Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
07/01/2024, 12:19
General
-
Target
2024-01-06_fe7a49f5929d36ef4f87c148f0f6daca_goldeneye.exe
-
Size
344KB
-
MD5
fe7a49f5929d36ef4f87c148f0f6daca
-
SHA1
cf4ad50f765af6e3993d2785b3befac36239883c
-
SHA256
7c6de846eef4c8c1bb9d5ab70d211c8c33dd11f16c065eac07b71dc4b8486375
-
SHA512
7b18ac35c17fdd45708477e290382d01556cb83f51d7607fe8df92f56c0c81441f5312c0b0b4c0077ccf0ca40c2b4f2264c24bca78293bfc60824d6c10ba6739
-
SSDEEP
3072:mEGh0oLlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGtlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_fe7a49f5929d36ef4f87c148f0f6daca_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_fe7a49f5929d36ef4f87c148f0f6daca_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B452D6CD-B982-4cfd-833A-1C331C6D60E5}.exeC:\Windows\{B452D6CD-B982-4cfd-833A-1C331C6D60E5}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{38BF387A-B9CF-4be6-9943-732146991BD6}.exeC:\Windows\{38BF387A-B9CF-4be6-9943-732146991BD6}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BFD9B581-24D2-40f1-B245-AC264A5DC635}.exeC:\Windows\{BFD9B581-24D2-40f1-B245-AC264A5DC635}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{81E691BB-32A1-4d3d-9AFE-26AF656780F7}.exeC:\Windows\{81E691BB-32A1-4d3d-9AFE-26AF656780F7}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{18A7F640-7E7A-4dc6-9880-070183CBF104}.exeC:\Windows\{18A7F640-7E7A-4dc6-9880-070183CBF104}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B5CED859-2BE4-49e9-A2B7-92CA245F2915}.exeC:\Windows\{B5CED859-2BE4-49e9-A2B7-92CA245F2915}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F12F2353-4FB0-42f0-8A34-9BA301E11512}.exeC:\Windows\{F12F2353-4FB0-42f0-8A34-9BA301E11512}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6EA12D6B-F232-46ef-9618-9326C3E326AF}.exeC:\Windows\{6EA12D6B-F232-46ef-9618-9326C3E326AF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{74668DF1-4DC6-4cb5-A38F-5C63E525ABB0}.exeC:\Windows\{74668DF1-4DC6-4cb5-A38F-5C63E525ABB0}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{74668~1.EXE > nul11⤵
-
-
C:\Windows\{9E2B4EF2-F7E6-407f-B292-0A6F0D32F48E}.exeC:\Windows\{9E2B4EF2-F7E6-407f-B292-0A6F0D32F48E}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{26F67E04-95D0-4ee4-BB24-B45987BD6A06}.exeC:\Windows\{26F67E04-95D0-4ee4-BB24-B45987BD6A06}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{27A3D240-7DF2-4d59-AC2B-E2C566A4E69F}.exeC:\Windows\{27A3D240-7DF2-4d59-AC2B-E2C566A4E69F}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{26F67~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9E2B4~1.EXE > nul12⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6EA12~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F12F2~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B5CED~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18A7F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{81E69~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BFD9B~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{38BF3~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B452D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD5f752859aa1befd774cc563c4edd8cac4
SHA1dafe1d94232b0d97d29dcf65d6bf4526e397e561
SHA256e9127e47eb0792eb68a659bf78df91be38450bbb2bdf33dfd361ec63d87e38a6
SHA512bf47f22b3349d33d49e586cb4e6690e81f6b88f7d01c9000dfa87e5624a0937001f8b26826e8e116c6b3cad961b76fb9ca6ca6ea2f6ad7caa3d187d5103e0984
