Analysis
-
max time kernel
144s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/01/2024, 17:28
General
-
Target
2024-01-25_560bd77bcfcafc5113df6f48ba690540_goldeneye.exe
-
Size
344KB
-
MD5
560bd77bcfcafc5113df6f48ba690540
-
SHA1
670510ab56d64a18b60ccb3b52feac2a5a9baec7
-
SHA256
6b9b930f8f0bce675b0424f3f8c916ceb91faf5509e8f828d122321d729d1b20
-
SHA512
5c251ae9a9c1d70225631733fb57fb50f984df190230545b2302a865752008fb09e36d53bd78572fd82dd9ca9ba8e9db1f4919ca61a8af3b0f6f1f3217309814
-
SSDEEP
3072:mEGh0oVlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEG7lqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_560bd77bcfcafc5113df6f48ba690540_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_560bd77bcfcafc5113df6f48ba690540_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1B61504F-4900-43d1-B012-852754A63897}.exeC:\Windows\{1B61504F-4900-43d1-B012-852754A63897}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{729651FF-3D46-4f07-831F-90659A4D2B08}.exeC:\Windows\{729651FF-3D46-4f07-831F-90659A4D2B08}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{56249AD4-2F74-4871-A85C-1E4D0E6576F3}.exeC:\Windows\{56249AD4-2F74-4871-A85C-1E4D0E6576F3}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0ABEFE73-2C5F-496d-BEAC-623870CA553C}.exeC:\Windows\{0ABEFE73-2C5F-496d-BEAC-623870CA553C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0ABEF~1.EXE > nul6⤵
-
-
C:\Windows\{89135B9C-2D24-4d42-867F-49BA6D0B38D2}.exeC:\Windows\{89135B9C-2D24-4d42-867F-49BA6D0B38D2}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{821974DD-F77D-4ddb-955B-701031B0542B}.exeC:\Windows\{821974DD-F77D-4ddb-955B-701031B0542B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{00FBA430-A7F5-427d-8879-533A369B07DB}.exeC:\Windows\{00FBA430-A7F5-427d-8879-533A369B07DB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{341021DB-41EC-422f-BC75-C39983CF168A}.exeC:\Windows\{341021DB-41EC-422f-BC75-C39983CF168A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6CE771D5-7144-43b4-8B70-95BE6C2EDA96}.exeC:\Windows\{6CE771D5-7144-43b4-8B70-95BE6C2EDA96}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F06449BB-3986-46e8-B2E3-31F422FB22D3}.exeC:\Windows\{F06449BB-3986-46e8-B2E3-31F422FB22D3}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{521EAE01-6D77-4388-9B6A-BD8D3942E7D7}.exeC:\Windows\{521EAE01-6D77-4388-9B6A-BD8D3942E7D7}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F0644~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CE77~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{34102~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00FBA~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{82197~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{89135~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{56249~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{72965~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1B615~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
289KB
MD52dfb9d185c1a262b5968ab6936fd9e98
SHA149b827485df0fe12608ab608d574a6128a6df55d
SHA2566e9570e94cf881dd31dcfd74bc9cb5fdf9b98b5327bf1610e51f3bc371e0b552
SHA5126c770dc44901d0a81153d0b036f31ffa048c8cb084c64092eca953b6a8ac9db1d3383b44645fd158a2fe84fefe2bf0c3fa61422f07f03439aa97d0de27f21055
-
Filesize
344KB
MD53025fa6c3ab33c371e56c6de6b442613
