Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25-01-2024 14:23
General
-
Target
2024-01-25_0dc3faeb2f4e6f92019c6d3002a3fb25_goldeneye.exe
-
Size
408KB
-
MD5
0dc3faeb2f4e6f92019c6d3002a3fb25
-
SHA1
c409e6ae8f6d26909d6959de18999e5573d1df41
-
SHA256
c2635f101a56c0c643b11815c9819924569751db7b524acd8ff6f3bcac984332
-
SHA512
97be2953be4cb590d472edff4ab670c2ddb8be84ef3f2a36073de03c77ac8dd0f14a6bb7f0482f29c29d36777a11374f3dcab21c3c2b32ccda1dd8188aa88833
-
SSDEEP
3072:CEGh0oSl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGsldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_0dc3faeb2f4e6f92019c6d3002a3fb25_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_0dc3faeb2f4e6f92019c6d3002a3fb25_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EBE7409E-AD85-4138-9AE4-271DD138C527}.exeC:\Windows\{EBE7409E-AD85-4138-9AE4-271DD138C527}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EBE74~1.EXE > nul3⤵
-
-
C:\Windows\{AB3EC953-D4A3-4619-82F5-727380DC81D5}.exeC:\Windows\{AB3EC953-D4A3-4619-82F5-727380DC81D5}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{60667D9F-6EF1-40e2-BB2F-2B8AA2FA29F9}.exeC:\Windows\{60667D9F-6EF1-40e2-BB2F-2B8AA2FA29F9}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{60667~1.EXE > nul5⤵
-
-
C:\Windows\{48ACF501-F311-4051-92A2-49C76FA0EC08}.exeC:\Windows\{48ACF501-F311-4051-92A2-49C76FA0EC08}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C5013A0E-D2FB-4f1a-8E53-E90B37AFEA5D}.exeC:\Windows\{C5013A0E-D2FB-4f1a-8E53-E90B37AFEA5D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C5013~1.EXE > nul7⤵
-
-
C:\Windows\{A9989A23-0F06-44e8-A910-49FA392A77FB}.exeC:\Windows\{A9989A23-0F06-44e8-A910-49FA392A77FB}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A9989~1.EXE > nul8⤵
-
-
C:\Windows\{DE01EA5C-F79F-48ac-8E80-4DAC9866535E}.exeC:\Windows\{DE01EA5C-F79F-48ac-8E80-4DAC9866535E}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{677E789B-6B09-45ca-8E43-83E7B4C8FCEA}.exeC:\Windows\{677E789B-6B09-45ca-8E43-83E7B4C8FCEA}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1813C82F-9DD6-443c-A6BC-E55CD8201ECE}.exeC:\Windows\{1813C82F-9DD6-443c-A6BC-E55CD8201ECE}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{81DBA74B-4440-415c-BA18-4C556880286A}.exeC:\Windows\{81DBA74B-4440-415c-BA18-4C556880286A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D00BE992-C397-4405-B6CE-9E8D4E2266C5}.exeC:\Windows\{D00BE992-C397-4405-B6CE-9E8D4E2266C5}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{81DBA~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1813C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{677E7~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DE01E~1.EXE > nul9⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48ACF~1.EXE > nul6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB3EC~1.EXE > nul4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD55b359b569a59b7c5ae172cea303f883b
SHA14cec149d239441c86c3cb5f52b9a0df27467d96d
SHA256a4e8d8f3306c2fc3199e02d42d56e416ff1b7d5e98e42f9b376e87fcd1320505
SHA5123cfbf803b7a268745bc7a8eeeaa208d3e058e7fc2e3a50fa08b1a4aba4caa229842399639c7d35bda570d3b4e85999eee097356affdb3caee845a3da5aedc666
-
Filesize
408KB
MD5c3840b9564ecde1dc6bb05e4d8666e93
SHA16f7eb3b5f1ff7a12a489b8b0e4225ddec2f30008
SHA256d64bed78e07e9795db05df348ecb6cb008ee1545292b398a451ddd32846a3aff
SHA5123b24f642d51e94fc735adf5c0544ede53e62614af104cb608f2a2b6df934e639ea21f9d1e54418ec69d909ff7a849777e285c687c068166650b2fbb4056aedaf
