c33ed00ca6996ea6c7d96f1b60295da6dd
SHA5121996734471f5ed0f2dcad845f6c74a95218015f89215389ba5f83038839da4d398a8717995353ae742f9401d16970a87b61c153878136f54eb7fab0169a3f4fe
-
Filesize
192KB
MD52c748414dc6c0995c3a7e0759a872a16
SHA1121bb54d8e64cf5d711a2db82a5f5bf3f88649b8
SHA2565bac7bbc5f2b3fdc0176cfa8cc76f2f7e65ed102f9aacb076134ab030216794d
SHA5128d6544f84c32e601105c8a6c39bd5ac006ef340738b021271ccc2f14f01a517cb76583e68d54f4d2e79644cc1ca63ffdc69c6bd09e3010f818a887924290e4ee
-
Filesize
192KB
MD58acb9953a73bda6490dc1ce809abde01
SHA1724840ffbb73ac2c31651bf685958535eea7b6ae
SHA256276a56ad45dc7c6b63a041ed62648510ac65cf9517a699bee6dbea6bf4afde98
SHA512fbca87709cc93c857aad9a0c83bc680b74f7566a1d670534f0079b4731cb52d83e788055f97e90c5cd985e13713771a82f81e8598ea979da06768f3fe669de5e