Analysis
-
max time kernel
144s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
22/08/2023, 18:24
General
-
Target
70876608cc6f479d18b142b3fe01c96f_goldeneye_JC.exe
-
Size
216KB
-
MD5
70876608cc6f479d18b142b3fe01c96f
-
SHA1
dcab72e7756bdcab8ef7fec13eee19a7a7909dc5
-
SHA256
6305383a6de60e68b02a13e715090ab8133fedaa09c475b423f475684e6e42b9
-
SHA512
9d13ffe82d8e6b8c10dedce81e3b7cfe6c002255323bd26604ae03e383349210fa3e18669d0fc88a8e76d5cfb71dafa95f705c21485eb9b5362abb4899be97ff
-
SSDEEP
3072:jEGh0oDl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGBlEeKcAEcGy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\70876608cc6f479d18b142b3fe01c96f_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\70876608cc6f479d18b142b3fe01c96f_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A4FF92ED-FA64-4acb-B1E7-857139595941}.exeC:\Windows\{A4FF92ED-FA64-4acb-B1E7-857139595941}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0D167C6F-ECD2-48a0-9885-D51F17CC60FC}.exeC:\Windows\{0D167C6F-ECD2-48a0-9885-D51F17CC60FC}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EC5F3246-0B99-47ae-9B11-EDEB4F216212}.exeC:\Windows\{EC5F3246-0B99-47ae-9B11-EDEB4F216212}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EC5F3~1.EXE > nul5⤵
-
-
C:\Windows\{820DD070-27EC-403f-A210-F7D6F54E98EB}.exeC:\Windows\{820DD070-27EC-403f-A210-F7D6F54E98EB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{820DD~1.EXE > nul6⤵
-
-
C:\Windows\{CB753D33-B78B-46d1-9AEF-383EC6776411}.exeC:\Windows\{CB753D33-B78B-46d1-9AEF-383EC6776411}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CB753~1.EXE > nul7⤵
-
-
C:\Windows\{6300BF2C-610F-47b6-979A-0AC48537F102}.exeC:\Windows\{6300BF2C-610F-47b6-979A-0AC48537F102}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{91DFF338-4A07-4b24-BB22-1B98D7A4BAEB}.exeC:\Windows\{91DFF338-4A07-4b24-BB22-1B98D7A4BAEB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{91DFF~1.EXE > nul9⤵
-
-
C:\Windows\{3EFB9008-B491-4646-B94D-49775C8E1B4D}.exeC:\Windows\{3EFB9008-B491-4646-B94D-49775C8E1B4D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3EFB9~1.EXE > nul10⤵
-
-
C:\Windows\{5949D17B-FC05-4f32-8BE7-C1F3FE505097}.exeC:\Windows\{5949D17B-FC05-4f32-8BE7-C1F3FE505097}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5949D~1.EXE > nul11⤵
-
-
C:\Windows\{F17EA84F-83F0-43e6-93EB-3A25583F33BE}.exeC:\Windows\{F17EA84F-83F0-43e6-93EB-3A25583F33BE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F17EA~1.EXE > nul12⤵
-
-
C:\Windows\{CADB4D6A-44EB-4224-BDA6-5F11A13F170E}.exeC:\Windows\{CADB4D6A-44EB-4224-BDA6-5F11A13F170E}.exe12⤵
- Executes dropped EXE
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6300B~1.EXE > nul8⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D167~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A4FF9~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\708766~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5aaeac0cd1613437c8f952830a013af12
SHA138620bdf6a626da5a9f700a0e1ec444bf591e346
SHA256622c2aff67b787e54191382c8a79057c7361ee4761adb81d86c0ebf64256e14f
SHA5127740875946341b73243a6290093003047a989b30919e2660f910c7aeb0b60d554cc1d503a929f3f130417ff96b4e63250077168804180ec8728cba743921ba1b
-
