Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
20/08/2023, 12:03
General
-
Target
56a450acf27eac20015f8b8bcef4bea2_goldeneye_JC.exe
-
Size
372KB
-
MD5
56a450acf27eac20015f8b8bcef4bea2
-
SHA1
87327e9b975e7f2a580ac658859cfa79ef6e9367
-
SHA256
aa8c271ab83b722a364e077825bfdecb8c315bfa40c86cc86c3d782ead6fbcce
-
SHA512
8ac1e1d3999763fb3961de4604abb8cc49c85138eb8403697e53464333a40a3ba210297110c1c5b2221e34fbac12adafc2ece7d706f9d8b5138f0ecd629108fb
-
SSDEEP
3072:CEGh0oCmlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGNl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56a450acf27eac20015f8b8bcef4bea2_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\56a450acf27eac20015f8b8bcef4bea2_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{15247AB3-120A-412f-A128-EF077549CC3B}.exeC:\Windows\{15247AB3-120A-412f-A128-EF077549CC3B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F7736104-A4C8-49f3-BE2C-1D85331EB1A9}.exeC:\Windows\{F7736104-A4C8-49f3-BE2C-1D85331EB1A9}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F7736~1.EXE > nul4⤵
-
-
C:\Windows\{CE32E04C-030A-4f8d-B95D-8BA6AB4CF746}.exeC:\Windows\{CE32E04C-030A-4f8d-B95D-8BA6AB4CF746}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{42565CA4-C6C2-4037-9B0F-09EB9EB5928D}.exeC:\Windows\{42565CA4-C6C2-4037-9B0F-09EB9EB5928D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31E2F2B8-7A5A-4919-9FD2-7E91F860327B}.exeC:\Windows\{31E2F2B8-7A5A-4919-9FD2-7E91F860327B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C5515ABA-70E9-40f5-A7FC-D28920453714}.exeC:\Windows\{C5515ABA-70E9-40f5-A7FC-D28920453714}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C5515~1.EXE > nul8⤵
-
-
C:\Windows\{7057212F-C1F5-4af5-8747-8D22DE446B79}.exeC:\Windows\{7057212F-C1F5-4af5-8747-8D22DE446B79}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{18B645ED-3694-4e8e-A255-7B27163771CB}.exeC:\Windows\{18B645ED-3694-4e8e-A255-7B27163771CB}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E7187870-05F8-4f0f-AC6C-687190ED02A1}.exeC:\Windows\{E7187870-05F8-4f0f-AC6C-687190ED02A1}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1034EFEC-0C02-4e4d-AB71-FE4E7E88CE93}.exeC:\Windows\{1034EFEC-0C02-4e4d-AB71-FE4E7E88CE93}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{23306A6E-0509-409c-82D5-AA20745D0911}.exeC:\Windows\{23306A6E-0509-409c-82D5-AA20745D0911}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1034E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E7187~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18B64~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70572~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31E2F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42565~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CE32E~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{15247~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\56A450~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5e7850295f6b13ec9599abc3e0e2c6fd6
SHA1f70baf497dfa0ff15253a971d818146b27f3816e
SHA2565bd5cf7a29f1b25435716738e31097e1c5d49d7cf5934c035812134c7c6df21b
SHA5120f13ba996c6b3e102851fe30ae43875ad9bbeeac3543ebc2728b192541259e5796d86a0c5c3a337b74b1583f9093e499ba707079e96de47022d882f7b66e738b
