Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
27-08-2023 15:54
General
-
Target
afd4389748dd02cdfe81f7b66ca126ff_goldeneye_JC.exe
-
Size
372KB
-
MD5
afd4389748dd02cdfe81f7b66ca126ff
-
SHA1
95cfaa74ba9a7fc93da1233db155b62fe3bcc3a2
-
SHA256
876beec99ed057e50de1ee13df4eb2931387d4f4fb14b03813a813838647480d
-
SHA512
a3371f462ce1c799ad75e30f0d08727384fe76508266e4cebd57aac94cebba12aa979049686e8dd9042b491c11e47b4c2335a15511d87d98996d4dd9ce9454cb
-
SSDEEP
3072:CEGh0oymlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGtl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\afd4389748dd02cdfe81f7b66ca126ff_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\afd4389748dd02cdfe81f7b66ca126ff_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{532299D3-11CA-4d14-B4D2-AB0834A28B96}.exeC:\Windows\{532299D3-11CA-4d14-B4D2-AB0834A28B96}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{57E2A864-EB20-48cd-BB70-DCE7B0FC1133}.exeC:\Windows\{57E2A864-EB20-48cd-BB70-DCE7B0FC1133}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BB61D70B-05FD-4ef9-A4B9-F0415D0D8EA4}.exeC:\Windows\{BB61D70B-05FD-4ef9-A4B9-F0415D0D8EA4}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7A5581E4-DAAC-46ba-9B75-83F6243BA376}.exeC:\Windows\{7A5581E4-DAAC-46ba-9B75-83F6243BA376}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E8E024A1-152E-4929-B0D2-9619EF03A086}.exeC:\Windows\{E8E024A1-152E-4929-B0D2-9619EF03A086}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E8E02~1.EXE > nul7⤵
-
-
C:\Windows\{89C869B2-AFED-4268-BF85-15C4680D7432}.exeC:\Windows\{89C869B2-AFED-4268-BF85-15C4680D7432}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{89C86~1.EXE > nul8⤵
-
-
C:\Windows\{ADC15CBF-2F5B-44da-BDFA-82350B9847A2}.exeC:\Windows\{ADC15CBF-2F5B-44da-BDFA-82350B9847A2}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{745ED4A2-D4E9-4267-BAE9-AF8F23ED41BC}.exeC:\Windows\{745ED4A2-D4E9-4267-BAE9-AF8F23ED41BC}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DE1D52CC-EC6B-4fcd-AAB9-AFC0FF7973E7}.exeC:\Windows\{DE1D52CC-EC6B-4fcd-AAB9-AFC0FF7973E7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6DC16F40-59C5-4072-9CF7-9AD5889E616A}.exeC:\Windows\{6DC16F40-59C5-4072-9CF7-9AD5889E616A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{ED31639E-EB37-4ff1-9576-EC7F4635B7CB}.exeC:\Windows\{ED31639E-EB37-4ff1-9576-EC7F4635B7CB}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6DC16~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DE1D5~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{745ED~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ADC15~1.EXE > nul9⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7A558~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BB61D~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{57E2A~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{53229~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\AFD438~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5e37fdc523b6b9de47745f48140cfbadf
SHA16ea15a5e6f4258cacf096870f5c4d3c8c9f193a0
SHA256a81ec499b8f2ded4db01f4c06c374f6527fb6f90d5c0a6e6d91371f4b9a5b40f
SHA5123208d33dc83473790f5006b3124355c51170fdb583cf6987f0cf3d0f9c87b08607f7061c384aa42b8106a85509441a9c2fa08a04434586f27634fc8d5d51ff2a