Filesize
216KB
MD5aaeac0cd1613437c8f952830a013af12
SHA138620bdf6a626da5a9f700a0e1ec444bf591e346
SHA256622c2aff67b787e54191382c8a79057c7361ee4761adb81d86c0ebf64256e14f
SHA5127740875946341b73243a6290093003047a989b30919e2660f910c7aeb0b60d554cc1d503a929f3f130417ff96b4e63250077168804180ec8728cba743921ba1b
-
Filesize
216KB
MD52a812f4ce13f3e1901b970e6a5745c9d
SHA1888e90355ac7928bd85791073efa5e4269b59ab7
SHA256085e706870ffd5ae4475bdf174bb32dad5d2f26335dfcd2ac4ce8720b901df94
SHA51271df59bf9349ea4edb952762193b0cf68be7affac6979789ba7ed5ef57591a7a1bf0a6be4b1c965e0c4362d5bcef1a72c99a683894d19ecdebc6ead40a4ff68b
-
Filesize
216KB
MD52a812f4ce13f3e1901b970e6a5745c9d
SHA1888e90355ac7928bd85791073efa5e4269b59ab7
SHA256085e706870ffd5ae4475bdf174bb32dad5d2f26335dfcd2ac4ce8720b901df94
SHA51271df59bf9349ea4edb952762193b0cf68be7affac6979789ba7ed5ef57591a7a1bf0a6be4b1c965e0c4362d5bcef1a72c99a683894d19ecdebc6ead40a4ff68b
-
Filesize
216KB
MD57554d2cebcd272139a3f8510688ab821
SHA13a3ced93ba80ac1575b9318bbc85bd3ea7093d2d
SHA2562ae0f45960e9188360e148e0b35115aba5ef93498c93884d7c368d2b08cc54b0
SHA5126396b4b65371a024ef3bf402bf90791f13510e679375f04aa6a2a83f7cf33430239eb9f22c21e5b727b5f617ebb4314bfcd3643c9400b61f1252348fdf6715e2
-
Filesize
216KB
MD57554d2cebcd272139a3f8510688ab821
SHA13a3ced93ba80ac1575b9318bbc85bd3ea7093d2d
SHA2562ae0f45960e9188360e148e0b35115aba5ef93498c93884d7c368d2b08cc54b0
SHA5126396b4b65371a024ef3bf402bf90791f13510e679375f04aa6a2a83f7cf33430239eb9f22c21e5b727b5f617ebb4314bfcd3643c9400b61f1252348fdf6715e2
-
Filesize
216KB
MD5a27e755bef94a4d71fce0830cfc38ac7
SHA111f67a57951770472c75887d071d1c6766e5de7b
SHA256b643a1b5695f8c0a657f779145b48d0c2893d228f0bf5bc41b179a02a47284a4
SHA512bd61c995b8345f1aba351ec0a6eff8a157a183c1fda6333f99bf96fb027555467c63c17122da70c23b63debdd24a9472d0146a780032ebf3b1ce18980d0b4dfa
-
Filesize
216KB
MD5a27e755bef94a4d71fce0830cfc38ac7
SHA111f67a57951770472c75887d071d1c6766e5de7b
SHA256b643a1b5695f8c0a657f779145b48d0c2893d228f0bf5bc41b179a02a47284a4
SHA512bd61c995b8345f1aba351ec0a6eff8a157a183c1fda6333f99bf96fb027555467c63c17122da70c23b63debdd24a9472d0146a780032ebf3b1ce18980d0b4dfa
-
Filesize
216KB
MD593bd3935ea2a2d31d017a0fe2a63a76a
SHA17313983819489d1bbddbfefd80d21146e8e73cfb
SHA25622bf771bc642e4428f8264414b7c8cadcd5e1b820e3d2926acf6ad2b6f5d94c7
SHA51275b452914a18b85cdbb6c3d3114d2d1d16d09d5e623956c6d0fd67bd1d9f6dced014a58819615bc031df9caa90e034d73963fe648d7623c2b168673c63ea7939
-
Filesize
216KB
MD593bd3935ea2a2d31d017a0fe2a63a76a
SHA17313983819489d1bbddbfefd80d21146e8e73cfb
SHA25622bf771bc642e4428f8264414b7c8cadcd5e1b820e3d2926acf6ad2b6f5d94c7
SHA51275b452914a18b85cdbb6c3d3114d2d1d16d09d5e623956c6d0fd67bd1d9f6dced014a58819615bc031df9caa90e034d73963fe648d7623c2b168673c63ea7939
-
Filesize
216KB
MD5c434e689a6307013fef8684c9c8047d7
SHA1faece642e5ee5f0124910376b462bfb8c8020f73
SHA256207851b96d5a36b6cc4524b77ac517625937bce6669f7812181b1453c4558075
SHA5127167f5867a316a7fc6e6f8835c182527783c61fa8d48b0f64c335e7a1df96344cdf8d2701a517bbea3641865c3d9b92eebb5f02ee4ef93f87c30c6c6f9303d8b
-
Filesize
216KB
MD5c434e689a6307013fef8684c9c8047d7
SHA1faece642e5ee5f0124910376b462bfb8c8020f73
SHA256207851b96d5a36b6cc4524b77ac517625937bce6669f7812181b1453c4558075
