Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
17/08/2023, 19:00
General
-
Target
22a1cd2624f0edf3452af50f006f75e0_goldeneye_JC.exe
-
Size
408KB
-
MD5
22a1cd2624f0edf3452af50f006f75e0
-
SHA1
4d7ff73c751596a36094e333638629a9adfd9172
-
SHA256
c30c69ad7b8cf413c33b33619e05d435799c2526af61cbbaa22c1776e91e4f78
-
SHA512
edaaf532681b64193d89c15703a9407094ec184d54a78a5665074bb53068d8d5690c03017fe02243f59d5f592799be57c9aa0c6b2af74c57a8a711bc4b5e84fa
-
SSDEEP
3072:CEGh0o2l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEG4ldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\22a1cd2624f0edf3452af50f006f75e0_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\22a1cd2624f0edf3452af50f006f75e0_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BC54E020-CB54-44f5-8A4E-A3C9311E11E0}.exeC:\Windows\{BC54E020-CB54-44f5-8A4E-A3C9311E11E0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D6DF4A1F-6DCE-4d9e-B32B-53932CA5C3C7}.exeC:\Windows\{D6DF4A1F-6DCE-4d9e-B32B-53932CA5C3C7}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{64230EC1-819F-43e8-A116-2423C632278F}.exeC:\Windows\{64230EC1-819F-43e8-A116-2423C632278F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1958D45D-52F6-432e-8BB8-9CA0F0CC55DD}.exeC:\Windows\{1958D45D-52F6-432e-8BB8-9CA0F0CC55DD}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BB226BBA-90E6-40d4-B8AE-C5385AF836BE}.exeC:\Windows\{BB226BBA-90E6-40d4-B8AE-C5385AF836BE}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9A2C3DB5-C718-486e-873A-684BED7D4557}.exeC:\Windows\{9A2C3DB5-C718-486e-873A-684BED7D4557}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A2C3~1.EXE > nul8⤵
-
-
C:\Windows\{6637F782-D4BC-423b-8EB4-CB040F183928}.exeC:\Windows\{6637F782-D4BC-423b-8EB4-CB040F183928}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A0CA34F3-1342-40ec-9DA3-FF4D83876D27}.exeC:\Windows\{A0CA34F3-1342-40ec-9DA3-FF4D83876D27}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0CA3~1.EXE > nul10⤵
-
-
C:\Windows\{3B3E7CEA-B16A-427d-A22D-10540CF4081B}.exeC:\Windows\{3B3E7CEA-B16A-427d-A22D-10540CF4081B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{516B2920-1BC9-4d4c-B9B2-1BCD46E8AD1C}.exeC:\Windows\{516B2920-1BC9-4d4c-B9B2-1BCD46E8AD1C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E2AE1FCE-6AC0-4249-8AA2-99CDBF1B3475}.exeC:\Windows\{E2AE1FCE-6AC0-4249-8AA2-99CDBF1B3475}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E2AE1~1.EXE > nul13⤵
-
-
C:\Windows\{F44B0FFF-3ABD-44c7-A49E-1D01C00087BF}.exeC:\Windows\{F44B0FFF-3ABD-44c7-A49E-1D01C00087BF}.exe13⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{516B2~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B3E7~1.EXE > nul11⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6637F~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BB226~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1958D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64230~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6DF4~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC54E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\22A1CD~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD59b00c3198d034a4bb504b06d6500ccdc
SHA19017721cd51bc1695e9e1a209dd685935c668bd4
SHA256c69a33eba307d69264d7cd5de0b3d8bfdb1b52c0c6728625dbbdf8cd5e3477c1
SHA5126e6c07a75a241a666539035f2a8c17fb941b5d60c917812a97e971db3261d020aef96c276d6578224514ab0057437f505e29763f8ee72289c6979760a0922f64
-
Filesize
408KB
MD59b00c3198d034a4bb504b06d6500ccdc
