Analysis
-
max time kernel
144s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
12-01-2024 05:57
General
-
Target
2024-01-11_3d2030bc9a294747723e058da9f4b813_goldeneye.exe
-
Size
216KB
-
MD5
3d2030bc9a294747723e058da9f4b813
-
SHA1
f1aec093d3c2949bd92489f4a4ea0a99209f22b4
-
SHA256
b7925660e81ac2190787eb5314124a129d062e845af766d942a552f023205976
-
SHA512
f643c2983cf30bafc26b628e48b7e4d963ee4be3b51f811b232dc1fd46bd1b82da4f6eb0c572152c9d7e7ea0aa12f071e93c023fe3be23adbdc98f61d192a52b
-
SSDEEP
3072:jEGh0ohl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGPlEeKcAEcGy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-11_3d2030bc9a294747723e058da9f4b813_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-11_3d2030bc9a294747723e058da9f4b813_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2625914E-FEF7-4134-B32B-6817A09E9F4D}.exeC:\Windows\{2625914E-FEF7-4134-B32B-6817A09E9F4D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5C742E11-A3F5-41a0-9718-1E45BA786EF0}.exeC:\Windows\{5C742E11-A3F5-41a0-9718-1E45BA786EF0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{00DFED64-896F-4ee5-8199-678902E76F06}.exeC:\Windows\{00DFED64-896F-4ee5-8199-678902E76F06}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{204C32B6-509B-4972-ABFB-56B4683D064A}.exeC:\Windows\{204C32B6-509B-4972-ABFB-56B4683D064A}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{75E831F6-7833-42a6-BC06-4659ADA1902F}.exeC:\Windows\{75E831F6-7833-42a6-BC06-4659ADA1902F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{335AF167-E240-4707-BAE2-E5688FA32F31}.exeC:\Windows\{335AF167-E240-4707-BAE2-E5688FA32F31}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E53D47BE-D3F6-4d73-9546-BBFCCCA04CA6}.exeC:\Windows\{E53D47BE-D3F6-4d73-9546-BBFCCCA04CA6}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A8D10C39-8736-4718-834A-D85D2615276F}.exeC:\Windows\{A8D10C39-8736-4718-834A-D85D2615276F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4A355A74-1BDF-4fae-A397-859A5F08FD0F}.exeC:\Windows\{4A355A74-1BDF-4fae-A397-859A5F08FD0F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E0F50634-A5A3-4963-AE03-6A14DCA15096}.exeC:\Windows\{E0F50634-A5A3-4963-AE03-6A14DCA15096}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3DBA825B-457F-4e47-B8C2-F61925B6D3B5}.exeC:\Windows\{3DBA825B-457F-4e47-B8C2-F61925B6D3B5}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E0F50~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4A355~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A8D10~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E53D4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{335AF~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{75E83~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{204C3~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00DFE~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5C742~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{26259~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5d04219f1ac75b27e81ca33a5e9e66a51
SHA1d514c853a151d2489d5c80b7e3dda24e23e9aff7
SHA25688c30f7e0940c9e7c3a5c58d5f42deb7d3027be2be6fe43d5e25e6c52ad84c09
