Analysis
-
max time kernel
151s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
10/01/2024, 05:53
General
-
Target
2024-01-09_456a73071f36d642ba8561eb2b461e17_goldeneye.exe
-
Size
408KB
-
MD5
456a73071f36d642ba8561eb2b461e17
-
SHA1
b54fef2216b4ad58da3adb8d498aef6318fa6269
-
SHA256
6b47bd5042652f5c6b4654294085643f1786173079a2344220ca2452cf235d9b
-
SHA512
3e28d533826286220ca7e5133cc61e59679d8100bc2b7e604fd8ec85fa1af0b274ba1b17f3d7d122ea5b0ff9dab093f4d9906e3af4d1dc29853f5813a0a24ed4
-
SSDEEP
3072:CEGh0oVl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEG7ldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-09_456a73071f36d642ba8561eb2b461e17_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-09_456a73071f36d642ba8561eb2b461e17_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5B7BE1F3-228B-44e0-B6A5-3266FE7709C1}.exeC:\Windows\{5B7BE1F3-228B-44e0-B6A5-3266FE7709C1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7AD72B1F-5B61-4e7e-871D-42EE15BEB9CE}.exeC:\Windows\{7AD72B1F-5B61-4e7e-871D-42EE15BEB9CE}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AC3B28FE-F434-49ca-89EE-26717112EA33}.exeC:\Windows\{AC3B28FE-F434-49ca-89EE-26717112EA33}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CF68AAC5-8D06-4b0c-89BB-F0EE3855A92F}.exeC:\Windows\{CF68AAC5-8D06-4b0c-89BB-F0EE3855A92F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CF68A~1.EXE > nul6⤵
-
-
C:\Windows\{0705A742-AD6F-4652-B5C6-34FE9B98E7FB}.exeC:\Windows\{0705A742-AD6F-4652-B5C6-34FE9B98E7FB}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{18322D49-ED21-4217-8358-18AAE9CD1687}.exeC:\Windows\{18322D49-ED21-4217-8358-18AAE9CD1687}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D6F0A0C6-3367-4947-9A2A-10B98E75D06F}.exeC:\Windows\{D6F0A0C6-3367-4947-9A2A-10B98E75D06F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{08B6173B-A06E-4178-A13B-B02B3B62AD15}.exeC:\Windows\{08B6173B-A06E-4178-A13B-B02B3B62AD15}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5B39FB99-5D38-48d2-B6A6-A9B759915C6B}.exeC:\Windows\{5B39FB99-5D38-48d2-B6A6-A9B759915C6B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5B39F~1.EXE > nul11⤵
-
-
C:\Windows\{0D56FA8C-9712-4733-8618-CCB126D18EAA}.exeC:\Windows\{0D56FA8C-9712-4733-8618-CCB126D18EAA}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D56F~1.EXE > nul12⤵
-
-
C:\Windows\{E31A358A-5FB8-4f17-8A7A-6BFB4DCD750B}.exeC:\Windows\{E31A358A-5FB8-4f17-8A7A-6BFB4DCD750B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E525E246-803B-4b97-9661-010903A6019C}.exeC:\Windows\{E525E246-803B-4b97-9661-010903A6019C}.exe13⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E31A3~1.EXE > nul13⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{08B61~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6F0A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18322~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0705A~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AC3B2~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7AD72~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5B7BE~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD562f2d7d5e1327d107ff3b20297dc371c
SHA1602e463a0f3690adab67ce525768a1bc75cd32ca
SHA256c58788f09e8b4c8c4d777ae1471ae5828af9deb701a5b8fe4a64e9245c9201f3
SHA512fc39d52f4ce4d5d9e201b07c45052435cc930cca617cd253289b1d7c8d81ab126d8c9acb07199a656ab8bf8df2fa8b3c3ce9e8c073bba7c598849cf41fa74ab4
-
Filesize
408KB
MD53c3805af3eda509ee6f013904e01593e
SHA1ae733c1ba2b1d73080fe034fc0a207aa8b5938a4
SHA256a8aec0ff77567b6b81ea51a74eaf160e73e2293e77d5022b5ba4c2756df0705f
SHA512385aeb682eb5566ab9b8dd810df731dddfbbb88ffbefa904c9595176c53aeabf553978ff77e1789911304e8cf417acef07f5df6d56bf60e4a11ff84b60c19f98
-
Filesize
43KB
MD595906b355f12a7168891396cc0e52383
SHA113c1534467ef7a9fda504712a19970ec2fe6cb14
