Analysis
-
max time kernel
144s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18-01-2024 23:02
General
-
Target
2024-01-18_88e501d3d838acdbb20406fab48c7105_goldeneye.exe
-
Size
408KB
-
MD5
88e501d3d838acdbb20406fab48c7105
-
SHA1
051eb736bb1f26e3f03fbaea04e1595a91dce3da
-
SHA256
a1509c1d8f6aeb4fbb585e7ad22d68917e08bcb7de21dfa6aeb6548e42764c96
-
SHA512
ca2f8e9014c984f5c5c65ca05386de68c52b63fca4207eae796edd806b7fa326ecc3b530d7063e3f2e60bdb6aef82940af57953d2fbe6de74050fa89d5250cff
-
SSDEEP
3072:CEGh0o1l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGvldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_88e501d3d838acdbb20406fab48c7105_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_88e501d3d838acdbb20406fab48c7105_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9679E5F5-B8B2-410f-997D-D0920897BF8A}.exeC:\Windows\{9679E5F5-B8B2-410f-997D-D0920897BF8A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AD8A94F2-1B66-414c-B8DE-8465D81BF0D6}.exeC:\Windows\{AD8A94F2-1B66-414c-B8DE-8465D81BF0D6}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AD8A9~1.EXE > nul4⤵
-
-
C:\Windows\{DB7306CD-5644-4eaf-AC1F-B48BC5C82013}.exeC:\Windows\{DB7306CD-5644-4eaf-AC1F-B48BC5C82013}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DB730~1.EXE > nul5⤵
-
-
C:\Windows\{B381CA60-AFE0-45f4-ABF7-A32CF2DF1995}.exeC:\Windows\{B381CA60-AFE0-45f4-ABF7-A32CF2DF1995}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B381C~1.EXE > nul6⤵
-
-
C:\Windows\{D80C1C35-A883-49bc-8C52-F9E78B48BF2D}.exeC:\Windows\{D80C1C35-A883-49bc-8C52-F9E78B48BF2D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D80C1~1.EXE > nul7⤵
-
-
C:\Windows\{50482A88-EB3A-4488-957D-F2F694D59A0B}.exeC:\Windows\{50482A88-EB3A-4488-957D-F2F694D59A0B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50482~1.EXE > nul8⤵
-
-
C:\Windows\{5EC5E177-BD82-47c2-9AA5-66C1C22EFBEE}.exeC:\Windows\{5EC5E177-BD82-47c2-9AA5-66C1C22EFBEE}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5EC5E~1.EXE > nul9⤵
-
-
C:\Windows\{87656994-1188-4163-8066-817C554576A0}.exeC:\Windows\{87656994-1188-4163-8066-817C554576A0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87656~1.EXE > nul10⤵
-
-
C:\Windows\{37D229DB-5ED8-4119-A5D8-C895E3970076}.exeC:\Windows\{37D229DB-5ED8-4119-A5D8-C895E3970076}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A5B6E1ED-825E-4629-A227-F3C55C908036}.exeC:\Windows\{A5B6E1ED-825E-4629-A227-F3C55C908036}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A5B6E~1.EXE > nul12⤵
-
-
C:\Windows\{A11D368F-11E8-4be4-BEB2-1579EC3A20A5}.exeC:\Windows\{A11D368F-11E8-4be4-BEB2-1579EC3A20A5}.exe12⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{37D22~1.EXE > nul11⤵
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9679E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD582820eae01ba173b571fff5ac3de7eb0
SHA1392eac2c75d6a1e6b73eecf3fce9c5d6bca8097b
SHA25627ebb10c2dd8aec5ba8347244d98fa19245d8da987946c97d7e9d33e78dcafa1
SHA5124b9d0baa35e549ae8165d98f183da729a3e1150d157ed91508d1e697f5e1adf2a9221ea11ff68c6a5570f841a6f4a692bd108a275d42641fb69925cb77a43dbc
