Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
02-09-2023 15:10
General
-
Target
2023-08-22_1b469edab6a3711c4b683316922b2682_goldeneye_JC.exe
-
Size
204KB
-
MD5
1b469edab6a3711c4b683316922b2682
-
SHA1
89959f6e1db8590257fecf8f01d43f39c52f9ed7
-
SHA256
d8eec230a8ef23a2c449a2ad61c435df320babf3e31a2061d695e2fc3dd96da6
-
SHA512
a0261c51dcf60aa98835fde49c673c373c6a03a4587027b90142da3056dd273fb0bb1d8463726c75f6fcd1679f513683c75661af3d78a985c1ebe8370dc5c31f
-
SSDEEP
1536:1EGh0oWl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oWl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-22_1b469edab6a3711c4b683316922b2682_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-22_1b469edab6a3711c4b683316922b2682_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{181B0E9F-E61B-4106-8D84-0F266379FF24}.exeC:\Windows\{181B0E9F-E61B-4106-8D84-0F266379FF24}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D90027E4-83B4-4132-9CB5-7A6A053999C1}.exeC:\Windows\{D90027E4-83B4-4132-9CB5-7A6A053999C1}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FE5E8EFE-1895-4826-B5AE-857F3DCE7E1A}.exeC:\Windows\{FE5E8EFE-1895-4826-B5AE-857F3DCE7E1A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8CA98D66-F34C-442d-90A7-4FB8BDF288F9}.exeC:\Windows\{8CA98D66-F34C-442d-90A7-4FB8BDF288F9}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C5D970B-7B72-4233-92AF-E2DCD55236D6}.exeC:\Windows\{6C5D970B-7B72-4233-92AF-E2DCD55236D6}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{00E34D6A-E538-4650-8864-F7DE1544821D}.exeC:\Windows\{00E34D6A-E538-4650-8864-F7DE1544821D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7913C054-9BBB-48e1-9B5B-DEEA97B7FFEA}.exeC:\Windows\{7913C054-9BBB-48e1-9B5B-DEEA97B7FFEA}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{52C20936-10BC-4fb8-A290-4FCB013CB180}.exeC:\Windows\{52C20936-10BC-4fb8-A290-4FCB013CB180}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6F6F9A08-CE2F-491d-9317-C755ED4B1AC6}.exeC:\Windows\{6F6F9A08-CE2F-491d-9317-C755ED4B1AC6}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F6F9~1.EXE > nul11⤵
-
-
C:\Windows\{DF5300F9-64BF-4811-AF4A-C69989A3B5E4}.exeC:\Windows\{DF5300F9-64BF-4811-AF4A-C69989A3B5E4}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{44BB111E-8345-4100-A40F-45E163D8BF8B}.exeC:\Windows\{44BB111E-8345-4100-A40F-45E163D8BF8B}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF530~1.EXE > nul12⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{52C20~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7913C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00E34~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C5D9~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8CA98~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FE5E8~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9002~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{181B0~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2023-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD54f703b1714908b3de8528596654a86e1
SHA1111ae204222ec0369f81a25cdc1d55f373d2718c
SHA25640b49e06d84d8e8b35feea3060345232a412b49e8e689c0c33e3d3c4111b3a9e
SHA512afecc20b5b2a7df4186a843016d0e33b60b0c95bbf7f1c6178d757ef2885ee816bae9d9f6baa4dcf64eae59461fd1a47011a9379d2a66e32781403293ba1001d
