Analysis
-
max time kernel
157s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/01/2024, 08:25
General
-
Target
2024-01-26_4c30284f6ca1b7bf96a28503f16a4baf_goldeneye.exe
-
Size
408KB
-
MD5
4c30284f6ca1b7bf96a28503f16a4baf
-
SHA1
6b63c643d7799ebd8e178cd54c8c11e96ca7b62f
-
SHA256
0d4945bd4b657848322f932b3fc3d6c9306dbc2fb0a69b9a65d9d89111afe229
-
SHA512
6948102cfdd7cae226f8a36010318dad810933c2603c00d8ec9c12a4ce11d5dad9e9dc66d93aee0c4a1a9495d5a086c0bc1cd6f4d4fbdc7d00cc0e22da5e66de
-
SSDEEP
3072:CEGh0ozl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGJldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_4c30284f6ca1b7bf96a28503f16a4baf_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_4c30284f6ca1b7bf96a28503f16a4baf_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5E672F94-5263-4624-9A50-4BA57A33A154}.exeC:\Windows\{5E672F94-5263-4624-9A50-4BA57A33A154}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E145EC8F-A8D3-4725-BF6A-F0D25EB3E5E0}.exeC:\Windows\{E145EC8F-A8D3-4725-BF6A-F0D25EB3E5E0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{736D8638-6A17-4f8a-BFAE-EE60536664E2}.exeC:\Windows\{736D8638-6A17-4f8a-BFAE-EE60536664E2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B0E1C0FD-0662-4f15-8759-826ABB5EB21D}.exeC:\Windows\{B0E1C0FD-0662-4f15-8759-826ABB5EB21D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B0E1C~1.EXE > nul6⤵
-
-
C:\Windows\{E53F846D-EF8D-4eed-A930-4B741B1057DA}.exeC:\Windows\{E53F846D-EF8D-4eed-A930-4B741B1057DA}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3FC5F60B-FF74-425a-A967-752CE5B7E50D}.exeC:\Windows\{3FC5F60B-FF74-425a-A967-752CE5B7E50D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1539D8F2-5C4A-4d0c-B617-0A5351364D11}.exeC:\Windows\{1539D8F2-5C4A-4d0c-B617-0A5351364D11}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5E1E9095-582A-4e5c-BDEA-A9B0082A80C1}.exeC:\Windows\{5E1E9095-582A-4e5c-BDEA-A9B0082A80C1}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{707BAB72-D21A-484d-910A-B217A1955E52}.exeC:\Windows\{707BAB72-D21A-484d-910A-B217A1955E52}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E52D65A1-53B7-4fb8-A216-7147FF403094}.exeC:\Windows\{E52D65A1-53B7-4fb8-A216-7147FF403094}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8D9CEF97-56DD-4e4c-88ED-2CCD1E8DEC7F}.exeC:\Windows\{8D9CEF97-56DD-4e4c-88ED-2CCD1E8DEC7F}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D9CE~1.EXE > nul13⤵
-
-
C:\Windows\{3ED3ADDB-3D10-435c-9B3C-8955F957F442}.exeC:\Windows\{3ED3ADDB-3D10-435c-9B3C-8955F957F442}.exe13⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E52D6~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{707BA~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E1E9~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1539D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3FC5F~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E53F8~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{736D8~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E145E~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E672~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5cd20f94d6b3e2b7ef207d527115e613e
SHA1f8551b04907d9b2afe1bbf4ec2928104695a626d
SHA2564bb91e6036b8d642fbb8f86626cb4011c756383523234941bbbf1820dfa70a18
SHA512f65a1b9c40416ed373840f1c4f08a4e6be37c75b7078daa69af68993a7022472ca658334be68dcf85927a4d0c3dfaa49bdace91be34d3fe3ed1e6096b698d297
