Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
03-09-2023 11:55
General
-
Target
2023-08-22_b71e9bab5f161aa5a8ef396590c5c888_goldeneye_JC.exe
-
Size
192KB
-
MD5
b71e9bab5f161aa5a8ef396590c5c888
-
SHA1
54fb4fd90e9b16d518e1313f1291d6c10575cbc0
-
SHA256
0f1cc9bd72042d38c102b578c7a0ea72dc56d4d2875ffa92fbf6d6a38e277f19
-
SHA512
7fdbcb70ab892f9d6434e371fbc83a0989f8ecba87f2ec984f9f720fecf877fdd0ecbd3b96ea2f3c014d891b11e2cf349b8cc0c8478dc47d5d4e7115a3e5b67d
-
SSDEEP
1536:1EGh0oTLl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0oXl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-22_b71e9bab5f161aa5a8ef396590c5c888_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-22_b71e9bab5f161aa5a8ef396590c5c888_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FC13297F-4146-4617-AE58-2A4294C86D68}.exeC:\Windows\{FC13297F-4146-4617-AE58-2A4294C86D68}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A0DD2C85-B38B-4860-B892-5FCDFFD6E216}.exeC:\Windows\{A0DD2C85-B38B-4860-B892-5FCDFFD6E216}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9AB7391E-76D9-43f0-9D92-B92C0B9EA433}.exeC:\Windows\{9AB7391E-76D9-43f0-9D92-B92C0B9EA433}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{904411E9-C121-4a9d-BC9A-EB27DA4D776C}.exeC:\Windows\{904411E9-C121-4a9d-BC9A-EB27DA4D776C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{08F4672E-1995-42cc-8EB4-64A4046F8B17}.exeC:\Windows\{08F4672E-1995-42cc-8EB4-64A4046F8B17}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D407D58-C829-4f6e-8C5C-1277C35C5B8F}.exeC:\Windows\{3D407D58-C829-4f6e-8C5C-1277C35C5B8F}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5E4016F4-1DF4-44b1-8902-8F8CE3682FC2}.exeC:\Windows\{5E4016F4-1DF4-44b1-8902-8F8CE3682FC2}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A8890301-1251-4c60-9A96-AA85640BF882}.exeC:\Windows\{A8890301-1251-4c60-9A96-AA85640BF882}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8D6E9C42-2F63-48fd-82FE-9A64D698CB69}.exeC:\Windows\{8D6E9C42-2F63-48fd-82FE-9A64D698CB69}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{30DD2F4E-4469-45d6-A404-D75D342F5104}.exeC:\Windows\{30DD2F4E-4469-45d6-A404-D75D342F5104}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3D2B8D15-D588-4911-BA7F-5903A0644C00}.exeC:\Windows\{3D2B8D15-D588-4911-BA7F-5903A0644C00}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{30DD2~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D6E9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A8890~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E401~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D407~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{08F46~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90441~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9AB73~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0DD2~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FC132~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2023-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD5f5b01163985f01463445e4dd628916dd
SHA152d13fc5a00e05bebe9c547804fcbd6579cbd35b
SHA2564340302697d6bb800fb24c5f97f3621bd233240e327f1fb980cc90b69ed45724
SHA5126f099bf3c4b7a99cc57880e76089bef9ac193cae03e265469fce1ea0365cbc8509004ce9e60ce845c6ac32422a543f5ee704b94dcbc0c22fa16fb64807b9a074