-
Filesize
372KB
MD5e37fdc523b6b9de47745f48140cfbadf
SHA16ea15a5e6f4258cacf096870f5c4d3c8c9f193a0
SHA256a81ec499b8f2ded4db01f4c06c374f6527fb6f90d5c0a6e6d91371f4b9a5b40f
SHA5123208d33dc83473790f5006b3124355c51170fdb583cf6987f0cf3d0f9c87b08607f7061c384aa42b8106a85509441a9c2fa08a04434586f27634fc8d5d51ff2a
-
Filesize
372KB
MD5e37fdc523b6b9de47745f48140cfbadf
SHA16ea15a5e6f4258cacf096870f5c4d3c8c9f193a0
SHA256a81ec499b8f2ded4db01f4c06c374f6527fb6f90d5c0a6e6d91371f4b9a5b40f
SHA5123208d33dc83473790f5006b3124355c51170fdb583cf6987f0cf3d0f9c87b08607f7061c384aa42b8106a85509441a9c2fa08a04434586f27634fc8d5d51ff2a
-
Filesize
372KB
MD5174321eb33dd0f7ca2566ed6d9206c92
SHA1441c39eb0057042da196f643f611f90b9b7ceb0d
SHA2567b63f0e822dd048cb9180df64148be95e59fdae237a5966438a65802c7d9f18b
SHA51233768ea9c22c5791b807dc01ccf36390c47e938de5b2fa6577e034973d2e37f760841a9fce71eb8edd606641ea9e2a2493a60dab440e87ce87a252296aa59077
-
Filesize
372KB
MD5174321eb33dd0f7ca2566ed6d9206c92
SHA1441c39eb0057042da196f643f611f90b9b7ceb0d
SHA2567b63f0e822dd048cb9180df64148be95e59fdae237a5966438a65802c7d9f18b
SHA51233768ea9c22c5791b807dc01ccf36390c47e938de5b2fa6577e034973d2e37f760841a9fce71eb8edd606641ea9e2a2493a60dab440e87ce87a252296aa59077
-
Filesize
372KB
MD594674d2206fc0798fe748faa7f5d7c05
SHA171bc1c54c088211be3986d5c1046c4500dddb4ec
SHA256f7753d37f796619ac4b52f7cfb5779a418e19b2ce97a215938c32fcd192a4674
SHA512b63965eada82c41a47a1506f9e5f4b6470c86374051a5506def62d2956cf53fe41bfe5ca00ded66202158a2b37dc2e343e71de3e3771a44cf1405e207af80b05
-
Filesize
372KB
MD594674d2206fc0798fe748faa7f5d7c05
SHA171bc1c54c088211be3986d5c1046c4500dddb4ec
SHA256f7753d37f796619ac4b52f7cfb5779a418e19b2ce97a215938c32fcd192a4674
SHA512b63965eada82c41a47a1506f9e5f4b6470c86374051a5506def62d2956cf53fe41bfe5ca00ded66202158a2b37dc2e343e71de3e3771a44cf1405e207af80b05
-
Filesize
372KB
MD57d5e9b0dc7e7aeff4a045ba4e257f718
SHA1d714ed52ff5a79c6ea0d09d26b918cf68843e3d4
SHA2567b45af63f397a0f88e11522e00c89d2bccd930da2e157b7cf5d8da9ab33a8e97
SHA51270334b8aa9daed5ad39705ccac519b9a4c294d8d0762d607e7a5348de83e70e576f82968a22d4ab5b0237af95457adba4e4ef87f203450aa67a601d0c0df9c2a
-
Filesize
372KB
MD57d5e9b0dc7e7aeff4a045ba4e257f718
SHA1d714ed52ff5a79c6ea0d09d26b918cf68843e3d4
SHA2567b45af63f397a0f88e11522e00c89d2bccd930da2e157b7cf5d8da9ab33a8e97
SHA51270334b8aa9daed5ad39705ccac519b9a4c294d8d0762d607e7a5348de83e70e576f82968a22d4ab5b0237af95457adba4e4ef87f203450aa67a601d0c0df9c2a
-
Filesize
372KB
MD59d0bb564059c5b1bf9b0fa9f3940d0d0
SHA1ffd99dee854f45e7f84e1e3e883eb79093a76276
SHA256bd904cf233a1e330c5c41da66658d81bda460377c989c9388098d4ba73faf392
SHA512918ea4e89e03a960b7fa311a880a5debe65790cae0c2e6210df654f48f744b3d0d59cd3df46898c3e3a7af2509e666cc4787ef972cb043ee83aafd2581f8c44c
-
Filesize
372KB
MD59d0bb564059c5b1bf9b0fa9f3940d0d0
SHA1ffd99dee854f45e7f84e1e3e883eb79093a76276
SHA256bd904cf233a1e330c5c41da66658d81bda460377c989c9388098d4ba73faf392
SHA512918ea4e89e03a960b7fa311a880a5debe65790cae0c2e6210df654f48f744b3d0d59cd3df46898c3e3a7af2509e666cc4787ef972cb043ee83aafd2581f8c44c
-
Filesize
372KB
MD54f2d4f2bdd42612f7e0154bc9209bb23
SHA123c6b8d41278086c76c9587f56d259a458a8accd
SHA2569f9377715bf5ec91d2e768ad797b75c788d1862fa6b6b331d02cb507e0d9db9c