-
Filesize
344KB
MD5c9801b5d3635bd52ca8b29354f69d7e6
SHA15766e44298e85615e120da5998a3974d0c555f74
SHA2561d102f8bbb9138bfc1496e03d3493ccfce0d63dcfbacb21097ca1171f63bcff2
SHA51266fdf4d227c7f6989d5ae2e1dccd7c9e5b11e111c081b1ba80a644c6db720e91e7c20eddb2520cfea355baa839f7d991804143904ef5f2e0d7810b2c49252aab
-
Filesize
344KB
MD5e1bdbf076b5e487f1f22807810d7e705
SHA1cb6e8c16884c1edc486e7ee3db4ef9e0a2d954a3
SHA2567fe1f5dbcd59b2fc1bd5abf2a2022e085ae1a3587318084752c258b32aad6c10
SHA512f324669fab84e4b237a58578e9f853265071c91de15daf8c481badea6e930bb2fbe73b1c3a093af56e192a86b41f1ff25bcde5d45738878dbd0cc33a28b6ba8c
-
Filesize
344KB
MD591c927ba61cecec794930dc4c8214bdd
SHA1f3b816c478f560a5365f713211aa326d37f373ae
SHA256909dcea46b09fb7b7de3fed0fab78a84d3b8ca108f32633982a53d55adcd3bb4
SHA512bc3213d213b64e48ff7a02ee5da12536a483adb3ecc691f8ed584a8102431807b7be08497dd286f07fe3aa58d2f2e813480ab3595d4290c7312533e77e66c081
-
Filesize
344KB
MD520dd2f1ca8e3e732fbc85f182764cf42
SHA1bb898e3adc3342847f107ea554bacf0db9658a93
SHA256fcdcd1113a72cb4b6f477d024bbc81a050ff2d3cc54cfea74669fe28b0927713
SHA512dd6ca52b91c2b1f3f43274036d59f1cd98f86294a7ddc8a08b5fedba0b30ad9a66b47f906c554c777c52fa957fa239877da8bdf87d57fd955bc14a3fa4932163
-
Filesize
344KB
MD5ec76d34cd17453cbc9c6fb7e313ebd02
SHA177ad7fa7e7d11ba7999f152f052de3dd0c8a92d8
SHA256eef036c1114539c994285c7ffba9fb2adc3a1e7f1e9cbeeae3fb358f359b0d28
SHA5122fcff691b0ae9b2d5fd1563a265968ef5cb418b1eb809a6cc789634c4ebe5b7ecc7a2e6829d60cd2c0399d867c34e9533fef8e8f3563694ea215f1e2bb6afecb
-
Filesize
344KB
MD5ff71c824c9112856903e6ebc79905133
SHA11974a6e839e3147b9deb10ba9de745768eb88e3f
SHA25654fdba436da6ad92af9aaaa5de1bfab1189a1bcbdd54273c41827b05a8c93745
SHA5120172e31f83b6d97a29ddd69a85c759db00611d1ee2c1527139c98816891ccc8f28cc5e11d5b02d80b47c87a8f6786841166362f9e46c81ad57feb2f4788ab1ee
-
Filesize
344KB
MD56d28beb980c2365cb21a3add4638a52d
SHA1428b3c0394b1b2c7f4f265e7f89b6148e2252aa4
SHA256f6281275a02f2fad8c8a463c6956388b64216daec2d7104b7e5dac6cd18de9c7
SHA5126031bd0f0f0d73e3a8f54d86fcecf65b7fb9ee3ed37bbad55060399c4c267462e7fc23747398fc3c58df30445305e42c8d99f5e11dbfd34a83d5322c2c21da16
-
Filesize
344KB
MD5df6a23beeba11c8ba8a40925ee956520
SHA1ec6af230c4f3def91112128cda72d7a25c89b842
SHA25695232100f353bb2e5d5cf04bfb68a4b51af2a58d7a6317c7aed7c6844d6f7261
SHA512544934479cbc3af1e53b9706b34a1ebdd23a52a0c69a8d335bc89a6355d7e82dc9a40deeb657b68f706fdbfdd69a7ed54aa067f1b2249c717bfe2ff270a9bd20
-
Filesize
344KB
MD508c139b8cb845aff829012e0936f4b4f
SHA132bbc012fd1210152d93858d3851057af793a7f8
SHA2564160c3778c754a695fa00a706bc8b4163032d437a6649c0a456b32bc64cb2306
SHA512f74306509c35c88f0aba98953b8b90aadf6f137a73feb8ddd72e773659e481f457a38b255ca9443eebccb2656434d1a5a930d5d3923f7ac9953ae526e8a3e4d6
-
Filesize
344KB
MD50c05ff903f39c72578d6caaf820c566b
SHA16206de016a623530235b890e12a250e3fba70981
SHA256d1d345b778a8f84e2f3b96f1c58f3e37d26da05d1c25ae0bccaa3ccd6ec8932b
SHA512ff2d7f95c5e50ca7d267dee12c8aaf7d9d2987fe540a9c454cd8b0d7d21934b89b74bf1956cc2bc581885767859881cd90bca0ac8f713e61c0e6708245ebd086
-
Filesize
344KB
MD5c0bc8e87c5e5a4932902f2989cd0d6ab
SHA1f98d267943b5900db389a8640c5a4b1a368d7128
SHA256c23dd0395989f76e812622b25a8946854eb7d3fd300c13562c5556053cbf33e3
SHA512236980633b31cacfe1ee1237a6052b2cb9722a73fe7088ad0be0ef35f28ea283474f6357d545463ff1226bf7f6fb720fc0341cd7c314bea2a7856bdf0387d30f