-
Filesize
204KB
MD54f703b1714908b3de8528596654a86e1
SHA1111ae204222ec0369f81a25cdc1d55f373d2718c
SHA25640b49e06d84d8e8b35feea3060345232a412b49e8e689c0c33e3d3c4111b3a9e
SHA512afecc20b5b2a7df4186a843016d0e33b60b0c95bbf7f1c6178d757ef2885ee816bae9d9f6baa4dcf64eae59461fd1a47011a9379d2a66e32781403293ba1001d
-
Filesize
204KB
MD5a0cb5a0cecbca77ab8d9eed9faddfc18
SHA146d44223b27ad99af012de64554e379d7135101a
SHA25600ba346a698b0637be6373d2f0e6485a280ce515b6ba3a095be71167e0d76c81
SHA51276194bb0f36d40d9f628d9dbfb6a1bd832dc6c5a01b62888500fc3058fc0c9211570f2e17d5f342a3ae54fef2a0284b839d2c5f17d2d666b37f8129e38e8e3f0
-
Filesize
204KB
MD5a0cb5a0cecbca77ab8d9eed9faddfc18
SHA146d44223b27ad99af012de64554e379d7135101a
SHA25600ba346a698b0637be6373d2f0e6485a280ce515b6ba3a095be71167e0d76c81
SHA51276194bb0f36d40d9f628d9dbfb6a1bd832dc6c5a01b62888500fc3058fc0c9211570f2e17d5f342a3ae54fef2a0284b839d2c5f17d2d666b37f8129e38e8e3f0
-
Filesize
204KB
MD5a0cb5a0cecbca77ab8d9eed9faddfc18
SHA146d44223b27ad99af012de64554e379d7135101a
SHA25600ba346a698b0637be6373d2f0e6485a280ce515b6ba3a095be71167e0d76c81
SHA51276194bb0f36d40d9f628d9dbfb6a1bd832dc6c5a01b62888500fc3058fc0c9211570f2e17d5f342a3ae54fef2a0284b839d2c5f17d2d666b37f8129e38e8e3f0
-
Filesize
204KB
MD5a904f6ed10f7a16e1b7f010a93411d91
SHA104c7ffd12b26caeeab31dcf735caee687a4d2d4d
SHA256798b8d86eb43efae6190767b9a5c11e9c71664bfc5b199572eaf092db2c1d3fe
SHA5121d25bad4bf5b710e7c3d15646e02d54361cd297605cab0f138953e804beb4e5dd5beba9bde81c340bbbd9365d079b25d28f77fae48281c6a521fb44f501f4749
-
Filesize
204KB
MD50770efe5a3e8eca7daa40bc10ff46b4d
SHA15aadfbd155b87e5dccded8f127b27502e8cb948d
SHA25642ee9c1b16d212556c6073bdc12975800d208b86ac50fc50e570df6f40083c85
SHA5121d71f5ee278a1a08b1d6f616298ce53895e2fd281ebb5861fe68c787779b54fce65308e1c3c7c2fb5fc6c195f2d21d504db2651883cf24c4adcc4165bdbab1fb
-
Filesize
204KB
MD50770efe5a3e8eca7daa40bc10ff46b4d
SHA15aadfbd155b87e5dccded8f127b27502e8cb948d
SHA25642ee9c1b16d212556c6073bdc12975800d208b86ac50fc50e570df6f40083c85
SHA5121d71f5ee278a1a08b1d6f616298ce53895e2fd281ebb5861fe68c787779b54fce65308e1c3c7c2fb5fc6c195f2d21d504db2651883cf24c4adcc4165bdbab1fb
-
Filesize
204KB
MD574946ffb8c04d122b7c171e5c6cb6353
SHA12335a33bf536640554313e51aa7fa0789a5086a6
SHA25636f099f0a0502bb39e1df5d6f09148ff057e19b28f9aa3111bb32e3920c9eff8
SHA51212a631c2112ea0da4be5c76dc11eb103fa39b1847746865ffd28c592516440a3a2d9358c492977f375706983a0f705420278c973a1bee1f0584156ba26ceb987
-
Filesize
204KB
MD574946ffb8c04d122b7c171e5c6cb6353
SHA12335a33bf536640554313e51aa7fa0789a5086a6
SHA25636f099f0a0502bb39e1df5d6f09148ff057e19b28f9aa3111bb32e3920c9eff8
SHA51212a631c2112ea0da4be5c76dc11eb103fa39b1847746865ffd28c592516440a3a2d9358c492977f375706983a0f705420278c973a1bee1f0584156ba26ceb987
-
Filesize
204KB
MD5d9276e5e39d72601560448d207946035
SHA1913eaa58448c959e5751e2d49a6c4316e6e77c73
SHA256289bc392ad510e387c21694d9edaf787f47f065a968081c21d5c5dd8ee263ac6
SHA5125546aa92051268fe051ce043386ba06e58487d53f0972bf9ada9cfba814cad8ceb1ad93dd45ddaccead537e5f88b99c655d4db1cd0bc7c844fbe1b23bf84f057
-
Filesize
204KB
MD5d9276e5e39d72601560448d207946035
SHA1913eaa58448c959e5751e2d49a6c4316e6e77c73