-
Filesize
408KB
MD5ee5dc714c685fd1f7b40ccb517757a4b
SHA1c775cb5249b3a64750971555e90b2408aa7a5ad0
SHA256922ef10146aadec74d7d40740fd0d2caa754f2872bca567fc3dbb563a1bfef0d
SHA512d2f8f7560fe45bdc64951e390a537aaae206e9f3e81d77a56da2756832d29d326827af99a3671e90b2fc9aaf1fcc57781f8076e444d877dd581fd6d892e9fa1b
-
Filesize
408KB
MD5a6c2cbdfa5a59049e5aebf3eae614964
SHA1990694b1ab83a6b6e0a1c58fa6439eefafe991a5
SHA256d96face2c94721600bd9bfa0069561db711f5acb461d4d13ba3e50f154c7a99c
SHA5125cd5a26070092ec32404ba50ca00fe8da93c2a474defd71c7e989ccf7b788da9bf1ca156d3cbc2006d13fccfc9202c58210735951672c4f23dba9e59c1ce87ef
-
Filesize
408KB
MD53fd1bf00bda29ce0ca57011c1156cc58
SHA164770c76176e3d89259cfdf3d45ed15e9389fcf6
SHA2560febb106e1129f791bd4605dd065e605c6dd79d271fbf115895d73d3a8c6154e
SHA5126bade1ca750d05471f2c9756c12ae507bd933e61cd81cb70508a49d7e34cf9d70c8415813e6c3d393357be29b88690a299613b98e1998044a5fc6cd062a5d868
-
Filesize
408KB
MD5733a98c1e20b431e57f4282b848a963c
SHA1f40c744a200f046a7cbb780c8c94625f95e03319
SHA256f3fa05df6579cae4984a816a5c437b986b42a7999c5dea9236dd477fbc873dd8
SHA5123d932a4e8619f1177b3fe46aee51873a792ee3816eb6ccbf0d68e2016bbe960b2836a2503ef09dbdadb8ead8f792d63adeb68f0413244ebfe728b5f9d850f873
-
Filesize
408KB
MD523b9f5dcf6120a12eee672154655bd1d
SHA146dcb28a6ee34fdaa724a3e739998b66747cc3b1
SHA2567609ff8129165bda9bb4df42e1c00901244dd51c89968c8454465b84125c62f5
SHA51277966d8f8ab1a07cd2182b2e113d35440b07f95940f872f7b7ad2bc2d9d0299821364c34fb03b25f97a946926d955e66b11ff4a8585fbf4e5c14b56004b1b367
-
Filesize
408KB
MD5fe75af441288410d0cc513f908d5e6b8
SHA1d3d7abf4ab026d643fe501dfedc490a441ff0960
SHA2563fef59c84192296f8842a49cfd4705dacb7e7440e916fa72eea8ab197157a254
SHA512308f990a666cbcf60de06decd71907c00df964031deb6d0b20ee364b22ff1829a74b201337a84f8228bb692c4258433077832be0a53dc522b9b259a1b4b8d0f3
-
Filesize
408KB
MD5239db9854861e4eb49f80d002aca959e
SHA1e142133044afa6aff74b615ac613b873ff8e22f9
SHA25623794e2f97146e6735e24e691a46a71900863e08d1bc74a144e6394a9309cd71
SHA51269132a9b228fdfb152b26d4d8533695f02dd67fa01eb925f21597307b3ff1ff23ed90a880d416ad7a29c21e4bc6b1c9046af151c8d6931e55a6a584d2d039376
-
Filesize
408KB
MD503dd4b123848aa726262e6088e974313
SHA1993a747e748632044afc2166238812d4845db347
SHA256922b260476ae01f8548785aa69ac9274b131a0e482e12fed7ab8666753765e7a
SHA51243bb8d6cf115896f7ac5324967843d3b5f95ec2d1db5634e7f95fecaf325603f4c2046c4b2928880262796bf35c1ac577b93a6c40624a97f1cdbbfacaec04cf9
-
Filesize
320KB
MD59aaaeb08652bf16c5e788373856fb903
SHA1e23199a166ab9204f200188a191d55e6533e474e
SHA25672192f8d9d24ae3183ede5297ae91e28ba5b018048773fa70279fa7d580a474e
SHA512d300fff4d19f4d77fc6f03b8ee6783b9f2f0218f93a3e2dc76f16270f3e55ae47c752e98c4a602969ffcd66c23e17227cacc372c7b40099aef10aa2ca03ba4a3
-
Filesize
367KB
MD58c02e58b26efa2bb553202a7accff37f
SHA1d7f1eccff561ec0c5254dfc333250203a5cf3949
SHA256776e22a98d1d5a37ecde984729d6f06f0a086a697e66837ec9b8706c401ac195
SHA512cebc89f758a4a81a3839ae7c14ed987787e95ed03f66c8c2284f5715d17f97104b9a01ac39a3cfcc0664a712c095818a5105b58ce8b7e6af0f9d0b1f291f5965
-
Filesize
408KB
MD586be8ff85850a25c7d14eaf9ca5f9e34
SHA154a51b1176e1e8940b8be8a582628aefe8358d62
SHA256ab61ba67878b552e2cca3226cda9eb5a1c466fc5626087c425e19b38e6295212
SHA512fe9d9d66610c01077c3257efb28a3d3df1a13fa756595068b82f1bff14a1df7807a07ef3904278db3887ab15502825c7d44acfa116d4d931a6c76fc5f954d696