SHA2560325831b8924e33db5aff80dbe681332d83ad3f6dc15011a02f3299aa185f1b1
SHA51269ca91e1e8b55c64a731ce6481998a48979e7ef1e3aac44f5f17cdcb3fbf6f616aca7c8e63533facb1177f454ed37781d29f33f24f5e2a6b08e9df867b4b2020
-
Filesize
88KB
MD5466b4ed3df1ab3fdacdfb2b67eb94ce3
SHA166a9042a1890817e2448fb55ddb816e80bc8cea8
SHA256d5b7a74cb2664a81d03f42ddc9f6fc04f688d5d639bf457b2bf49cabbaeac401
SHA512c9c75d277e3352113087b636eaba16d6e661a199c90f10e9f4e347bd8a879432fe9c446bd26446872095a8312510005d8252cbe342953eb754516d87834d6513
-
Filesize
408KB
MD5a56633856d744d82b123c6f24c3db439
SHA1306ea846c3876bbc79cef9871a2282dc1ec123f2
SHA25631cfb7a3b09ae161e2d99f5a32606065801d2fb543f55760dfbba6bbddf84d17
SHA5122c947bcfbd6ecc1d27513acdfdcf02b174e127aea143a3f3cb2fecfa10d987e932203eea2e76899433edeac9db4ff13ce420a6d9f3c5b58540e554dd03c77498
-
Filesize
408KB
MD5d178b4791659a6bf7c9c1e8caba3a82e
SHA12ed694e43c7b78796f666a6bbe827a07f5105379
SHA2566632d8595281a7c5cc7d9ec129c932c56842acab6c219abd8e465c413a8f8269
SHA512ebc038c01b5d9e33e48b3c9920691a74b74baa05e5c9f55a3e538c59414219b3fec7121b114a4ffb48b268d4fe3b1e53550c3fea24ff38fc724ba997986f2d2b
-
Filesize
147KB
MD5d0568974eb2845ed91ab8f148ecccd30
SHA118aecfbc1f7e6b3b42cc0c6bcbf4b6404c921242
SHA256192ad8501659cf493da93d3009ba46c9d45c15584670b957e793fcbed2e48c24
SHA5124238fa13644ad6bc1daa7ed41b90fba0769031120af305ae1e94250498df607c6e252cbb3b26f8f216a3e9d737a6ef45f88a06ec958276485526351eb1f7e948
-
Filesize
1KB
MD5e390d5e1c9a5f95b99521de37c76e69b
SHA137cde85109a08b3b0d68aef382e00b09f3768e2d
SHA25680ca884b931bb88ac3c9c819bf370704a34239361066e032d31c01fe2e1ee4c6
SHA512fad1ef08769adc38455e2b5a614e36854b41144719f164202398888d97d387dac4c98de29088b222fb2756fe416ef6deb4fdf88649aa55ea91de4927542f8e69
-
Filesize
408KB
MD5f226ff214136c36f9baaccb4d35cf422
SHA1334199103104372d6590299d2fd0c57f31185cf4
SHA2564d9a0caaab28559ffc9b76aeb640cb0f4d2b80a9179f9816fa44d3d00dbb64db
SHA5125f6fdfd09aad9f40083afb8b881876b0958b28b1894fb7e2142de769111a2ec372ecaefc52420a6ab8f0fb988ff035087746e7222927cbabc7569f35d121399e
-
Filesize
408KB
MD5021b3a261e24b18503efb67ef0b91017
SHA16bc30e215f56a1c3912cca11476dc3f8d11e2cb1
SHA25674915084eeff92ae1fcd5010e1bcdda3669058635ea62a11b4642c40b377f433
SHA512a57f626da40b7ad86fb1d9522e177ef34fc9d71dcdce17ee34a6b7535fabce580d5e26031fdb1925826927806d9d239976a631c8512aaa4640eaf7352676e133
-
Filesize
408KB
MD5c630d033f7fb7c57957ac09c9606e12c
SHA1a0346e4fb1d9fbeffc83b57063548aea90d96bef
SHA25634eb2ebca09bd012200059a68891be4119ca421d86153f9e68d6b04b111dd0ec
SHA5125f8f0509464df3eccce5722ee9d396b13b407bb853f168491e93acaff7abb6aa7300f4800d9d6581de644c763d52d77ddfb8f598c577e0d91476d0a3a821398b
-
Filesize
408KB
MD5f932a90ef0fac468439ca61eba75c2eb
SHA11698960e3354566a62dad66008d4315f17d6247d
SHA25643fc897a8252c20de67bf3e54253ec1e6801133a1b8f50236b99c6e0efe9b085
SHA512ac661aa422d305ffff82028589e46f74e1a8f5a2f083c8729485c827b2795fe755907051e462e35ffe49270e49e1c5186bd53c4a8dd5399809fcbadc2cc7a369
-
Filesize
408KB
MD51be1f49b0afeed5e0acc65fa0e3a69bc
SHA1a11414b6b0ae371ba6c36d3f03cd6dacea5e5fdd
SHA2560327ab37106d8bffd4b906a43408106e8b6a6d4800e43e6264bed58e2adff6cf
SHA51293a385fcf6b9d853680d81944948f71a6e96beb9dd91c4076d4ec0eeac939d1ff8a9c34b415cbdbdbfab11c11a91736d746f8c73347a06b27fb242886cdff9c5
-
Filesize
408KB
MD5e615b85640c5d4baccc11d146f2fbad5
SHA18fa28dc071e606d5562c662de5e8060c1b2520b3
SHA2562978d416e623541a3a97cc98b5f02ae2727bf2a1f98cd551dce92cdd20f956f4
SHA51220dd04bdca90c2538ce70c6cc4e0b5e0b2cfcf5ba03ab90fff3cf4b91cd372dac3225b209c657f12317bcb2414443738da7858808dfb91f45a2b0b2da881a606
-
Filesize
408KB
MD5dcf5234184342bbb735648292479fae0
SHA1b2433c38f31c9adc9d0e89790713bdcc639c4a43
SHA2560c6a2c6573aa45e3815c5431b4ac8f03037211c5225adeea448a015a24e9af43
SHA512c53366f47069b22c427c2e3019ee05eb3ec7e27c0878c9fe8dd82805959d05a2d7b21920e397788374bd554d3ec92fee3fceac3563fe026d1325b1c0d2996c1c