Analysis
-
max time kernel
163s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
27/08/2023, 18:17
General
-
Target
b9b89fcb08348239d00e0fc585336c77_goldeneye_JC.exe
-
Size
168KB
-
MD5
b9b89fcb08348239d00e0fc585336c77
-
SHA1
b6fc2f2e3699d20dd9759f0112f47ad34cb20671
-
SHA256
e54e7941fa3dcc0875f6566f7c3cc381ac47bd76e28eb1370f2760ba91340b6f
-
SHA512
e5c89953afd72a81586a585366c0deab6571e182dfa7ea49160e6efeb0f349d16bf2b1464375b055998e20a81c8fbb2635c69aaa6bdccf46ab14243f5f4fbeb0
-
SSDEEP
1536:1EGh0oOlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oOlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9b89fcb08348239d00e0fc585336c77_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\b9b89fcb08348239d00e0fc585336c77_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B3DD6EE0-A4A3-43cb-826C-F88B18388267}.exeC:\Windows\{B3DD6EE0-A4A3-43cb-826C-F88B18388267}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C9710388-158F-401c-9993-264A0C65E4F4}.exeC:\Windows\{C9710388-158F-401c-9993-264A0C65E4F4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5750AB18-F07B-4747-B2CB-8BF1C8615279}.exeC:\Windows\{5750AB18-F07B-4747-B2CB-8BF1C8615279}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A44CD7F7-DDFC-464a-9771-BD85A50BD01F}.exeC:\Windows\{A44CD7F7-DDFC-464a-9771-BD85A50BD01F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{58686874-D895-4d3e-88D4-EF6DB7D38E6D}.exeC:\Windows\{58686874-D895-4d3e-88D4-EF6DB7D38E6D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{006BEEFB-CB0A-4f87-9F9B-9B64974747ED}.exeC:\Windows\{006BEEFB-CB0A-4f87-9F9B-9B64974747ED}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1C988993-D289-4d01-AC0A-B7BAF5EF06EC}.exeC:\Windows\{1C988993-D289-4d01-AC0A-B7BAF5EF06EC}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{704557DE-595A-45aa-B35F-9F288C6F14C0}.exeC:\Windows\{704557DE-595A-45aa-B35F-9F288C6F14C0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70455~1.EXE > nul10⤵
-
-
C:\Windows\{39E1A1FB-2D1B-411c-B0BD-0F4CAFFFF3DD}.exeC:\Windows\{39E1A1FB-2D1B-411c-B0BD-0F4CAFFFF3DD}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5B94E8E8-3BC2-4fc3-8335-5DF62C881992}.exeC:\Windows\{5B94E8E8-3BC2-4fc3-8335-5DF62C881992}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{EA970F4A-E00C-45e5-846F-7F239DF21C4B}.exeC:\Windows\{EA970F4A-E00C-45e5-846F-7F239DF21C4B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{02291D51-80E8-43e6-8B21-1A391AD89C3B}.exeC:\Windows\{02291D51-80E8-43e6-8B21-1A391AD89C3B}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EA970~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5B94E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{39E1A~1.EXE > nul11⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C988~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{006BE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58686~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A44CD~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5750A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9710~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3DD6~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\B9B89F~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD59d4098017444e197fc0883893f797f5f
SHA180a87e1fb0d291b3a99553ec58dc08bd66ff85fc
SHA256f0d39623163803a5fa012ac1a56adff2f82d955797390768696bcb46c275a6ae
SHA512da0f7a23bc1ce0b7c2284de4da7d786cc0ccd31a56963f26caa06249393034f71c47a39b06a552fe8f3de22e198b542cb6fd13ffd678c252a0025c92b858f4cb
-
Filesize