SHA19017721cd51bc1695e9e1a209dd685935c668bd4
SHA256c69a33eba307d69264d7cd5de0b3d8bfdb1b52c0c6728625dbbdf8cd5e3477c1
SHA5126e6c07a75a241a666539035f2a8c17fb941b5d60c917812a97e971db3261d020aef96c276d6578224514ab0057437f505e29763f8ee72289c6979760a0922f64
-
Filesize
408KB
MD54fcdb0e7a511c026402f5606b9850b32
SHA1b80333ac80bab7133b65934e6696dd1684000859
SHA2567193860ce9cdbae0d76b14d4e749478dcc7e59d1002ae9d97f1a4f58043692bf
SHA5121d1621fa6c4610c1215ee8fc8135965d1be01e06183710f61089fe165194a0a6a396828fbe43241f4e1e64e337fd7073909830058f244c0f8b6c52bf125781af
-
Filesize
408KB
MD54fcdb0e7a511c026402f5606b9850b32
SHA1b80333ac80bab7133b65934e6696dd1684000859
SHA2567193860ce9cdbae0d76b14d4e749478dcc7e59d1002ae9d97f1a4f58043692bf
SHA5121d1621fa6c4610c1215ee8fc8135965d1be01e06183710f61089fe165194a0a6a396828fbe43241f4e1e64e337fd7073909830058f244c0f8b6c52bf125781af
-
Filesize
408KB
MD50cdf558089190d47e6c2a7999982d3c2
SHA12628ea18e693fea392d3653a241061d361fde099
SHA2566986ee4bbd88667d6e7f2c9090616ade111b6cce633811b4bfdbf75fd54aad35
SHA5120a3c9769ea164cb7b17ed933af51b615c1e432924e73621894e9ec658eefd1cb30fce8df3e222fc4fd954423d7e77e5374b12d10733dfbcb15e0f9470d477f48
-
Filesize
408KB
MD50cdf558089190d47e6c2a7999982d3c2
SHA12628ea18e693fea392d3653a241061d361fde099
SHA2566986ee4bbd88667d6e7f2c9090616ade111b6cce633811b4bfdbf75fd54aad35
SHA5120a3c9769ea164cb7b17ed933af51b615c1e432924e73621894e9ec658eefd1cb30fce8df3e222fc4fd954423d7e77e5374b12d10733dfbcb15e0f9470d477f48
-
Filesize
408KB
MD5230acee2d0660ea21f190fdb581d90f2
SHA1c080e3157f1832a8407ca18f42d61d8feb5ea667
SHA256b6c0552b7970e9ee5afa266fb01968aa13691943a886328879736812fd837282
SHA5122eb0a936eae5ae6ded50f07a78b14f5ab2b50470bbe3d097925162d3cf9379f8039ec4c586b28f8fdcf241fd21ad5190e6a93fb69ac50fa8d3cc5fec6c515bab
-
Filesize
408KB
MD5230acee2d0660ea21f190fdb581d90f2
SHA1c080e3157f1832a8407ca18f42d61d8feb5ea667
SHA256b6c0552b7970e9ee5afa266fb01968aa13691943a886328879736812fd837282
SHA5122eb0a936eae5ae6ded50f07a78b14f5ab2b50470bbe3d097925162d3cf9379f8039ec4c586b28f8fdcf241fd21ad5190e6a93fb69ac50fa8d3cc5fec6c515bab
-
Filesize
408KB
MD5e3e031eb4e7be66fa931873d7f03456c
SHA12e0748a3b18bc663881abd6bf4ceae101a567ed2
SHA25651404b8af37ee9476d733a1556f40f973cd57c6feb51e2cae169b9a7f4a7927f
SHA512ea6c608d9afa0e3fdf679bdebf47510e47f9cc59a6a801f45fcd48eb6fe3d46bdb5fa6eec22d8f5376d48ad34f8aa1412f1866ad90b3cea76efd8dc4b34dfe2b
-
Filesize
408KB
MD5e3e031eb4e7be66fa931873d7f03456c
SHA12e0748a3b18bc663881abd6bf4ceae101a567ed2
SHA25651404b8af37ee9476d733a1556f40f973cd57c6feb51e2cae169b9a7f4a7927f
SHA512ea6c608d9afa0e3fdf679bdebf47510e47f9cc59a6a801f45fcd48eb6fe3d46bdb5fa6eec22d8f5376d48ad34f8aa1412f1866ad90b3cea76efd8dc4b34dfe2b
-
Filesize
408KB
MD59bdb552fd93c1898468d57fc8122ed8b
SHA1159df1ca206abcfd23a516c37f10a9d9423e2cf3
SHA25616d91ed5241065d75ef2101856109b2eecfe5bafe404da18b4db0453691e26ac
SHA5123f159ae638d1470404e30862d671bbacfa81f9c34ee2cf0715bd3f89b46d436c87bc70af63a7aa91074a21e4ab77d3970def7121cd86227a3f4901e2dba67f87
-
Filesize
408KB
MD59bdb552fd93c1898468d57fc8122ed8b
SHA1159df1ca206abcfd23a516c37f10a9d9423e2cf3
SHA25616d91ed5241065d75ef2101856109b2eecfe5bafe404da18b4db0453691e26ac
SHA5123f159ae638d1470404e30862d671bbacfa81f9c34ee2cf0715bd3f89b46d436c87bc70af63a7aa91074a21e4ab77d3970def7121cd86227a3f4901e2dba67f87
-
Filesize
408KB
MD52e4d054e657409b21d049839d839c79f
SHA11f01a0aaed29fe76b355795cf0bc9935e7935877
SHA256b2aa472176561c0270686157d30a4ecddac7538cc3bb3b75dd3da42309da24e4