-
Filesize
408KB
MD5064125ae2a24004effeea589f2cf9fb7
SHA12d29aeec8533919bef827e19488fcfe1827c13ad
SHA256034d83b18e149bc0010fb0a6e48a94e63c268bf185d8f04ac1ac4894d64ad290
SHA512525116227e321207c0ba7e4acc4c5491be1ef58451d40b2b94f87cf5a21538fb3aa7994a948ff1688b8a9099e5a89b0f579667d58a55ea8a552b5913c42c0921
-
Filesize
408KB
MD5e8d169d971f6769bd18dd7a081438279
SHA1c557a46a0f0ad3f4e46f085d68855b909d30d3d0
SHA256296b80098826902fe9d4e09cc396743260d266b91a0d26ae6df07b97f80b51f9
SHA5126181747f499544e47412648754bd156df205d3441a3b24aae373b9a33f434ef3c812200bd5c4adc61416c498fb2ce18e1546ef3ee3aa74ea227a2efea8f9ed75
-
Filesize
408KB
MD54f62aaacb2c95bdf1ebceeeb523a0821
SHA1f5db13544f173bc0c2f1ee6303a06367efa97d06
SHA256a06b5c957f3b0d0386047bdfa1654caa39f0f2419f823ae23765fabe463b480b
SHA512a370aabe346c51f30278743f77e00fe4241597a8c200704f744d4319b245e4f429decb7fb9671dcee2c49cd0f23176c2b5a709165c5e180ffda4b4fcc82808cb
-
Filesize
408KB
MD57cc1290e1f83b7f50f5a87739d720747
SHA1375e99969801417045e42ec4de49e9a33181ea5e
SHA256088875731d9d5baf80bae99db798e0177a32e85c11e73a97fff7e3545e416fec
SHA5127145952c8f5cb87f6c067b19dd8552e01573c73f79f8ce470e8469418059d7c4c8ea7302a0b6aab2f443c82b2a4a8a3375626285d16e5048f60d302b5500e49b
-
Filesize
408KB
MD580e10dd3258dcba9319f8cbdcc98b8a0
SHA16008a953f50f58e07dfd1d775969cd7814affadf
SHA25650815b651146f9b1d1392e54371d084c1d94ffff017fab35c73cdf2efc8bf4ba
SHA51268339338eab5edcfe1ca4a641b1bcbda2108daf72b6d6e9bb7839d825e354ba840db68ea11cda2c1f9723fc5cf6d89d7340f2abde4316ddb059a05258bc03051
-
Filesize
408KB
MD58db94d1d6099d6a778aa684328d9958d
SHA16006b2e8b305aa4c68e9e15c3373f03d5cca4683
SHA2561919823a3519e60e3f5b1027b50418b8916bb4a4b552f769bd9f225add57c268
SHA51276cb9b43d71c4cda1fb81952bce509d1e3eb3dad4f07cb84f0d42ff9337929373cfc6273bb7adc8668f6c85951bdfb5ef7f16765d0c61ca76299edf22a1dfdbe
-
Filesize
408KB
MD59b4a954be855280bba8d9d021ab7be1d
SHA185f7e1c15274f02d5ff261d36c9ff124e2217864
SHA256ed4e7cb932929b2eb13ee68121c08feeb6d2d5c60eb0002d0ee28926f5de6fd6
SHA512d5e853af911fcb3e30eaa2f2011d46e9a153493cd75462bb9e70ad35b9ba967706d57aaae8cb2e0f71acc874afa376f8d2ba1c6ca82467889210a82a8c58c259
-
Filesize
408KB
MD5435dd135088db8e4c08cffc7d216638b
SHA16559a7bcfa9250bc132f3eed579a4e2dfe647330
SHA2560c3dca2e17789aa15634bbf4487d1b2ce7d7de4e9eabde81a5702810e26a601c
SHA512e0efbfe5104d18da9bfa40aee0f9b6e7811669a18b3cb3aac66cb0d82f955051be9a86cab7e38bcc7efe7b9e54808dea81bb9f0f0cc5de973ab0ce51d6ff8fd3
-
Filesize
408KB
MD5135d4b188b7421203bd6e327e2e428a8
SHA1c168bd53c3e0e53c97e04f2f01fa1db69b4dd1be
SHA256d9c74840f43d4e3fad6905d31c18c7b157fc9f9afe7f4bea9e69755f95db7630
SHA512ab22229f5111094b3d65ea5d6b3dd5e82f83a79c25f475c76714d5f2565f0949cce2a69cb235ff69ee4fc4b964c0e7facb0b99edc7e2a012a09d96d27c872c22
-
Filesize
408KB
MD57859feb8f68e8f8fc7d258091cf68689
SHA1337676d17f01e220200732bf6cb858ee1d44229a
SHA2562dc7381180994d8b238b258b4ba3d088289197e626576952333a42b1e2b04481
SHA512aec0b00098e448bf28f623990c3a595781299dd35945f02cf8966dc99c76efc1dee8ca68bb13b2bf2cb4f3189102f3afa1ce5345299c997ad4b4701be4dff3e6