Analysis
-
max time kernel
144s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
25-08-2023 16:29
General
-
Target
9e9b61c02ce1e40c96b4d579376da9bd_goldeneye_JC.exe
-
Size
408KB
-
MD5
9e9b61c02ce1e40c96b4d579376da9bd
-
SHA1
b6eb877c8a21d0b6a265a17cfb276af516c8fd6f
-
SHA256
d42026b48f811e055217910cf4361096a7ef305fa17cc3409f4dcec67008cf9f
-
SHA512
83a662c5a6cc71d385b97ff275e078340d4716fd4dbdec06f5c9f2e93c87dfd046136a45f5e85838226bd6eee0d3168a7656cd7401232ae17c1395be1b84d718
-
SSDEEP
3072:CEGh0oBl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGbldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e9b61c02ce1e40c96b4d579376da9bd_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\9e9b61c02ce1e40c96b4d579376da9bd_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E202CB4B-4542-47d9-B6E2-F99A4ED7DF33}.exeC:\Windows\{E202CB4B-4542-47d9-B6E2-F99A4ED7DF33}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A13445E5-7D4C-4672-A97E-670446AA7A7B}.exeC:\Windows\{A13445E5-7D4C-4672-A97E-670446AA7A7B}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{07FA96DB-9FDB-4cc6-99A4-45C1E075C90F}.exeC:\Windows\{07FA96DB-9FDB-4cc6-99A4-45C1E075C90F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0D65BDB7-4E59-46ca-8A6E-3D369120C245}.exeC:\Windows\{0D65BDB7-4E59-46ca-8A6E-3D369120C245}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C84305C4-F4F0-4ea9-83B0-2BEC2AC70579}.exeC:\Windows\{C84305C4-F4F0-4ea9-83B0-2BEC2AC70579}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{64BBE8EE-DC15-4ed7-BC2A-92616A739A46}.exeC:\Windows\{64BBE8EE-DC15-4ed7-BC2A-92616A739A46}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8F30C527-434A-4774-B7E3-3AE7B91B9AF0}.exeC:\Windows\{8F30C527-434A-4774-B7E3-3AE7B91B9AF0}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F30C~1.EXE > nul9⤵
-
-
C:\Windows\{333E377E-8A67-4b2e-9566-09A60F6A1F59}.exeC:\Windows\{333E377E-8A67-4b2e-9566-09A60F6A1F59}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{92C072AE-46F7-43cb-8B5E-F1D9CA3E1BA2}.exeC:\Windows\{92C072AE-46F7-43cb-8B5E-F1D9CA3E1BA2}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DC0A0A3E-0D09-4c5f-9C2D-083A92BF5694}.exeC:\Windows\{DC0A0A3E-0D09-4c5f-9C2D-083A92BF5694}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{ABF04D9B-E5CF-4b09-A937-63879491A5EC}.exeC:\Windows\{ABF04D9B-E5CF-4b09-A937-63879491A5EC}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DC0A0~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92C07~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{333E3~1.EXE > nul10⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64BBE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C8430~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D65B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{07FA9~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A1344~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E202C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\9E9B61~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5c629a22f1b9ae25d7fa67d00816da0f2
SHA1b81097ba200d47bb39ccea1359f6a485af0be081
SHA2563f1a20b659e5539727c584e07557c269d4b23fb898d8b4470f692756c73d9cf2
SHA512d5d05047de2afb7cfca0fb6e2f45168cd294eccab866ca0df7d086b3ccefb77fc7948bbbb3b5ff182d97ae6e4096926febb8e49a11f57b5cc34b4f0c284410eb