SHA512764b3603915030d532df07886ede58f73be3c82e7627f59161cf43addbadb0aaf243a5b1af5f20a2fcb02e217de0fa81652f45feef5eaf0a5259904ce5afc92e
-
Filesize
408KB
MD52e4d054e657409b21d049839d839c79f
SHA11f01a0aaed29fe76b355795cf0bc9935e7935877
SHA256b2aa472176561c0270686157d30a4ecddac7538cc3bb3b75dd3da42309da24e4
SHA512764b3603915030d532df07886ede58f73be3c82e7627f59161cf43addbadb0aaf243a5b1af5f20a2fcb02e217de0fa81652f45feef5eaf0a5259904ce5afc92e
-
Filesize
408KB
MD5023f07363a59779edd757f7197958821
SHA1c4002ea5648e3a47fbcdff2bd096d8df3008228c
SHA2564c04bc2f71d4916ccf4e07a46bb82c584daadad887ffe54713d9a9b8d0f74e25
SHA512240b609d1b8732f02f5e511829c2d9027bda743f36446e08808700ed9f2dafe1e73a5a91e3c61f80daffc03dc76d646b08d9569960367e2e79ed97de68b55b4e
-
Filesize
408KB
MD5023f07363a59779edd757f7197958821
SHA1c4002ea5648e3a47fbcdff2bd096d8df3008228c
SHA2564c04bc2f71d4916ccf4e07a46bb82c584daadad887ffe54713d9a9b8d0f74e25
SHA512240b609d1b8732f02f5e511829c2d9027bda743f36446e08808700ed9f2dafe1e73a5a91e3c61f80daffc03dc76d646b08d9569960367e2e79ed97de68b55b4e
-
Filesize
408KB
MD56508ba3438dd4847aead06fb71564732
SHA176509099c0aa586913e69f5ceef88cfba8b17910
SHA2567e0a9d44affacc32eaf20e5eb0b2d40118c472619bc05e819bbb8ae2a23af5b7
SHA5124812ec51fc30871317ec66b9941e7bba8af2f1240df3164fcd0ae10f5d00b995c33d88b8bbaa035a66743795017d6af80134d40e5d7933b5b6ef2a84934de347
-
Filesize
408KB
MD56508ba3438dd4847aead06fb71564732
SHA176509099c0aa586913e69f5ceef88cfba8b17910
SHA2567e0a9d44affacc32eaf20e5eb0b2d40118c472619bc05e819bbb8ae2a23af5b7
SHA5124812ec51fc30871317ec66b9941e7bba8af2f1240df3164fcd0ae10f5d00b995c33d88b8bbaa035a66743795017d6af80134d40e5d7933b5b6ef2a84934de347
-
Filesize
408KB
MD56508ba3438dd4847aead06fb71564732
SHA176509099c0aa586913e69f5ceef88cfba8b17910
SHA2567e0a9d44affacc32eaf20e5eb0b2d40118c472619bc05e819bbb8ae2a23af5b7
SHA5124812ec51fc30871317ec66b9941e7bba8af2f1240df3164fcd0ae10f5d00b995c33d88b8bbaa035a66743795017d6af80134d40e5d7933b5b6ef2a84934de347
-
Filesize
408KB
MD5c52693de0689846c4addca4351ae40e6
SHA1bc326b5769fb1c078956fc26548c3ab9cf41019b
SHA256fe25e16d75c7bbc98d6e973de14d4ae3c9d820f15124d265d3e21a2b189cb677
SHA512e2612a819135d4a830650545809e5a8be4634f2b1763c6660117a3a48f5314192a17b5f7e0b7ad3b0e16cdf6eb44508840f671621835c9b3a75b37ac34fe3b5d
-
Filesize
408KB
MD5c52693de0689846c4addca4351ae40e6
SHA1bc326b5769fb1c078956fc26548c3ab9cf41019b
SHA256fe25e16d75c7bbc98d6e973de14d4ae3c9d820f15124d265d3e21a2b189cb677
SHA512e2612a819135d4a830650545809e5a8be4634f2b1763c6660117a3a48f5314192a17b5f7e0b7ad3b0e16cdf6eb44508840f671621835c9b3a75b37ac34fe3b5d
-
Filesize
408KB
MD54c0dc5081e8ee8f587f016a012f3b5ee
SHA103c07884896996690ba3962a65926d060a37335c
SHA2567bb63e7ae8f444117ca1b363d3030e81f0bb5e92a0ed74486bbc0e572c4d5bc9
SHA512f5b770b715dc5010701d64d66ca99a5776413973790d0d52361d387016f5c038ad64165af7c2387022b60a26db4e9b726b882b5c91991ecf53af80c4f5a842ff
-
Filesize
408KB
MD54c0dc5081e8ee8f587f016a012f3b5ee
SHA103c07884896996690ba3962a65926d060a37335c
SHA2567bb63e7ae8f444117ca1b363d3030e81f0bb5e92a0ed74486bbc0e572c4d5bc9
SHA512f5b770b715dc5010701d64d66ca99a5776413973790d0d52361d387016f5c038ad64165af7c2387022b60a26db4e9b726b882b5c91991ecf53af80c4f5a842ff
-
Filesize
408KB
MD53cce8d8a78a958a153c4facdadcf2185
SHA182d7331d1330608af7d3628769c27f324032907d
SHA256192dab1eae80045741bf1e305e90397cd58153b1b8cf39f3f83512648552592c
SHA512f4e5369ba3cbbd1dc89379e4bb89b4dfde5d143977a5345a93884751067de32669ed11356d1892b3a2e30198130846cb2c2aed3a12cee20edcb21ada1735387e