-
Filesize
372KB
MD5e7850295f6b13ec9599abc3e0e2c6fd6
SHA1f70baf497dfa0ff15253a971d818146b27f3816e
SHA2565bd5cf7a29f1b25435716738e31097e1c5d49d7cf5934c035812134c7c6df21b
SHA5120f13ba996c6b3e102851fe30ae43875ad9bbeeac3543ebc2728b192541259e5796d86a0c5c3a337b74b1583f9093e499ba707079e96de47022d882f7b66e738b
-
Filesize
372KB
MD50133143bb3fcd471e6ded29d292d820a
SHA18a6d6f4817e4c2fb871426fd0bed3d3ee3ddec8d
SHA2560ae816cf4a36248db2fa9018cc44e7a97da932b0f6687359d3a606dfdd19da72
SHA5127ebceb55dc976b0d4daa3c7faae35a8aab5132683ad0636e966acdca5323bfea5604b89fa73d0a2d4adc3cbe4d2612baac3be277cf9900c91726f3c3fe876c7a
-
Filesize
372KB
MD50133143bb3fcd471e6ded29d292d820a
SHA18a6d6f4817e4c2fb871426fd0bed3d3ee3ddec8d
SHA2560ae816cf4a36248db2fa9018cc44e7a97da932b0f6687359d3a606dfdd19da72
SHA5127ebceb55dc976b0d4daa3c7faae35a8aab5132683ad0636e966acdca5323bfea5604b89fa73d0a2d4adc3cbe4d2612baac3be277cf9900c91726f3c3fe876c7a
-
Filesize
372KB
MD50133143bb3fcd471e6ded29d292d820a
SHA18a6d6f4817e4c2fb871426fd0bed3d3ee3ddec8d
SHA2560ae816cf4a36248db2fa9018cc44e7a97da932b0f6687359d3a606dfdd19da72
SHA5127ebceb55dc976b0d4daa3c7faae35a8aab5132683ad0636e966acdca5323bfea5604b89fa73d0a2d4adc3cbe4d2612baac3be277cf9900c91726f3c3fe876c7a
-
Filesize
372KB
MD59b56ecb169ecbbf3c8f2adc0e5c7acd4
SHA19cde067671602f6862c4c5d7e9ba674e5f70bd79
SHA2563ffc69aff11b4c52bf335351ac91a3d9e8e4d8e5e9b2f65a2b95fcde396ddaf4
SHA512d9ca1e989f42e67281cb0432aaace1bbe759cb0012876967f21e2ed0ef67a649b06a10c80becb06865fb3bb3a3074527b27c81a7d2a52149b2100adc10eeeee7
-
Filesize
372KB
MD59b56ecb169ecbbf3c8f2adc0e5c7acd4
SHA19cde067671602f6862c4c5d7e9ba674e5f70bd79
SHA2563ffc69aff11b4c52bf335351ac91a3d9e8e4d8e5e9b2f65a2b95fcde396ddaf4
SHA512d9ca1e989f42e67281cb0432aaace1bbe759cb0012876967f21e2ed0ef67a649b06a10c80becb06865fb3bb3a3074527b27c81a7d2a52149b2100adc10eeeee7
-
Filesize
372KB
MD57f778a31e48235412def4d6599b3a113
SHA1568ad3d11c9468f17701f216015c3f471fdfe3ef
SHA25679719c962ae6eada64af51b111c013e64c788644df533a3992a5a8a6ae2016a8
SHA51263cce3c8c6c262165f54cd4556c088eb839f413521bc04f06f3f5908e8b3079334748f8d6fdf6d1d3c402e4d77b6f5a67cee80152e8803a712e652873882ff64
-
Filesize
372KB
MD50c8e624a9b90c297e30776bd991d43c7
SHA120eb8ae7d63fb4c8bf029f82945f9674673f1a2c
SHA2561621f584c08ab5a87011d6ed38493e236577f6c613282c91c554217c74889bdc
SHA512ebe108360435b749ee750d995a8f0256e02dfc289a785422cda041c0d189142ecbf20aef9fd0ff501eda2ddb26b4f0d8e597a1c92fa5d7f8c69a6cf0be4969cf
-
Filesize
372KB
MD50c8e624a9b90c297e30776bd991d43c7
SHA120eb8ae7d63fb4c8bf029f82945f9674673f1a2c
SHA2561621f584c08ab5a87011d6ed38493e236577f6c613282c91c554217c74889bdc
SHA512ebe108360435b749ee750d995a8f0256e02dfc289a785422cda041c0d189142ecbf20aef9fd0ff501eda2ddb26b4f0d8e597a1c92fa5d7f8c69a6cf0be4969cf
-
Filesize
372KB
MD54d80852e83ca0220bb3b58de0eee9678
SHA1f57dd4e15b4cb9562b9b81b4237b9fd0e0704616
SHA256ff4f3c3126f70b6a337f3df76ab5a23945d68d596ce173d01b6bca547c85ac92
SHA51294ec582067f3aa418a2aaf869484c43112b2271ce053bb1851a01890efcb5ac0d3faeadc49c6808ae6f669d65a987b8eb3c3eb69d58d3f2859e93d5a019a47f2
-
Filesize
372KB
MD54d80852e83ca0220bb3b58de0eee9678
SHA1f57dd4e15b4cb9562b9b81b4237b9fd0e0704616
SHA256ff4f3c3126f70b6a337f3df76ab5a23945d68d596ce173d01b6bca547c85ac92