-
Filesize
408KB
MD5c629a22f1b9ae25d7fa67d00816da0f2
SHA1b81097ba200d47bb39ccea1359f6a485af0be081
SHA2563f1a20b659e5539727c584e07557c269d4b23fb898d8b4470f692756c73d9cf2
SHA512d5d05047de2afb7cfca0fb6e2f45168cd294eccab866ca0df7d086b3ccefb77fc7948bbbb3b5ff182d97ae6e4096926febb8e49a11f57b5cc34b4f0c284410eb
-
Filesize
408KB
MD5c53c34501f74094b37c5a4b69dbfca15
SHA1921bcab1232c49eed7ad8bc47c9243d163cf8092
SHA2565496d6154000c4b96de39b0f5a7f5207566d94ec3aed1f3e7a8122a0c418d602
SHA5123e4b927fb3d4e84fdaf944f2ed12c26485fbd83195e5a0c7c4c84a6e19c178387cefd836661ec1528761da779ad18c35e9c68bbca4f6976051aaba67830fd8b5
-
Filesize
408KB
MD5c53c34501f74094b37c5a4b69dbfca15
SHA1921bcab1232c49eed7ad8bc47c9243d163cf8092
SHA2565496d6154000c4b96de39b0f5a7f5207566d94ec3aed1f3e7a8122a0c418d602
SHA5123e4b927fb3d4e84fdaf944f2ed12c26485fbd83195e5a0c7c4c84a6e19c178387cefd836661ec1528761da779ad18c35e9c68bbca4f6976051aaba67830fd8b5
-
Filesize
408KB
MD5725ea7d7c482ad568bc6a1135c1b7b71
SHA107faf94d5fa8fc871f1f23b9d31d8cd5670b4a45
SHA256759cc923bafc52faa2a18b89f12dd124d25c810a3f3bf50381487bd478ccd2d3
SHA512c7366e690b7ebe525238f8926c65e7abef1f652f04188b9125136a237e8cd505a9fd9cd32b5de3179f6edad36a238f8b119337d30c3037a3daac2b19025c335a
-
Filesize
408KB
MD5725ea7d7c482ad568bc6a1135c1b7b71
SHA107faf94d5fa8fc871f1f23b9d31d8cd5670b4a45
SHA256759cc923bafc52faa2a18b89f12dd124d25c810a3f3bf50381487bd478ccd2d3
SHA512c7366e690b7ebe525238f8926c65e7abef1f652f04188b9125136a237e8cd505a9fd9cd32b5de3179f6edad36a238f8b119337d30c3037a3daac2b19025c335a
-
Filesize
408KB
MD5c0b56110c75decb75f9eda64594e23d0
SHA12790d80b63f5c638396d3af6a9e0ae89f0dfab63
SHA2560dc5b3389fe3430a46aa1ed60589bbaee4dfa93c6d49ed1041b317a386c3ee0d
SHA51286945fbff328c1a97723f4ccfe036b81780527513615c741db9f8a12655bfdef0aac3ecba85c7738b64d6afd7153c8ceaf33075a50830376c066a5d2c6cc3d30
-
Filesize
408KB
MD5c0b56110c75decb75f9eda64594e23d0
SHA12790d80b63f5c638396d3af6a9e0ae89f0dfab63
SHA2560dc5b3389fe3430a46aa1ed60589bbaee4dfa93c6d49ed1041b317a386c3ee0d
SHA51286945fbff328c1a97723f4ccfe036b81780527513615c741db9f8a12655bfdef0aac3ecba85c7738b64d6afd7153c8ceaf33075a50830376c066a5d2c6cc3d30
-
Filesize
408KB
MD5598776ee2ee7e4a42382ccfa17d5a0b6
SHA15981ab94337ee45647c6f6d0472dcc7c91ef15d2
SHA2566492af9a0373b20b35bd9beb454518bbd30e8d8faa48a3c249bffad78dff7fc2
SHA51255782a9cd57ac00755bdece69708a3d33799e8d8560c5eb79bfdfcccd428bfcbbbfe7bed1e7672b20df3397a6217796ff154fb0eea21f1e681e97f9034b4d87f
-
Filesize
408KB
MD5598776ee2ee7e4a42382ccfa17d5a0b6
SHA15981ab94337ee45647c6f6d0472dcc7c91ef15d2
SHA2566492af9a0373b20b35bd9beb454518bbd30e8d8faa48a3c249bffad78dff7fc2
SHA51255782a9cd57ac00755bdece69708a3d33799e8d8560c5eb79bfdfcccd428bfcbbbfe7bed1e7672b20df3397a6217796ff154fb0eea21f1e681e97f9034b4d87f
-
Filesize
408KB
MD5bad6f0b21949006420b60b03796bc23d
SHA133f6f0321b4deb164ea366580bf178fe577d61b9
SHA256a2260afaebb855a49fcdd0f7b0b8863e4ba36a9a217b1a4b52307ca9cc326c1d
SHA51289e9827119fcdf7d4206353ad4c042519eecaf8515f1842fa407298e753119e1167319a434a855579a1e28d1ec4ab662cd26628bb8ecf568173c2cbc0ac2049a
-
Filesize
408KB
MD5bad6f0b21949006420b60b03796bc23d
SHA133f6f0321b4deb164ea366580bf178fe577d61b9
