Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25-01-2024 17:28
General
-
Target
2024-01-25_4fa55fd404b924bfa9810aa11b49e4f9_goldeneye.exe
-
Size
180KB
-
MD5
4fa55fd404b924bfa9810aa11b49e4f9
-
SHA1
2757134d986d31c6a034a9088dede09e0ecc01ce
-
SHA256
de0a1e45ca271da7a40a9cb75d60c1637feaf6e009ca3ed2ac0694ab0d27027b
-
SHA512
e1631b798089725f4244447cd07ba8dbb6c99d00d6ee6ce38a12bc4e4b62ed6553936adb026e491aa8904348ac88ccc92df1f9fc0c417e1b3a675bcf7b94d271
-
SSDEEP
3072:jEGh0oplfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGbl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_4fa55fd404b924bfa9810aa11b49e4f9_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_4fa55fd404b924bfa9810aa11b49e4f9_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6CA3BD3B-DDBF-4e42-91CA-5467C1241105}.exeC:\Windows\{6CA3BD3B-DDBF-4e42-91CA-5467C1241105}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1F9118F5-A012-4e72-BBE7-217863E5239F}.exeC:\Windows\{1F9118F5-A012-4e72-BBE7-217863E5239F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2F5C052D-2B40-4717-9C6B-4309A71345F9}.exeC:\Windows\{2F5C052D-2B40-4717-9C6B-4309A71345F9}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{15FF90B4-6B88-423a-A3E6-317AE4DC45EB}.exeC:\Windows\{15FF90B4-6B88-423a-A3E6-317AE4DC45EB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5E4CDB95-9FF5-46c4-8832-E04748F36737}.exeC:\Windows\{5E4CDB95-9FF5-46c4-8832-E04748F36737}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4EF6467C-4466-449e-B637-8604250632C5}.exeC:\Windows\{4EF6467C-4466-449e-B637-8604250632C5}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A4E6CF4F-A457-4fb6-9631-58F3F841DFC7}.exeC:\Windows\{A4E6CF4F-A457-4fb6-9631-58F3F841DFC7}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{132ED0E7-8A03-484e-98D1-172647794317}.exeC:\Windows\{132ED0E7-8A03-484e-98D1-172647794317}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BF12E966-867C-46e3-B3BE-15EA9E8C6A07}.exeC:\Windows\{BF12E966-867C-46e3-B3BE-15EA9E8C6A07}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F085D56C-AE4F-4055-A4E0-AE63B8AF854B}.exeC:\Windows\{F085D56C-AE4F-4055-A4E0-AE63B8AF854B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7595A350-57D2-42fd-AB20-2AD39031A2E0}.exeC:\Windows\{7595A350-57D2-42fd-AB20-2AD39031A2E0}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F085D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BF12E~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{132ED~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A4E6C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4EF64~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E4CD~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{15FF9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2F5C0~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1F911~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CA3B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5c31b4005d6844b83194129a6549ea24a
SHA1afe75447d33aa33d2b5a3af6dbf6e973559deebd
SHA25651292a97ead4d802ff18079c89f651185e48c5c6b6d1a6f7e1190714330686f0