SHA51294ec582067f3aa418a2aaf869484c43112b2271ce053bb1851a01890efcb5ac0d3faeadc49c6808ae6f669d65a987b8eb3c3eb69d58d3f2859e93d5a019a47f2
-
Filesize
372KB
MD52730500b8ab7d8a0890d53916b05ea5f
SHA1797569c01826582fbad7ff14b50116a7d82d3065
SHA256a3509e738105a01eaf0af5af0f2972063e9f00d318973cc9a98913ac99085473
SHA51286a456ef9c0c9da61c8d8f6cd8733c72a1ddf855dfec25c8f924126bfb738d2fbcf5e3cc9f37d4c01423f4b400fbacd6a7795b0496f642f452ef0125e04c0287
-
Filesize
372KB
MD52730500b8ab7d8a0890d53916b05ea5f
SHA1797569c01826582fbad7ff14b50116a7d82d3065
SHA256a3509e738105a01eaf0af5af0f2972063e9f00d318973cc9a98913ac99085473
SHA51286a456ef9c0c9da61c8d8f6cd8733c72a1ddf855dfec25c8f924126bfb738d2fbcf5e3cc9f37d4c01423f4b400fbacd6a7795b0496f642f452ef0125e04c0287
-
Filesize
372KB
MD5057752c4744873c31a5127d87ce41317
SHA14f49a933b2ed84773c167df9161883a0df525ef1
SHA2567675d96bd5370358ea8fe138da68cd87f036c457d427f5655dcf4770d794a136
SHA512ea82bb926737566f19288c2e55cf79bac12ad071083d378b015c91a0ad6d8482af8cbe9ba6cf834abb2001d0b8c21103a4e2dd0924aa645de8f591eaeb5a1b70
-
Filesize
372KB
MD5057752c4744873c31a5127d87ce41317
SHA14f49a933b2ed84773c167df9161883a0df525ef1
SHA2567675d96bd5370358ea8fe138da68cd87f036c457d427f5655dcf4770d794a136
SHA512ea82bb926737566f19288c2e55cf79bac12ad071083d378b015c91a0ad6d8482af8cbe9ba6cf834abb2001d0b8c21103a4e2dd0924aa645de8f591eaeb5a1b70
-
Filesize
372KB
MD5c6b97558461b212f5eebb6e5990244c0
SHA1c5fe3a47db6576d14487df375e33e9eeb65a6de4
SHA2569bedbfd660290c0067ea36388a8015cbb48cfe9e86dc755e5f80fe4f84728a91
SHA5125705702b39898434380bd7bafd12f381fa5b736ca79d02f9fae931ddacdb1c18aeabe4fbaceef23a0d4b1bf078510c6b442070e722913c6f143a5df67b559c4a
-
Filesize
372KB
MD5c6b97558461b212f5eebb6e5990244c0
SHA1c5fe3a47db6576d14487df375e33e9eeb65a6de4
SHA2569bedbfd660290c0067ea36388a8015cbb48cfe9e86dc755e5f80fe4f84728a91
SHA5125705702b39898434380bd7bafd12f381fa5b736ca79d02f9fae931ddacdb1c18aeabe4fbaceef23a0d4b1bf078510c6b442070e722913c6f143a5df67b559c4a
-
Filesize
372KB
MD51315ca5a15dfa2f436fa89b870636bde
SHA1d2554de7004fba0af8b0690d1f9b116c22de419b
SHA256a37374b7e8326005427b45387a75ca9ee0ad682f4a9649ea05795fa61c79689e
SHA512328b382658543966a414e2c17be283d3e9e35499f734ded79d111099781786763f6f035ae5dd7e5d2553b6d59e5a0f0abf43fd671db3b2ab96afe4c33090cc6c
-
Filesize
372KB
MD51315ca5a15dfa2f436fa89b870636bde
SHA1d2554de7004fba0af8b0690d1f9b116c22de419b
SHA256a37374b7e8326005427b45387a75ca9ee0ad682f4a9649ea05795fa61c79689e
SHA512328b382658543966a414e2c17be283d3e9e35499f734ded79d111099781786763f6f035ae5dd7e5d2553b6d59e5a0f0abf43fd671db3b2ab96afe4c33090cc6c
-
Filesize
372KB
MD562d1ccf252e56b592aa9fd98de4a6849
SHA1ac8345f994eae714d14f7b858339c1ad5b59eb2d
SHA2569cad6f707f7bfe5295580299fd09c940f8cc9e5b9f2b0e8b7da51c0ecd036567
SHA51269c448091fdb8df57ef321bb8015d5f757ce04a3265eb02e9039be4d916f00862157d73976e948cccca30d3b417c90f28150493c4ee24b9d1d52e3c5a3251f91
-
Filesize
372KB
MD562d1ccf252e56b592aa9fd98de4a6849
SHA1ac8345f994eae714d14f7b858339c1ad5b59eb2d
SHA2569cad6f707f7bfe5295580299fd09c940f8cc9e5b9f2b0e8b7da51c0ecd036567
SHA51269c448091fdb8df57ef321bb8015d5f757ce04a3265eb02e9039be4d916f00862157d73976e948cccca30d3b417c90f28150493c4ee24b9d1d52e3c5a3251f91