SHA51234385c7d91b6af0755886e37d91b51fbfb1764c9b239f941b8c1139930e9a07f73820478216b4e9285b83907248addd195802e684ae600cc471cff584525c1cf
-
Filesize
372KB
MD54f2d4f2bdd42612f7e0154bc9209bb23
SHA123c6b8d41278086c76c9587f56d259a458a8accd
SHA2569f9377715bf5ec91d2e768ad797b75c788d1862fa6b6b331d02cb507e0d9db9c
SHA51234385c7d91b6af0755886e37d91b51fbfb1764c9b239f941b8c1139930e9a07f73820478216b4e9285b83907248addd195802e684ae600cc471cff584525c1cf
-
Filesize
372KB
MD5fc88995284191af60286d38c193809bc
SHA1ef64bc5c9cbffc3508a98fd3d64c9de5064dbd72
SHA256c4bf1e91579e507a5506319a31c6d4d8fd135133bee8aaaf2c82a1c76be67018
SHA512dd9c4d74c9e4cc2264b0225c0f1c5add15d0712fde5298a3c3f2e780902ff196eeb652b35687daafffe394122b9b7c51e8fd4d30efb08c8178e4499dfd669546
-
Filesize
372KB
MD5fc88995284191af60286d38c193809bc
SHA1ef64bc5c9cbffc3508a98fd3d64c9de5064dbd72
SHA256c4bf1e91579e507a5506319a31c6d4d8fd135133bee8aaaf2c82a1c76be67018
SHA512dd9c4d74c9e4cc2264b0225c0f1c5add15d0712fde5298a3c3f2e780902ff196eeb652b35687daafffe394122b9b7c51e8fd4d30efb08c8178e4499dfd669546
-
Filesize
372KB
MD554f01da9fb70207dd81b3e0b78c77ffe
SHA1d629973df668abaf7d9a3b54c291e711ebaf855e
SHA2567909b67e9014303d213864cc3cc667c098516d19dc4fbb72524cc3101968944f
SHA51214006376b8917c8ce3f7e7afbe79dd04db26d31869535d149ec7934b65f90d25e23db7245a1d69d1466cabd0b1c3c1229a18373faaa833397f9cf422716aa47c
-
Filesize
372KB
MD554f01da9fb70207dd81b3e0b78c77ffe
SHA1d629973df668abaf7d9a3b54c291e711ebaf855e
SHA2567909b67e9014303d213864cc3cc667c098516d19dc4fbb72524cc3101968944f
SHA51214006376b8917c8ce3f7e7afbe79dd04db26d31869535d149ec7934b65f90d25e23db7245a1d69d1466cabd0b1c3c1229a18373faaa833397f9cf422716aa47c
-
Filesize
372KB
MD54848fff984b9fcba37a59044d4daf757
SHA15b76e2dc9de2f45199f7f1edcc7ac5c986733357
SHA25686e9acecf97ff2cbee1bb8f833772272c1502179d875efc0fac0ef6089879dcf
SHA51234e7857a93fc664527dd71308f18ec51bd3ab9b4c1f7a8b6225e24401cf93d97ceb9ea872f60eef81441c38ff93f188681f46de27c0457ac4f6216bd9cc9b291
-
Filesize
372KB
MD54848fff984b9fcba37a59044d4daf757
SHA15b76e2dc9de2f45199f7f1edcc7ac5c986733357
SHA25686e9acecf97ff2cbee1bb8f833772272c1502179d875efc0fac0ef6089879dcf
SHA51234e7857a93fc664527dd71308f18ec51bd3ab9b4c1f7a8b6225e24401cf93d97ceb9ea872f60eef81441c38ff93f188681f46de27c0457ac4f6216bd9cc9b291
-
Filesize
372KB
MD5601bc645018b5e46de05dcda96a4add3
SHA18cbbd7f4167d3c5fd7d246ada3b3ade84c2c97f0
SHA256d67e5b01d72608ed6d96f1119676dc44db7a0816e745688a349f47b39bfe8626
SHA512419ca58d3b1543b747c15323810d37656c39ef872271b591c6f5bfbe4d52abbf5ab2e6941fdee7ac675d3024b9a4e867dda2d28d2419ab9c408781bb18bbbe8e
-
Filesize
372KB
MD5601bc645018b5e46de05dcda96a4add3
SHA18cbbd7f4167d3c5fd7d246ada3b3ade84c2c97f0
SHA256d67e5b01d72608ed6d96f1119676dc44db7a0816e745688a349f47b39bfe8626
SHA512419ca58d3b1543b747c15323810d37656c39ef872271b591c6f5bfbe4d52abbf5ab2e6941fdee7ac675d3024b9a4e867dda2d28d2419ab9c408781bb18bbbe8e
-
Filesize
372KB
MD5c659aad6f9e831513057a701cb99f97a
SHA13a88ce743903d36a8fa43d3ce65853d51f573f01
SHA25644e1ddf68bc79e134aab3f4a0a71c4859e8ced06e3d70869d179f1cd0299624c
SHA512dc9dbe77533b2f48823602377292230ba9311ceb51ae6c6b09b119627a24f63b8e613e6e95e866d8532f49694a7ba2498588a28f18391f8392398b4d3a248e34