SHA5127167f5867a316a7fc6e6f8835c182527783c61fa8d48b0f64c335e7a1df96344cdf8d2701a517bbea3641865c3d9b92eebb5f02ee4ef93f87c30c6c6f9303d8b
-
Filesize
216KB
MD5fe3741c1a9948514d00c0cdc0bb0de24
SHA1eb325ea2359452c9233feffeb785d4c3a0fe0163
SHA256f31bccda1f679bdaa4c43ed84568ca57d62dca4cde673195b79e3e2738515abb
SHA512e0c0ebd28ce3125a10872ef8ced19a79baaa7a2a8763798e6c36f27168fdb3f1835c45402de07e769338e06a43f7fc957fc8d535735d8d51d3c97d7ea532d97a
-
Filesize
216KB
MD5fe3741c1a9948514d00c0cdc0bb0de24
SHA1eb325ea2359452c9233feffeb785d4c3a0fe0163
SHA256f31bccda1f679bdaa4c43ed84568ca57d62dca4cde673195b79e3e2738515abb
SHA512e0c0ebd28ce3125a10872ef8ced19a79baaa7a2a8763798e6c36f27168fdb3f1835c45402de07e769338e06a43f7fc957fc8d535735d8d51d3c97d7ea532d97a
-
Filesize
216KB
MD5fe3741c1a9948514d00c0cdc0bb0de24
SHA1eb325ea2359452c9233feffeb785d4c3a0fe0163
SHA256f31bccda1f679bdaa4c43ed84568ca57d62dca4cde673195b79e3e2738515abb
SHA512e0c0ebd28ce3125a10872ef8ced19a79baaa7a2a8763798e6c36f27168fdb3f1835c45402de07e769338e06a43f7fc957fc8d535735d8d51d3c97d7ea532d97a
-
Filesize
216KB
MD586811ba2b4d37db3a8232dc99755ed83
SHA17d974805722f44ce29285f07e4a9df556af832ca
SHA25600cf775c7e4c8a08b5f1ff6c08fd5bed88619930d386896d45dbcc15ab02825e
SHA512d78d30790331f4522b2c6b31ccd25dd6b87b83635241d290ff4f390cc2b9d746b9256e411775affd3ebe9e2b95a2350902fba7683748a92b7ac75a21f0b8044d
-
Filesize
216KB
MD5d304939f5460ebeb75bcfd4f0e084631
SHA1516f04910e5b79a125b0d408ead0496e87e2aff9
SHA256b6bed135080fa64f6c6a3b90159e393656fc30a3c226870e7c35f01b7048356e
SHA512e08325bf15ef96008fd143313a5da89a26edf7885f7d1b8191574fa6f8e3d80cf270221b87787a52649cb359dab451a0eca19236363068bcbc89eab44a8506cb
-
Filesize
216KB
MD5d304939f5460ebeb75bcfd4f0e084631
SHA1516f04910e5b79a125b0d408ead0496e87e2aff9
SHA256b6bed135080fa64f6c6a3b90159e393656fc30a3c226870e7c35f01b7048356e
SHA512e08325bf15ef96008fd143313a5da89a26edf7885f7d1b8191574fa6f8e3d80cf270221b87787a52649cb359dab451a0eca19236363068bcbc89eab44a8506cb
-
Filesize
216KB
MD5e7b850339fe9e61e36a29af4baafaad7
SHA1dcbc4070377aa4950a4f9d13c15d4843d1a8b38e
SHA256612d73e800a8f9f7fed87a35ecf35809f4befdb873a02e6fda883fe21304fd11
SHA512c0f0053507b47f5f283ca7ec4d1efa8d42e81f890af0f44e37d892bf7d3c01034397a6b67e371f17bac8dc1563787fdeeba32e56acf85faf7fecb8620c14cd48
-
Filesize
216KB
MD5e7b850339fe9e61e36a29af4baafaad7
SHA1dcbc4070377aa4950a4f9d13c15d4843d1a8b38e
SHA256612d73e800a8f9f7fed87a35ecf35809f4befdb873a02e6fda883fe21304fd11
SHA512c0f0053507b47f5f283ca7ec4d1efa8d42e81f890af0f44e37d892bf7d3c01034397a6b67e371f17bac8dc1563787fdeeba32e56acf85faf7fecb8620c14cd48
-
Filesize
216KB
MD50407c1bd3c864e70d670a281b949e0aa
SHA1a532f160fbc02e330703c8093364acb7edaf54ad
SHA2562fc351a71415e9831ee3b65da246069aa3ce00b5061e3d8da84d39ded72971b4
SHA512c1b096d3da784aa4c7ae54502121af67d78ba93cfce610072b11fc72f0d8a4bbdb920bcd4aa120b5a3c919f32c985352afa87105fbdcb3cc166100b8475597e6
-
Filesize
216KB
MD50407c1bd3c864e70d670a281b949e0aa
SHA1a532f160fbc02e330703c8093364acb7edaf54ad
SHA2562fc351a71415e9831ee3b65da246069aa3ce00b5061e3d8da84d39ded72971b4
SHA512c1b096d3da784aa4c7ae54502121af67d78ba93cfce610072b11fc72f0d8a4bbdb920bcd4aa120b5a3c919f32c985352afa87105fbdcb3cc166100b8475597e6