SHA256a2260afaebb855a49fcdd0f7b0b8863e4ba36a9a217b1a4b52307ca9cc326c1d
SHA51289e9827119fcdf7d4206353ad4c042519eecaf8515f1842fa407298e753119e1167319a434a855579a1e28d1ec4ab662cd26628bb8ecf568173c2cbc0ac2049a
-
Filesize
408KB
MD52656e6f86a93fb53ad83064d7387bc17
SHA132165e1e025b7427c67df7b2d53be78356272548
SHA256c9927578338415b9be560fb5bb8e53ae1c99c6497d76cba1a4fb4d5232e26d7f
SHA512f7b3a4e6233105c44db3e15a905d6b1c67dd1587e3a1efec5987002b97d9586980f7a2a6354354867c19b9a921fc71ea923b199aa7711ce5007af58081a6b91a
-
Filesize
408KB
MD52656e6f86a93fb53ad83064d7387bc17
SHA132165e1e025b7427c67df7b2d53be78356272548
SHA256c9927578338415b9be560fb5bb8e53ae1c99c6497d76cba1a4fb4d5232e26d7f
SHA512f7b3a4e6233105c44db3e15a905d6b1c67dd1587e3a1efec5987002b97d9586980f7a2a6354354867c19b9a921fc71ea923b199aa7711ce5007af58081a6b91a
-
Filesize
408KB
MD5f90da20d5b84bfbc8be8c5bdb45ee2d9
SHA1e874809d584bfd5109ab92c271cf09348ac5ea3e
SHA256ce96b7d88bb3a764acbcd6af9138812bb3c5d275a29838324dad5fac6a0f2822
SHA512114cb7a2bc45965f22750bfc6fd36c312bf6e2ace456b90926d6104be855d518ce0e83a5e9a6ec0d6589fb8b41844028c509bdeeba5a1951298c9242a0940bf2
-
Filesize
408KB
MD510ea011c1fa39bcf3e4609b94798a138
SHA16919a0343e0c11b527cecb0c9ff070fc8757d439
SHA256d3a7e31e2bf7cd6462d1c571385033d2b52566cd912420a0c67061c54409b22a
SHA512fc9e8e49187fc382ce9ef1051dc6d17ffebe75cfaaf2191a3a7c2c20455d2dda0d0c14c6faf21be1cea4566d8df0ef06f15e571f055c61c07c0d986ba9384ba2
-
Filesize
408KB
MD510ea011c1fa39bcf3e4609b94798a138
SHA16919a0343e0c11b527cecb0c9ff070fc8757d439
SHA256d3a7e31e2bf7cd6462d1c571385033d2b52566cd912420a0c67061c54409b22a
SHA512fc9e8e49187fc382ce9ef1051dc6d17ffebe75cfaaf2191a3a7c2c20455d2dda0d0c14c6faf21be1cea4566d8df0ef06f15e571f055c61c07c0d986ba9384ba2
-
Filesize
408KB
MD50ba8d56dd576e964c552672249faadee
SHA103a0f6b35a87b47358fc99093a102ceeab9f2840
SHA2561225fdaa53a0712bfa014a5f7897cda9e8c260b45846366ee7eeed100dc3cfe4
SHA512a93536d846006d62e87755a475cbe4795ceb6e48c3a5e144aaa84c6a55d66c58e374dc109c3313b141fd1202e1a2f3e2f44580eba0fc1709ffacfbfafe19dabc
-
Filesize
408KB
MD50ba8d56dd576e964c552672249faadee
SHA103a0f6b35a87b47358fc99093a102ceeab9f2840
SHA2561225fdaa53a0712bfa014a5f7897cda9e8c260b45846366ee7eeed100dc3cfe4
SHA512a93536d846006d62e87755a475cbe4795ceb6e48c3a5e144aaa84c6a55d66c58e374dc109c3313b141fd1202e1a2f3e2f44580eba0fc1709ffacfbfafe19dabc
-
Filesize
408KB
MD5465a9520f2062cac060678f07b730bb9
SHA138f4a9e4195525dbe46ecdb47ada2ee834bc4af6
SHA256e0878e48e6548ca73e7331e68a50ba58fe2266c15a24ce024727dcb37e405875
SHA512cde9b39d393a2c17b43272dc73c93956790ef6e861155c21bf842657c2528e78ff31e9fa0ab2d69557fc42d339466d435852856e510b0a31cda73c62bcb9532c
-
Filesize
408KB
MD5465a9520f2062cac060678f07b730bb9
SHA138f4a9e4195525dbe46ecdb47ada2ee834bc4af6
SHA256e0878e48e6548ca73e7331e68a50ba58fe2266c15a24ce024727dcb37e405875
SHA512cde9b39d393a2c17b43272dc73c93956790ef6e861155c21bf842657c2528e78ff31e9fa0ab2d69557fc42d339466d435852856e510b0a31cda73c62bcb9532c
-
Filesize
408KB
MD5465a9520f2062cac060678f07b730bb9
SHA138f4a9e4195525dbe46ecdb47ada2ee834bc4af6
SHA256e0878e48e6548ca73e7331e68a50ba58fe2266c15a24ce024727dcb37e405875
SHA512cde9b39d393a2c17b43272dc73c93956790ef6e861155c21bf842657c2528e78ff31e9fa0ab2d69557fc42d339466d435852856e510b0a31cda73c62bcb9532c