-
Filesize
192KB
MD5f5b01163985f01463445e4dd628916dd
SHA152d13fc5a00e05bebe9c547804fcbd6579cbd35b
SHA2564340302697d6bb800fb24c5f97f3621bd233240e327f1fb980cc90b69ed45724
SHA5126f099bf3c4b7a99cc57880e76089bef9ac193cae03e265469fce1ea0365cbc8509004ce9e60ce845c6ac32422a543f5ee704b94dcbc0c22fa16fb64807b9a074
-
Filesize
192KB
MD51a6192372b22c0c342b0e37a6d1e567b
SHA166bc7792976492a77447c17dc707e3b044392dd0
SHA256a521fb1f1f847cabbb925e3832c8fd0ee33568ea376194bddb6d41c004c37ec3
SHA5127fd8ce9ef987f338cba37032a80c00abb0f213c930f241ee80233857068202b56c85f1e74e55f475df0b9ac159ead92697b57c21a530562159ce6803ffb441b1
-
Filesize
192KB
MD51a6192372b22c0c342b0e37a6d1e567b
SHA166bc7792976492a77447c17dc707e3b044392dd0
SHA256a521fb1f1f847cabbb925e3832c8fd0ee33568ea376194bddb6d41c004c37ec3
SHA5127fd8ce9ef987f338cba37032a80c00abb0f213c930f241ee80233857068202b56c85f1e74e55f475df0b9ac159ead92697b57c21a530562159ce6803ffb441b1
-
Filesize
192KB
MD5333df5edbc7eb4668f32a9edbd8b8f9c
SHA14bf20e272f4cac59b47fbcfafa8fbe5bc0a3847e
SHA25647e688bcd0371b83e86a4c8b419f99523b4b10d10bef8589b3d7501ff4df3d56
SHA512e0fef731742ae25b299f4aabf721409fe75044396aed788dd3652cb56676d050bea77d143215a599d4535fbc457e85552b06bc7236f37ecb7db3efc433a5fdfe
-
Filesize
192KB
MD5cccb71321f12fe1013c41d3fa8bc9eed
SHA1ef4776657b38f34fb552805779588a2065f11cc1
SHA256b8bd9c352724f4b06559fa8c84ba276c1ae3c06e28f237a905ff74576c7836ba
SHA5124912c577801432fcaf144ff3437b9378d23ab48b91c85dba9a4300dc65fa2c8da00be38ea7ab3c9bc136def0712717ac040ab549f5539ccbd3dfaf9e17040281
-
Filesize
192KB
MD5cccb71321f12fe1013c41d3fa8bc9eed
SHA1ef4776657b38f34fb552805779588a2065f11cc1
SHA256b8bd9c352724f4b06559fa8c84ba276c1ae3c06e28f237a905ff74576c7836ba
SHA5124912c577801432fcaf144ff3437b9378d23ab48b91c85dba9a4300dc65fa2c8da00be38ea7ab3c9bc136def0712717ac040ab549f5539ccbd3dfaf9e17040281
-
Filesize
192KB
MD5020c08b014820a08ad706e99e9d33709
SHA1ff4d252e76ce433588f150d24345f5dc3fc64fbb
SHA2565d6815a97a5732e8db25330eaa66ae79024c342d5f4cbf62c531b5a0b183966b
SHA5129a768f7817b8ed7bc7484d2fa8527efa5b56bc324d85e8efc4bf91a01161355a05f42f3618dc76728702ce46d55934c85d597af6ab3d214ccc244e14e31e4259
-
Filesize
192KB
MD5020c08b014820a08ad706e99e9d33709
SHA1ff4d252e76ce433588f150d24345f5dc3fc64fbb
SHA2565d6815a97a5732e8db25330eaa66ae79024c342d5f4cbf62c531b5a0b183966b
SHA5129a768f7817b8ed7bc7484d2fa8527efa5b56bc324d85e8efc4bf91a01161355a05f42f3618dc76728702ce46d55934c85d597af6ab3d214ccc244e14e31e4259
-
Filesize
192KB
MD52b0eaf572776760634e2491805d85ef3
SHA1ff7a8802e18fb11390a312988f4b0952f7f29f77
SHA2565da0c1b066fe205b59184c9f740a02aeb8416b0ccce97ad009bc7b10aefed9e7
SHA5121b2621cfc8e560be895e621b382dd3a5c5e6919b3083e807acd01e89fb01bba8384917a580509bafc4d75df571a7d0371f3f25427319a9f20b1a660fe76042df
-
Filesize
192KB
MD52b0eaf572776760634e2491805d85ef3
SHA1ff7a8802e18fb11390a312988f4b0952f7f29f77
SHA2565da0c1b066fe205b59184c9f740a02aeb8416b0ccce97ad009bc7b10aefed9e7
SHA5121b2621cfc8e560be895e621b382dd3a5c5e6919b3083e807acd01e89fb01bba8384917a580509bafc4d75df571a7d0371f3f25427319a9f20b1a660fe76042df
-
Filesize
192KB
MD5c747848a750a2228e2902a3b4a6c3e49
SHA1b476ef12ea9beaf97bedee08b1e4e8c8db4ccbe0