SHA116874fcb7dd48381d9f71598357dddbccc0a28a2
SHA25696fce465c38beb4d7fdbb58b6b6be5292ec06fd2c8398a02fc17fd51799af7dd
SHA51234351426403f62b92c9b93d77ead80eefb5fb612df5423cf7b8e676473072b8206030efcd50d44bec21328f9398770281dab067c5b5647fac76e8a51765710c1
-
Filesize
344KB
MD5b304ce0d78f7143dd7acbe2dcb96585d
SHA145054018ad086bad92e9655f758fe0940ba33195
SHA256d09d8e25d27a09d59f549e69e420ecc2f4a08d06b05ccfaf6426d7d03b066fe3
SHA51254d6dec3c22a08b3a46453b45b0eee6b0129d8e2b7c5e4ec88e4f03c333d450be60c52f0dedc343b10611142a6ffaa54c2fa65413e5e7098f229137928590987
-
Filesize
344KB
MD5bca69945070660dd9e5ef2d9646582a2
SHA13568c4751dec50d618b64f8cdd77c76e944fa9f9
SHA2563f322f04645883e31848d8722f008da4227ffa41c225b51ae340cabce8c26364
SHA5127d4f7c29ee0816fa4d791c25725e5264a169a00f6f11cec163db8cdb075a3342f9cdf110dc4942edc708a98cd70cd816b3ac6e7ff74eede2481d6e92c6f50b00
-
Filesize
344KB
MD5b61319825b8e5563a2b3be0f8903ce70
SHA11cc43cd187589fc357fa1e3a9b073c911c9ef04e
SHA25646e9b292525434362a524646d4e2d57b22bd9edd767591b0e3d8cf5221a773d0
SHA51271f733d785037c940bd6e185480cd7f53f5a78c3b1b3795e18fe5b1d5ae328f8858fa5ba8f8d8283a4f3a72c62f342a4f26833e5c733a71131fdd0fc6e10b943
-
Filesize
344KB
MD583417829c93fd315f8eb8ac85c9ca070
SHA17e435ca855e82f50fb03af8757b8d1d6b48f4fa2
SHA2567d2b80d6eedc41206fdd10fce788813b1bfb1120a9e1dbf9c5c4c6c19760b945
SHA5123af55bce695fb08762d7f7dd61582d10505aeffd7e7418677995a6d0f4f1ecfcfc66d8b297658e0376aa27aa441f205fe4943794d2282ac74c06e7fa231c8ebf
-
Filesize
344KB
MD56af74a249b45f4cd4515163a5c8aa10e
SHA10cecfa365d783051f2a419e1d3a944a1f35a5404
SHA2564539386fb972da5b6a3a40d7fb95e08ca4c20a03170f7591f634a93af6cb3542
SHA512fce9cd3ebf0fdda7ec00bb0b3e925aa951758e5fcdf54a9b1e2eeabc5448a5ef4a97d1488535bb8b2b7fc849cb7c9d4c9587eb4b9ad87582869d2315ff9682c4
-
Filesize
344KB
MD523056ebad13a25a494c3e4d675219ed6
SHA13b9bdee4bd754ba4bd07dbd646855af244246e6e
SHA2561388ec139b142f76e6732a9a7da3b7d01d54cea73aef907a42bf98d7fb3293dc
SHA51295ea5d85a00468ec6c12393a3e48bf9aaaca447cf45e909c4762a9db0c424f5c1d15adb35985ebfb60c56c794e3b5dcdc5656090e446fea1377dfb6bbc846578
-
Filesize
344KB
MD54ae8c8655438d6d798ba7f9a6bb0029f
SHA1d3454c93b05ea9b08f7067d91110e8c083b81a9b
SHA2563ce4189927083725c9a28087e1ca304d0754112cd457997c58757a4389420e6b
SHA5121eb7c0691004895325ba3cd4e7b4d6cf035acc1524533a6c857180640f70ea16d4946c3b5200a10d02d96e3ef6ba2d6f4b2f74fa69bd444adea8f4ef510cf675
-
Filesize
344KB
MD5d47c43e31b044f9e4e93ee13b5e10343
SHA1fa3ff9532d3fbacf10ae3481c53ebf167a8ababf
SHA25636221aa2b5d56631f424a6fe2b41c4fc24f5b6d0a6b854090b8a1335a8bab5c5
SHA51248f176b5d46d67a6e5674bee76611d53553c2b894585553228d40376bf1cf047680145b5f08047cabcc959ccaf9b96061e23f2eca1670445391e94d195391a87
-
Filesize
344KB
MD53bec96b268a1a3db20ff6d9aecf704f3
SHA1f25d41d4d3c92ab5e1f4d7f0631e7a1d99060d63
SHA256156ccf25d622a3ce90a3e1c050aef7d35e6df02b32321cc454471c1fb1e0a0d8
SHA51297f543be734e46943e84533f4544e73a66d81e1ff0af82a740eb818966d5baaf6efc8986b0cab224ad979c7e720b7246de366c035089e42e414099c5dab77237
-
Filesize
344KB
MD5a0370f10ac8cdbc3e1c39d7505ab403f
SHA1d5eac4a315ff0d89666aba7a86a8c6142f6fda23
SHA2563fc8bd4cf082e27869c9ac83e621e6eb6b93250c61147fe01c9cad57b0e1a633
SHA5123f02a488b6a90c2198a72903638ac25bcce4511823b21177279fd9275e309bf58aa002ac1d17fc68db2d324dceac5a9cdddb2595f6e61649927dfc93c7bf5778