SHA512ab9eb4746b7b78c0a0da3d2c3bbb398a71574378bd0765159bbe4fe491ac2d1a27823a6be20d4d80c0d7e410e62d12684239e7ddba75a8ee3f70dd3fd37242b7
-
Filesize
216KB
MD5b94d72f067fd430e52a503fab5e486f4
SHA1a4e4fe1a538674e78e1b63a99f17c13bffef179a
SHA256d8734fa7d12e413cb282019296f3784ffa3caccf8674ec623d10117c9c98b8d2
SHA512a036f2f7b97fdd53ede57c624bd04c585b1251d37cbe6b2a8020ac0cc41be4f96147170db2d9040ca49f76867b12c679638631ddfe6504992bec6af713d08dfd
-
Filesize
216KB
MD59d29653cf379deb7179176610a0bcc07
SHA15102b8a14f20c930f39fb83a09b5a892545aafef
SHA256812000cef4968118432e90bb5df15d768002b4f3927caa6b69d87f1af7ec5cb7
SHA51274137be6ad402c0fbaa88d7d35e50a83d84c93fcab2aafee63127841a47f1d6912a21395020af85b31c5021d5bb14e977691d5004daa1b48e70eab8a6c758f67
-
Filesize
216KB
MD5769cffae0001b4f55ae684862d2a3795
SHA1385fefb0071353fa73ca4d98c595ef127970b6cd
SHA2560b9790a2b9b1eafd138623200bda99eb53812fb8872ee2e44aa347a5b7583d1e
SHA512f78e741c998e35b6ff881036e01b7a6bc3191bc2ab34857cacbabcc08de4304a97359334ce3498e90a18404e00c70c769f0a2b29ff146866b76ebfac85f28981
-
Filesize
216KB
MD5c5693ee9c4be0a7502ef7c13d62d8418
SHA112faa78edbf67e4b1329e176b41f7543946fb603
SHA25612f0d8fb6ad0680cb618a0924d085989879a152a46aacbc63637e0ba71476e7e
SHA51297dd93c30b6f09174a155035ea1e922c3d9fab0c6f2c2e3faeb1216a2ce9f583ef9e4f6a3510f49d9e156418bd4fbd4336ee9c5bf129c3eaa74b795296a69650
-
Filesize
216KB
MD569e732b74e51ad8266d8c90a073733af
SHA1b71a9c9e1bf5d911263c434736b461ce608e43e2
SHA256c0bfb93423fec8b905f2ec0b67b1a9d50c6e5b2c225ac30f264163691cd097ec
SHA512e036b51bc25a8032c1013902f4e1e86b7658a00b37d05ae1d10c610ee9733fd649b115c6d4059039ca693c9da4fc25961f752666bfaf695128e06308d7e3efba
-
Filesize
216KB
MD57935ea70f94d5bf855ff17fc09e49f3f
SHA11e923c80378217c68a0bc72785c20e8c78057336
SHA256f325c5457b85274d3c83fd14162114a6289b4e1df3fc57baa4d8ae433c8966dd
SHA512e443cc4be7baf5c77e2b79e8472614feed70576f2b0715139dc747d7a41ebded336c8a93dfb70a443c1e8539b727f91c15315b923342e371978dcd512d634aa4
-
Filesize
216KB
MD5a908cb3b2c6d85966656be3427273443
SHA153bc39a109f4696d45d52bd53bef5c70316e7a07
SHA25648150420666d2ff93a9b03b45ab32a8dcc9597ceebfa792ed3f58dd250bcb941
SHA512341bd501b52764466ba659f77e1a32d1ef5c1ed7c882f9a2b4a0205c46d226fb01c50b8904d5bf2269544588dfc9da73503710f5392999aec6ff1e74eace5404
-
Filesize
216KB
MD52e652aaf22a995e01ac14e732c72cf2e
SHA19aea8a3a5b775244762e065a2a0c0f2d8fc596bd
SHA2567131b00f8a07fadcbb4f5551c44de6f1c2e6b44543eff2e5b61ba9cc84bf2da9
SHA5129d652a8d1b38201b605cd3f04f3c4e89da8913f653ae98daaa2f4ae5348d5639a8057a3c797f679881ff2f571e8f5531626a06b0685ccb82ec78ff61f3ed156e
-
Filesize
216KB
MD556223d6733894fb99a026c130810174b
SHA199aaae47ce0c900d02ce0d53a044a047ec140dc6
SHA256d9f39e2dcd72236c2be2daaeef6d077fd6ee415450b373bd05730c9ca2fc8e1d
SHA512b8ea59535e0e5fc3ee98ee07741f1dbf52b0f9104536a84bf59c0050a89c27586725b5cfd5df0ce76a0eff69fb4d25dfefc19ee85de7c3f8dddd8b725e3722b3
-
Filesize
216KB
MD50f1a7787310b142475545cd30846961c
SHA1103bc520f649d909fe1f17b37b8ab99282df615e
SHA25619d31bfa328e8631312568a06cca7254f44bd9d6b77cff9cd9387ac1be8d9541
SHA512c2d9697cca70942438a08a1149e5a00b0881998dd6f719977295ef943ba8c1088db497cd524638b4ad0a181e601d38f295544550493a34d58d32af43fa58015e