SHA2566bf8d3f70af2d480df0cb97d61dcde580d9f5caa63d3cabc1059a2ead28989cc
SHA512ebb9310d1a15367c68e2d97ac713d86109c85be6b8bdd12c44fec3834fa66affd8b3523e0af1d09eac44a49aa4aa79b33d427003ac309dd6cba38d47aac18668
-
Filesize
192KB
MD5c747848a750a2228e2902a3b4a6c3e49
SHA1b476ef12ea9beaf97bedee08b1e4e8c8db4ccbe0
SHA2566bf8d3f70af2d480df0cb97d61dcde580d9f5caa63d3cabc1059a2ead28989cc
SHA512ebb9310d1a15367c68e2d97ac713d86109c85be6b8bdd12c44fec3834fa66affd8b3523e0af1d09eac44a49aa4aa79b33d427003ac309dd6cba38d47aac18668
-
Filesize
192KB
MD5a0ac4d9c578f5f6bc3197d2bc205d6b7
SHA1f7bb2c76cfb5707bf271da3adb4fb64ec6ca0ba5
SHA2564b800fc44202e6fd26aa1dc8e0fb1847a8ff0e8c6477dac6ccc97f23694643c4
SHA51245d8df32965a908d9d17c576028bd8080cea7c37bb9fd922d641362a8c515f27832d73cc0cf6347b8d3388f266a7c8f2e3428f5d77752cb7e4fc3b39333a3e83
-
Filesize
192KB
MD5a0ac4d9c578f5f6bc3197d2bc205d6b7
SHA1f7bb2c76cfb5707bf271da3adb4fb64ec6ca0ba5
SHA2564b800fc44202e6fd26aa1dc8e0fb1847a8ff0e8c6477dac6ccc97f23694643c4
SHA51245d8df32965a908d9d17c576028bd8080cea7c37bb9fd922d641362a8c515f27832d73cc0cf6347b8d3388f266a7c8f2e3428f5d77752cb7e4fc3b39333a3e83
-
Filesize
192KB
MD52ede4fe2f296316cf104ced7d69f9520
SHA192ee08ad7e99c6b66758a34173ea6a1eaca33533
SHA256341f905b1317cab7a019dbaf78791b91bb55699ef9f645af9f696cf67a611b82
SHA51297c985a20cdfed0f68905928e1386a26d67f4b45793c26c6dbac0002d7952b40252b2eb697412f7f89b03f8b497f99c91791a3be189cc9f239ef170aa07cc7d2
-
Filesize
192KB
MD52ede4fe2f296316cf104ced7d69f9520
SHA192ee08ad7e99c6b66758a34173ea6a1eaca33533
SHA256341f905b1317cab7a019dbaf78791b91bb55699ef9f645af9f696cf67a611b82
SHA51297c985a20cdfed0f68905928e1386a26d67f4b45793c26c6dbac0002d7952b40252b2eb697412f7f89b03f8b497f99c91791a3be189cc9f239ef170aa07cc7d2
-
Filesize
192KB
MD52664969b773a352146e7dadcba676eb7
SHA10cbdb4613e7f18083ce8e9d51c5e6fadb41d9b1a
SHA2565b58b6bc4283970c893f4db261cefa42c6c2fc26c7073a24a03d0950261fb52b
SHA51275d27ae42ab42c96c4c24c19debd21b739ea32202ddfb7ec115dde5ee8d2651dd75d727f60eabc9c3b6e77d0bb035ecae14abac9c0bd5510d3bc7e0c114097b8
-
Filesize
192KB
MD52664969b773a352146e7dadcba676eb7
SHA10cbdb4613e7f18083ce8e9d51c5e6fadb41d9b1a
SHA2565b58b6bc4283970c893f4db261cefa42c6c2fc26c7073a24a03d0950261fb52b
SHA51275d27ae42ab42c96c4c24c19debd21b739ea32202ddfb7ec115dde5ee8d2651dd75d727f60eabc9c3b6e77d0bb035ecae14abac9c0bd5510d3bc7e0c114097b8
-
Filesize
192KB
MD5aa75ad0e948ce4841b30ba6ffd35c33e
SHA1a0518cc9b9727c8ad0f80d78703f088f052fb68e
SHA2564f6a4f293493c86ae38e0695d1233d68d5a2627c4fddb440ebf4e88eacc59f05
SHA512ab237a97ed58f28a355d81a61335e6f772d8ddaafb7bcca0a17f4f98a88eeef75504eeb1db6a20f8f1e0c61794419afa52f08252f3bd299d5580d0ae8257241f
-
Filesize
192KB
MD5aa75ad0e948ce4841b30ba6ffd35c33e
SHA1a0518cc9b9727c8ad0f80d78703f088f052fb68e
SHA2564f6a4f293493c86ae38e0695d1233d68d5a2627c4fddb440ebf4e88eacc59f05
SHA512ab237a97ed58f28a355d81a61335e6f772d8ddaafb7bcca0a17f4f98a88eeef75504eeb1db6a20f8f1e0c61794419afa52f08252f3bd299d5580d0ae8257241f
-
Filesize
192KB
MD5aa75ad0e948ce4841b30ba6ffd35c33e
SHA1a0518cc9b9727c8ad0f80d78703f088f052fb68e
SHA2564f6a4f293493c86ae38e0695d1233d68d5a2627c4fddb440ebf4e88eacc59f05
SHA512ab237a97ed58f28a355d81a61335e6f772d8ddaafb7bcca0a17f4f98a88eeef75504eeb1db6a20f8f1e0c61794419afa52f08252f3bd299d5580d0ae8257241f