SHA256289bc392ad510e387c21694d9edaf787f47f065a968081c21d5c5dd8ee263ac6
SHA5125546aa92051268fe051ce043386ba06e58487d53f0972bf9ada9cfba814cad8ceb1ad93dd45ddaccead537e5f88b99c655d4db1cd0bc7c844fbe1b23bf84f057
-
Filesize
204KB
MD517bedda1106a4b53c144c5e0e0503e40
SHA16c240a991d56430bde2db7dd70fca75ba66e4eca
SHA2569a6a21ba6aba918ab4f8888b410023dd51564f9a14e65eaf9951d6dd01fd299d
SHA512919410c93977022946ff276c3256b8611954113e8b5e31f0656c9867a5c268de121a3c747a9c15e7b4a6f32d42415dfbd7381127b36bd0f571af85ab944554ae
-
Filesize
204KB
MD517bedda1106a4b53c144c5e0e0503e40
SHA16c240a991d56430bde2db7dd70fca75ba66e4eca
SHA2569a6a21ba6aba918ab4f8888b410023dd51564f9a14e65eaf9951d6dd01fd299d
SHA512919410c93977022946ff276c3256b8611954113e8b5e31f0656c9867a5c268de121a3c747a9c15e7b4a6f32d42415dfbd7381127b36bd0f571af85ab944554ae
-
Filesize
204KB
MD54b777f4f9706640ddf37c41bf27f9096
SHA19fc6d168b047c405a4877766eb7294433747360c
SHA256d10e23f782377cba71bb224dadd5dc4cdde9bd87469367e5c4a0b8b057fae8cf
SHA512860ffc9731f38b89a7a87a7fc1dd9253ccc06b9dc72b21c9cdcec277ecfc7b2ae2d8d2269671d8f25ccc0e5127b883e3f29620a68257362e6b963ebb76202b2d
-
Filesize
204KB
MD54b777f4f9706640ddf37c41bf27f9096
SHA19fc6d168b047c405a4877766eb7294433747360c
SHA256d10e23f782377cba71bb224dadd5dc4cdde9bd87469367e5c4a0b8b057fae8cf
SHA512860ffc9731f38b89a7a87a7fc1dd9253ccc06b9dc72b21c9cdcec277ecfc7b2ae2d8d2269671d8f25ccc0e5127b883e3f29620a68257362e6b963ebb76202b2d
-
Filesize
204KB
MD5194f6d05ddde68531b62363f92a36fef
SHA148139e6101da8c1e6c079acc66ea9d6107820c23
SHA256cb039211e1dc3a9cb3f0a606f9532d72324ebb318b2042bdb4295a51b2f60478
SHA512bbd8331ad32e711e4dca470c8007363c302dae1efdfff201440bb3a173f1d54b07231041998e439a89892323e3870bef140b167daeb8d110083ed7170d0d01c0
-
Filesize
204KB
MD5194f6d05ddde68531b62363f92a36fef
SHA148139e6101da8c1e6c079acc66ea9d6107820c23
SHA256cb039211e1dc3a9cb3f0a606f9532d72324ebb318b2042bdb4295a51b2f60478
SHA512bbd8331ad32e711e4dca470c8007363c302dae1efdfff201440bb3a173f1d54b07231041998e439a89892323e3870bef140b167daeb8d110083ed7170d0d01c0
-
Filesize
204KB
MD5b494c0f5e9c1ebd55fcf399876e690e3
SHA16998bb9ffb7a69c499d0c93a9ca95474ff9747e1
SHA2565326ea56f0720eb5f30983802d51644db08234a3ffdf30a124eb5eb2573edc05
SHA51211354794f0bee5df79e2d8f992e533694ed632047f526f8a8732f8ff2f7aec493869c7196fa595c44c61b1b6334d6870e5149adc6390c92458a8fc4ce81f54e1
-
Filesize
204KB
MD5b494c0f5e9c1ebd55fcf399876e690e3
SHA16998bb9ffb7a69c499d0c93a9ca95474ff9747e1
SHA2565326ea56f0720eb5f30983802d51644db08234a3ffdf30a124eb5eb2573edc05
SHA51211354794f0bee5df79e2d8f992e533694ed632047f526f8a8732f8ff2f7aec493869c7196fa595c44c61b1b6334d6870e5149adc6390c92458a8fc4ce81f54e1
-
Filesize
204KB
MD5060b19a7cfd4e25a080430920ad892b9
SHA12907726b80ccb189283d6697f7de65726e7eef34
SHA2560bc3fac8749e6ba2d44d1548d1e729a0be30e5f28768c009bdc8015d7d141a34
SHA512869a1ae20d240f2ba2a5a3cf2a3b6607e02c4972c46180c943fff849d0e1e782d993b455661ad7f632c941ca886bb8ac90286ac7ab407774007541013e3f6da9
-
Filesize
204KB
MD5060b19a7cfd4e25a080430920ad892b9
SHA12907726b80ccb189283d6697f7de65726e7eef34
SHA2560bc3fac8749e6ba2d44d1548d1e729a0be30e5f28768c009bdc8015d7d141a34
SHA512869a1ae20d240f2ba2a5a3cf2a3b6607e02c4972c46180c943fff849d0e1e782d993b455661ad7f632c941ca886bb8ac90286ac7ab407774007541013e3f6da9