-
Filesize
408KB
MD54f2e9146b2074a55a0418c11398fdf64
SHA16ff41026c71cb5aa053cf68cce289590eae0e27f
SHA256d525b901b81ab6bf0609f6be14bd73fc24ae2cbc6202edc971735889ee516692
SHA512472fabf772b65ff31b8fd5c2f940729753741268f11427f4c9a42c059ad8fcaa3ab0f3d2a94ec61d00e1b681b276e95d60e6cc4582eb3e4ab72fc60f86d765c1
-
Filesize
408KB
MD560402a8c89e38ed27959a9569406c4f2
SHA13ffd217ad60e6db5370ed726e2a0439b50803e06
SHA256bd2c8c6c0e8bf7aadcc504520e59f890c76c0d8fb15ca97399fb4781c4c6b5e7
SHA512505bd086c2f486995a6c83464a01f3266dc124f5e2617e91c34362d3d0adffba3467b22bb1bde41d75e9cad5b915d5b8b9066fe8b9042b6e7c418fd31d8e05b2
-
Filesize
408KB
MD54063ec1bd003575a7cfaf276962e2417
SHA1ab293094e1bf2fd89eb13cccbc463dee601c183a
SHA256c5df4d794b0a6c59b9292c6549032e9d989b24b8ca7f31408b5d15edb7436903
SHA512fb1cb6d6d16ca91011f98d4b7cda53f997ee3e1410a06067f2727e24928f86b266aa55f33dc7b234cc1187a4562c543e6d8ccea2b8995052ddfbdf26d7b0d9d3
-
Filesize
408KB
MD56ebbf0c9c951ace2e2834f5b6a88553a
SHA14d99f34d5c2349be7d204a3709a4090d49e01fce
SHA256c37c7ee685c2ee62786ed2b679cd5f75bc817048aa1a1261a7aed5f27e8cf7b6
SHA51292c32600c13b924b38233ce1e17f6aba0048a04b412dc60c7ecd9a1c791c71d7f401349d1bdbbafa7ab3021c114993a2d180160c3deac0a1a8fac4e8955049b7
-
Filesize
408KB
MD5181a9ac37e854973439d96f536997246
SHA128da899bccf9932ce5c363c27c1ec8a757e77d3b
SHA256faac070176d94cc0dd9fb35484c7e554279d244b5787a570876889292dd6ce6c
SHA512b3502c8ffadf0d9ce12e7656a55a489641f75a368b09591187b916094d6896bd62d00497cecb3557844f641c2275edd181bf6677437d62e84f3016107fa54e1a
-
Filesize
408KB
MD523186863ba9acb5128cb4a4a57cc2e14
SHA1c3913b962698190c8ee2c3bc20635503f8d566a1
SHA256eb0ee8005aa449649ba50d52489cf213b55a9981579be1c0918d3731dc3b84c1
SHA512b2c49ebdeeaa4f2048f14ba056cbae0ba21f0a6d7b8fe6d7657eb33ca3b62a4bdd393b9235fbcf81ea81e229313fe04f25ec953760894dba4fd7d4cafcfbe7d1
-
Filesize
408KB
MD5bfaef5f7deeed0a58aa007a7cd6c1d47
SHA15d1df3ad9a1e5c0f28703776d64074d781a17dc8
SHA2560de661de12cf1ed12efadfc54d2b0f56b43d87315c2325ae28391eb83b107dc9
SHA5129cf5771c139f7ce74c0dd4e7f3aea31d744859f733d9eb27e8f4a2a08a56d42457737d6a8449c1ed175bdd7de00731aaf34acaace1962a0c3a45434490e6a423
-
Filesize
408KB
MD59d30508f2bd89c2395bb92a047e8ec4c
SHA1348d797e6514481df3faace09f77495c9931ca8d
SHA256a8c7be9a694ccfce9657a9dea91525ea1b634681b570f7197d9cce01d5e48155
SHA512b003869d28ef5148971cfa4c12feb6edb24c45893d9f686a9fc418985a0a8f036a6cdb47037f36b5cab977584c112b8ab232b51bd6b653d83d643093d0a786a3
-
Filesize
408KB
MD5890cd0e6577c02cbfc848fc22545adbe
SHA1736af613b6aa0e27a443e87c0ce434cfa8260439
SHA256d3b7ab7aadd760dcd4ba486bfb7aae21b13df50093cd74eaaafa08897a53f51f
SHA512235c7d29c28e988d3a45974023c932310649e233c3068b3910ee7bc2e6b82a18a462901a44c0189f9e382b56b33a7ee7e2b5fb2f6b1c3336d6ae8d49f801a06d
-
Filesize
408KB
MD54eee03cc39b411c849d39a95c495f301
SHA104666bf9c73fca3c022feea4a35dfdda264d4698
SHA2564871226c3aef4229f4c0640796d2017ad3bff3d93a486b7d186e1678f935b8b0
SHA512d480640c205de250097787b0fcbee8473009a1759d85bd0cb5fa784553b514c23d7b1f7bd4cb949cac28c9ff45b6ef18f2a6b23f97a666a182a502465c5b4fc8
-
Filesize
408KB
MD5d97892206539d66875f132b93db1e664
SHA1e71103bbbd276e9532d4d721a2ceead10fadd32c
SHA2566e7da6007ff37f139bca45912baa00d637065a23fc10ed8978648c1d500bde62
SHA5128ad4ca67f7d9bfa07fcda89e51eaeae37e86f5379a4408a47565700177fdbc28fd5e335746e757e21b84695497dd8e8b18b3edf90845ce284ae8dcca4b6bf702