SHA512af158c0d8d965aa52e43ce3ffb40d58523333d541d471f4ed67e57dd46abe0538cba4a9d2c334e58616999d3ed19f3200782a2c7c19a758536a6f13d89c1553e
-
Filesize
180KB
MD5b30b2ea94b4817abd31658c9417c5177
SHA13c53939244a1dcaeb4864426f389cbda9f50966b
SHA2569e50d68b9e41fa603c7179366631ee1c612e35e04381b99b78a06ab9ecd910d4
SHA512746a789202083d929c96dd004771a867513a46623e6dfe4e05fad8aeec7605dfd705ccbab529749751f1cb47b9d3d1a8e1984f3d399ebb916b2e563f82003f7c
-
Filesize
180KB
MD5e8e97f83dd28db3e9cece08bd14fd843
SHA154104308c773085e1d3d0ad9d0907dff10252a3a
SHA2565f089f0de185671b101d3305a3c96f549673cae6549db81d3ab509ebab3464aa
SHA512b30604f61aa3c9a125dac4fc17372a2b8a858db315002c953518e5500a9518a7a7bb550e8305eb06512072b77defcad99b8252e0bf839bdead11c9b34c0ea3a6
-
Filesize
180KB
MD55c8ed5a5247bb62754357a208b957391
SHA1003e47cf9c40f83dce7429c5c8bc38f888d40e8e
SHA25668da2be8905b57338895ebf9f8dcbc0a31f8cf4ed4588026a58712c6a74e959d
SHA512ff7a360197d0ec27851e43468e99ebbcbaa8a9b469fee0bc88db8eebaf1263697fbbba3f19d8465d138ce89b728eee7ea17fbc3b00464a88bf78e34b281737bd
-
Filesize
180KB
MD58ec853f14367d3ade8216ddc9f4e6019
SHA1d4f79cc6cf5869a2adbaedc90ae1844c3f831b15
SHA256922a9c85d989f1c80efeaebe5b85a62ad151ea831613805a9106168710118ae1
SHA51248812183e48024fff35741d8e779a6c06b1a5f27881494ee80863335d705ad7d24d691ea0bffcba1ee6a862f3498ff61a4a13b1c04dc3c393178cc31976272f8
-
Filesize
180KB
MD5bf193126d41a7bbf8269b72e56e36e63
SHA10a63879f3b0bf9d8cf0b8fdb0181d73241015f6b
SHA25696c1eeb344cddb5a8685c0163e6e952b3abfc76dd797da31004a55a86c965162
SHA512a65629a8603940c0f3f89a3c85f335c5b05644f7ef36d53b0b6ccdfa324ecf80d53b1703626a318a469f423fa5fefedc8e84113e976342bdc90242e07ce05217
-
Filesize
180KB
MD51be86667e87e513ac3ba501879657e42
SHA13de6289d6194ca3053bdeeb60270800e59c33ecb
SHA25600bc1d7a5f3399cf973fdf82c662c354c81d92e40088e1e578ec4f73735218db
SHA512f488fcf426f2536f46d5923de51e1e603b0fe8dcc752be9a2736eb76a7436be6f394f816c7165d316d9b65fb66337c9538f519723b295bbe1b96d6e2acd44c59
-
Filesize
180KB
MD5fdf7e9cca8f9d3b0247e3164ebb452e6
SHA14a3068c539029ddf9afde4328d86b8e7b33c46fc
SHA256c28f1a662b126b8b0f7ce485f24522cf077dc94b5b9a0cc216ce55fe0201651a
SHA512f9d7cdf98371dadde7d440e48fc8c4a32e4b3332a91a0b39e87f5b76be71f9492c3b4c180d85da7ed1f8c9ef5c1c55e8271a554b7cd823636d8fe54f400fbd56
-
Filesize
180KB
MD59d88c64fab9d91732656ed003b8e07a5
SHA1976a7eb24140ce212be08f05cb74c302967faf6f
SHA2568fecca9c7c711c919e963c50db2150dc2d8bf0aa4f8b65eb30d800e576382294
SHA51211ec6d5a2b7187b223a56f728d97fc76f4ecd883ec3ac5bfe172ad3fb8f2297834bd62f2afb60c128e7b319882281e9088eee707adbceea0cac0c4161551428b
-
Filesize
180KB
MD5f955253f722bf82c6031658b25aa196a
SHA11684e295685884b4b9207a048453ec42eeea914c
SHA256d4bf1374faaa0c113f090742c64a7b6416b97e90254d426d07fb03f1c46d7333
SHA512e8b427fff195fd9418640d4216957ec17bac0319ffd431938a6447af3edaffd001724ae63e46a02cad309997fcec2a70af058ca418c4180e0c22d55284e15853
-
Filesize
180KB
MD57c61750bb1812f107fbdc110ccd6b7a4
SHA1dc03a4eefe9796a0b27e9e37a1208cb0e3401a44
SHA25667df324e624938f89e6f1ee26e98e8228fc62afa3be1a92b7298e1db6ed4a999
SHA5125d4b75fc5456db877b4479490f4449602e62a59a64960e21de679f0fb77b4410410e35652e6de2c8166ed798e2064cc7b503afdea5f5731f57b6c66ac9115963