Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/01/2024, 11:35
General
-
Target
2024-01-25_d7f238d12447baa63d3ab477f5d5cfa5_goldeneye.exe
-
Size
197KB
-
MD5
d7f238d12447baa63d3ab477f5d5cfa5
-
SHA1
9963c05591b88b4bc89ea1dd4cba922d39085a46
-
SHA256
dabaa055075d1de42bd78aa2a2acdd4fb96d6d59b029660dfe8c72e86e86a79e
-
SHA512
afd1ff11b2a080754722facddccdd68c8ad29971ec00fa61d2d860c7ed27520e4fc2838f3577a4e9db4515d36d7e6298ec5c004ddc1e8728277530a8cd04465b
-
SSDEEP
3072:jEGh0oGl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGolEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d7f238d12447baa63d3ab477f5d5cfa5_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_d7f238d12447baa63d3ab477f5d5cfa5_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7576E1C5-1050-4d3b-B259-0D16AAF50485}.exeC:\Windows\{7576E1C5-1050-4d3b-B259-0D16AAF50485}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C580D43-075C-441a-8F68-CFC213A6D9E4}.exeC:\Windows\{2C580D43-075C-441a-8F68-CFC213A6D9E4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B0BDC9BB-82B4-4138-8BB7-BB35BD040549}.exeC:\Windows\{B0BDC9BB-82B4-4138-8BB7-BB35BD040549}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B0BDC~1.EXE > nul5⤵
-
-
C:\Windows\{13FDB7DB-22AD-4158-BD6E-7191F422FEC7}.exeC:\Windows\{13FDB7DB-22AD-4158-BD6E-7191F422FEC7}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13FDB~1.EXE > nul6⤵
-
-
C:\Windows\{0383F452-70E5-4303-9671-12C96FB43E2D}.exeC:\Windows\{0383F452-70E5-4303-9671-12C96FB43E2D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5C0CC7BB-B0E9-4d42-863F-A19A25AD24CC}.exeC:\Windows\{5C0CC7BB-B0E9-4d42-863F-A19A25AD24CC}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B349C027-F0C6-4612-8A30-E90502AA9A45}.exeC:\Windows\{B349C027-F0C6-4612-8A30-E90502AA9A45}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0DD49923-2F43-4168-B43F-F78D28D3D7AF}.exeC:\Windows\{0DD49923-2F43-4168-B43F-F78D28D3D7AF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7234E710-B844-4d17-9EFD-6EFAB927D856}.exeC:\Windows\{7234E710-B844-4d17-9EFD-6EFAB927D856}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7234E~1.EXE > nul11⤵
-
-
C:\Windows\{C0A21F2C-E347-40c5-AA5E-FAC30DF6302C}.exeC:\Windows\{C0A21F2C-E347-40c5-AA5E-FAC30DF6302C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C0A21~1.EXE > nul12⤵
-
-
C:\Windows\{1299EA12-35E8-4ad8-A876-5A62E02BA35C}.exeC:\Windows\{1299EA12-35E8-4ad8-A876-5A62E02BA35C}.exe12⤵
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0DD49~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B349C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5C0CC~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0383F~1.EXE > nul7⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C580~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7576E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5c37d4c525523d7d023e99d1b62c02390
SHA1cfb8b28d6e73bad0ba39e9a9e691e34c2af9331f
SHA256acf1aded8e325b24abcecd266267dd844d7dc66ec7f63c1801ed2d4f24f9d786
SHA51239a3d3676238ae815768c341b309704ca210f7cb5b033f2803a31d7ec3323c06151a8012ed234ce4f6c5690e55753db1d0f89d33bf08f7deb585ce8e7f33d80e