168KB
MD59d4098017444e197fc0883893f797f5f
SHA180a87e1fb0d291b3a99553ec58dc08bd66ff85fc
SHA256f0d39623163803a5fa012ac1a56adff2f82d955797390768696bcb46c275a6ae
SHA512da0f7a23bc1ce0b7c2284de4da7d786cc0ccd31a56963f26caa06249393034f71c47a39b06a552fe8f3de22e198b542cb6fd13ffd678c252a0025c92b858f4cb
-
Filesize
168KB
MD545e371b9253ce2f9d1f77fe47efa9a23
SHA1e54756a8a7db8fabbbaf5ca3b5a9bf157c28c4fb
SHA256180296ac76a94680f3557690f8143711a91f93b5aa90811e134a4d7608388358
SHA512d942e0a8a19c23714687f05769e89fa10d85c58b45270980ffdeb1cb4482558448f277b8cfbac7089b4c2009ac98502d5f7647f925917d84e47e2dcc7e62e44a
-
Filesize
168KB
MD51581338a45fcd225f81b03037dd94f2d
SHA138b9024e5fbc433711cdad641bbb67b2335b5e6e
SHA256e39600b214bb10c531bf3c7c4466a4d2cfffd8390dd54926c0cff666695ba5f0
SHA512019a2606d4b667cdeae81bf34d3f28ffc985011a760d2e10f09e35bec1cf31104ea4545be89bdee27b25c4f4f3409d4c95d892a09bcae1c7ccc3177275b67f26
-
Filesize
168KB
MD51581338a45fcd225f81b03037dd94f2d
SHA138b9024e5fbc433711cdad641bbb67b2335b5e6e
SHA256e39600b214bb10c531bf3c7c4466a4d2cfffd8390dd54926c0cff666695ba5f0
SHA512019a2606d4b667cdeae81bf34d3f28ffc985011a760d2e10f09e35bec1cf31104ea4545be89bdee27b25c4f4f3409d4c95d892a09bcae1c7ccc3177275b67f26
-
Filesize
168KB
MD586c6f7b46b7778605a40b932fb81c8e8
SHA13189007913a3d9f5978e36bbc0f1a90ca34b4fe1
SHA256452d38991524dbf12d1d854fec2f532b6e41b27f707268b1190fd5c8b20b0bfa
SHA512dd7b9bf75aedb45004d5e3c383d031ad0756d15833661d0f479fdf5486b0106a9c460056ab9d9ffafd143282b8719ab1c6e2553f18ae37cb7a63a26de3636ab9
-
Filesize
168KB
MD586c6f7b46b7778605a40b932fb81c8e8
SHA13189007913a3d9f5978e36bbc0f1a90ca34b4fe1
SHA256452d38991524dbf12d1d854fec2f532b6e41b27f707268b1190fd5c8b20b0bfa
SHA512dd7b9bf75aedb45004d5e3c383d031ad0756d15833661d0f479fdf5486b0106a9c460056ab9d9ffafd143282b8719ab1c6e2553f18ae37cb7a63a26de3636ab9
-
Filesize
168KB
MD532dd61969423d3792958fbbd216cf879
SHA12bbcb76ba73ccf9f9466647500d6c09768b8f4f8
SHA256d0e6a10702492e100d1acdd92b9fc0497ffa5cf51720c65b4ed3638ac9e745ac
SHA51221a39a1fe7f9257d269b8c3fc7acbf2cf05452a1bc4b18a8e2a34a5db210eba431a10d48df016e6fa7b7d8628de7c2f2ad02002a5be472d4c349d7010415cb26
-
Filesize
168KB
MD532dd61969423d3792958fbbd216cf879
SHA12bbcb76ba73ccf9f9466647500d6c09768b8f4f8
SHA256d0e6a10702492e100d1acdd92b9fc0497ffa5cf51720c65b4ed3638ac9e745ac
SHA51221a39a1fe7f9257d269b8c3fc7acbf2cf05452a1bc4b18a8e2a34a5db210eba431a10d48df016e6fa7b7d8628de7c2f2ad02002a5be472d4c349d7010415cb26
-
Filesize
168KB
MD5c06ff0ebd5af9d2593f54270fd1225b6
SHA1db0a6701e802e59b97e98cb12b7ea2e513b1506f
SHA2567fca1726bc5b2ceded627ca8f6f69d0d5299cec84552d4aeee47f617f0783765
SHA5126f87c9cbdcebd72258c755dd3cc7ed6975729eea0f85736e222af417930a526c9729bf10e8fdf91b465fd4aa19bd4e8625f54d02dfa8b76889e4e84a4fb2a12d
-
Filesize
168KB
MD5c06ff0ebd5af9d2593f54270fd1225b6
SHA1db0a6701e802e59b97e98cb12b7ea2e513b1506f
SHA2567fca1726bc5b2ceded627ca8f6f69d0d5299cec84552d4aeee47f617f0783765
SHA5126f87c9cbdcebd72258c755dd3cc7ed6975729eea0f85736e222af417930a526c9729bf10e8fdf91b465fd4aa19bd4e8625f54d02dfa8b76889e4e84a4fb2a12d
-
Filesize
168KB
MD55b90682e493d6338a0795a77400bd8b8
SHA1ec4735fd458ef5d11386f67bcecaccd518520784
SHA25681290bfb35c3308939bbe070c6d00c3adb5086909646389e3a49a2ce4d87ed42
SHA512516f46158cc139c3a8ce05ff9f4da4b879dc5390113c887b2326892b2c0eeae025be2ed68515f71ee8a6736648c010bcf2df3c04a982f7c0080da7042819c070
-
Filesize
168KB
MD55b90682e493d6338a0795a77400bd8b8
SHA1ec4735fd458ef5d11386f67bcecaccd518520784
SHA25681290bfb35c3308939bbe070c6d00c3adb5086909646389e3a49a2ce4d87ed42
SHA512516f46158cc139c3a8ce05ff9f4da4b879dc5390113c887b2326892b2c0eeae025be2ed68515f71ee8a6736648c010bcf2df3c04a982f7c0080da7042819c070
-
Filesize
168KB
MD570ce933a5b76d29b54ba13e59dad9eb1
SHA171e8c82031988430558a51207addbf8f37ff6175
SHA256b369803e6da78a9b8ecec0dc9529cc99dbb4f6f652181c19e71ce8a07174dcb1
SHA5120b5ef04a3304ed4d3cd5ffa74cb575fd8a5eddf382590401c0fc7e3eba0246d11612abc78f22cb19a7a6d6566628fc9234bd976c77a663508aa0872537d694a0
-
Filesize
168KB
MD570ce933a5b76d29b54ba13e59dad9eb1
SHA171e8c82031988430558a51207addbf8f37ff6175
SHA256b369803e6da78a9b8ecec0dc9529cc99dbb4f6f652181c19e71ce8a07174dcb1
SHA5120b5ef04a3304ed4d3cd5ffa74cb575fd8a5eddf382590401c0fc7e3eba0246d11612abc78f22cb19a7a6d6566628fc9234bd976c77a663508aa0872537d694a0
-
Filesize
168KB
MD577437e445e91aafd1ae73ce37864fcdb
SHA18b100993e2dd18f022b9f5425ea86dff5d5280d7
SHA25631f8f5b64c0d1d870a00d4f2a0f7184116d8556af55771a8ec8c7c0c63270567
SHA512d21368c22960928f1c3bb7a70654768c7e7b89f08675be7db075f3d54004b59d516623ea6f7250f0102703f6d345cea9b17333a233625823a1acc7922ff520f3
-
Filesize
168KB
MD577437e445e91aafd1ae73ce37864fcdb
SHA18b100993e2dd18f022b9f5425ea86dff5d5280d7
SHA25631f8f5b64c0d1d870a00d4f2a0f7184116d8556af55771a8ec8c7c0c63270567
SHA512d21368c22960928f1c3bb7a70654768c7e7b89f08675be7db075f3d54004b59d516623ea6f7250f0102703f6d345cea9b17333a233625823a1acc7922ff520f3
-
Filesize
168KB
MD5c7abb4deee6d182ab5c55c800846d73e
SHA1d61cc3265f1586051e852029e28deeef320848d1
SHA256be1c862481944f026d993e7339df3affe6db33d9309b19ab05ff04dfb9a54121
SHA51268f8159447c957635c7735955082993f5c6fec19b8bc19f32d7047c9d762d78041c6b6058279271ab64171e9dbf3e9bd289c8950f44c70effd4406859c1e43b2
-
Filesize
168KB
MD5c7abb4deee6d182ab5c55c800846d73e
SHA1d61cc3265f1586051e852029e28deeef320848d1
SHA256be1c862481944f026d993e7339df3affe6db33d9309b19ab05ff04dfb9a54121
SHA51268f8159447c957635c7735955082993f5c6fec19b8bc19f32d7047c9d762d78041c6b6058279271ab64171e9dbf3e9bd289c8950f44c70effd4406859c1e43b2
-
Filesize
168KB
MD5c7abb4deee6d182ab5c55c800846d73e
SHA1d61cc3265f1586051e852029e28deeef320848d1
SHA256be1c862481944f026d993e7339df3affe6db33d9309b19ab05ff04dfb9a54121
SHA51268f8159447c957635c7735955082993f5c6fec19b8bc19f32d7047c9d762d78041c6b6058279271ab64171e9dbf3e9bd289c8950f44c70effd4406859c1e43b2
-
Filesize
168KB
MD527d7a554fe8743f2469859d9b5993414
SHA178afbcd21f6d7fc3ca09f2dcc9941cb491eb540c
SHA2562c0410e4582f3e110640d1ce62d2344fa0b1b5c7f118c631f9a566cba287ed43
SHA512cbe1ee4c1e4eb0c29840c165c006616c942c117964cd5f03963f82be315e1b2914587c295141f45893b69865c170a95e58160f4b727ac8e4504edebe05a24307
-
Filesize
168KB
MD527d7a554fe8743f2469859d9b5993414
SHA178afbcd21f6d7fc3ca09f2dcc9941cb491eb540c
SHA2562c0410e4582f3e110640d1ce62d2344fa0b1b5c7f118c631f9a566cba287ed43
SHA512cbe1ee4c1e4eb0c29840c165c006616c942c117964cd5f03963f82be315e1b2914587c295141f45893b69865c170a95e58160f4b727ac8e4504edebe05a24307
-
Filesize
168KB
MD5fb811ea697310cb8387a080632b7b325
SHA174f676aa3d4f6823973d58689c51bc79947a107a
SHA2563ddb460c689492b555e4d2c240949f46e101635fad5553eb520a379323334850
SHA5125454674e219a53493d17597e152850098265da61f1fe30f595067611f4961f2da926c6794306fad999249c1c7af784e235c384d093d743bea0d69aa3239b99f9
-
Filesize
168KB
MD5fb811ea697310cb8387a080632b7b325
SHA174f676aa3d4f6823973d58689c51bc79947a107a
SHA2563ddb460c689492b555e4d2c240949f46e101635fad5553eb520a379323334850
SHA5125454674e219a53493d17597e152850098265da61f1fe30f595067611f4961f2da926c6794306fad999249c1c7af784e235c384d093d743bea0d69aa3239b99f9