-
Filesize
197KB
MD50084443fb8375d1ac79f5b5a16e3b8f6
SHA1d59e5e4cfe11f1f609abdaa0009540a551c0cf39
SHA256d5d23e326b38aa937a1574d28da9ef6e37f5b866baf3ae70a5cf6d98b92f1e7d
SHA512d6ea785ebad6c2df1ec1e3da4e76c04b8d2b378930130d5163823522f66a66cacca9a93d03408d2bb779d8556b735b58ae81ba6d8bf6a8ab1e4fb4a64b10465a
-
Filesize
197KB
MD518cab39feea4872823530ac6f7cb234f
SHA1032dddc6888c06f32fc5ee7f11bc4e017324fe3a
SHA2569655bc57db40d5fbe406f02fd756c8194e3c9b94fa37aec9d21d5c2ed4e5cf15
SHA512e70db0b951a932d325338e08babdee4d3f4ae95c618c256caeb3da59b38f8cdbcd0d0bcd6b51b417bf7b1cfc623bcdd52b62a22e0df992d67c0490b00e8a56a4
-
Filesize
197KB
MD50f9e769a9a2c356427df7269ecaa1013
SHA1dc2b984af703ed7c54df18f101c6ec4e4b9c7576
SHA256467920fbf61e35b69e2024ee220f86b86816649f00a1d70e87e213834cca2873
SHA51230bbfefeb28b2d42fa12a02961199798c272dfe2c7d32f31918b3e04a8c19cbf42ef7edce29823200f9571b7b07506e511736de4bd4500a9f8daa11036e5952c
-
Filesize
197KB
MD592914be0c7809f092655d140e2efd62e
SHA16e45c1237035e0279859f1c8221a406f0a9a4fa5
SHA2560f1bd4a051e20928625ab2512e6eb67e3e691b8899a119f30fa1e5967dfeadd9
SHA512ce61387befafbb536cecaa45ddf5fa22d45dd159e95f1cf89747582c919e79e809c2d11b1d0c95e0ef8f61f16005cd94d248a3310402ff61c923553cac83f4cd
-
Filesize
197KB
MD56d0984ed14ad43c919f5e6a61e497ca3
SHA15a2639af9e921bbd88903e1682e953783e5ae4da
SHA256911cabea2be65a47b34072612c3ce8383f963982d2393ec35553c02c955c0863
SHA512d4bbe01a7f6147afa1b640556485f2d1ac558296dc599ad2d283421e18611fb07d51951b300e0b640f7575c96f714b590bde8185387105973f251ecb35c1ffc1
-
Filesize
197KB
MD5bb28fa3ab262fb22f7f9a9afb93bccec
SHA147649e9be42edf1ffa8359790e9480eb3ed8d607
SHA2569e110192584704e575e3e97a03083621513e4b1470b2b826f2ee6cb3c330a37e
SHA512905d21815816cac6ccd43012b866e19ba622c1cb003f5abf736f9f7745a8e7fcc4d363a85616d288d90a69095d1f4bcc1354cd03848750a9a5a0b6e79b0a7415
-
Filesize
197KB
MD5acb5110187650b053574bbf4215d810c
SHA16e6f0e8b887c91d2ac36194b3a197f6fc9ed03b0
SHA2560c09499d0bb30d838e871bf14c18a12da97bf23bf4db8440b3b1a9bddc1ce9ea
SHA5124d9adc5410f3541b4b67872a8a38abaffd976b6ff2f5d57b2b3858664c09b6e039085c1766274554a5d1bf5069d9d9a4077f6dba4f821b4464d98d27b22bd07b
-
Filesize
197KB
MD59b9e906cb657e2e0781ea6496335d4ae
SHA1877e1e2e1693da8d0767fee724bc6f7086a08705
SHA2562404393efb85d84f61d97532790dfe6244413d619e66266b76efc4d617d2de37
SHA512f5cc3477b74ac514acafa6cefeda81b21200ec0fb06b758db63cb7c24ae70adb7cfe373ad9ac4c099055f1a783cfecfa1a32109eaa13bdd4fc8d3cb60252f6a2
-
Filesize
197KB
MD501d6e937aaab63041ab6ee0b28ee06fb
SHA1a8490c041da0967062acc543e8de24311b94b9ca
SHA256b819d11a2db970eaeb46ade3a1ba2a912682f6d59f1dad872832cf88cbf61222
SHA512d5221eed355744b12a61290b7a1ba8237cdaacb8cef1724186d9bd95c32d8fd244f5ca0a3ff0163c6f1adcca5531e3252591b0ac4f7ef9952de8b7460c3a01e4
-
Filesize
197KB
MD5e15c695b5728885b2ec1702b7ec1168e
SHA160c781b3c28f5a24785514d3a07ef132281c110c
SHA2562885c0796bce705bfff23d12037b4fd8516206538840281858fa9e7cbca45b65
SHA512f7e78fcdbd2517ae8a395801ac78af75a27ed3a05167c7f2d0dd03043bb15e425cec954351072746103df5c0dad2b98a951dbbfb3e6bbacc7997327c1fae61e0