Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
27-01-2024 10:38
General
-
Target
2024-01-27_9afcce7aeaa503c77dbf092ae0584cc3_goldeneye.exe
-
Size
408KB
-
MD5
9afcce7aeaa503c77dbf092ae0584cc3
-
SHA1
542701d64d921d6dec0cdd3443acb94f76f3bd3d
-
SHA256
09f0f380852de773bac766a53f08c787664bb17c49958c90dce991eb104d2347
-
SHA512
edc99e45262accac276a15775562e95d6b8aa7a8d56937c749b288e203a6c73ecfbe1cdd3b18c614c4496dc5797add37a44c676c4aaa0f330c7cb7d7e29d06a4
-
SSDEEP
3072:CEGh0oZl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEG/ldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_9afcce7aeaa503c77dbf092ae0584cc3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_9afcce7aeaa503c77dbf092ae0584cc3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7A8E15DA-E32C-488f-9B3D-727BB2316F1C}.exeC:\Windows\{7A8E15DA-E32C-488f-9B3D-727BB2316F1C}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7A8E1~1.EXE > nul3⤵
-
-
C:\Windows\{EB5B8CC0-F7EF-44ca-9699-8E02FB154897}.exeC:\Windows\{EB5B8CC0-F7EF-44ca-9699-8E02FB154897}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EB5B8~1.EXE > nul4⤵
-
-
C:\Windows\{BFC2113B-D3C3-4234-B077-C9D7AEAE48B5}.exeC:\Windows\{BFC2113B-D3C3-4234-B077-C9D7AEAE48B5}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BFC21~1.EXE > nul5⤵
-
-
C:\Windows\{64051ECF-3D00-4f33-A0DD-687B175C0731}.exeC:\Windows\{64051ECF-3D00-4f33-A0DD-687B175C0731}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64051~1.EXE > nul6⤵
-
-
C:\Windows\{98C50F52-FC4E-4606-8205-7A505B9361C4}.exeC:\Windows\{98C50F52-FC4E-4606-8205-7A505B9361C4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B9D4754F-E8B4-443d-9228-3A7D4023DFAC}.exeC:\Windows\{B9D4754F-E8B4-443d-9228-3A7D4023DFAC}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E2008D9F-897D-4cf0-AF60-9BD854B43D1C}.exeC:\Windows\{E2008D9F-897D-4cf0-AF60-9BD854B43D1C}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DBB5FF94-19CA-424c-8D6D-794C4006499A}.exeC:\Windows\{DBB5FF94-19CA-424c-8D6D-794C4006499A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DBB5F~1.EXE > nul10⤵
-
-
C:\Windows\{46BC4638-2C9A-4dd9-B291-5D5E0DD7D8AD}.exeC:\Windows\{46BC4638-2C9A-4dd9-B291-5D5E0DD7D8AD}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{46BC4~1.EXE > nul11⤵
-
-
C:\Windows\{1FCE0C6B-9453-4c5f-9412-E45F4F935161}.exeC:\Windows\{1FCE0C6B-9453-4c5f-9412-E45F4F935161}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1FCE0~1.EXE > nul12⤵
-
-
C:\Windows\{52B65B55-C1FF-4dec-96A5-2CF197DE43C8}.exeC:\Windows\{52B65B55-C1FF-4dec-96A5-2CF197DE43C8}.exe12⤵
- Executes dropped EXE
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E2008~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B9D47~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{98C50~1.EXE > nul7⤵
-
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD58fd073d4295335a17480e4deab9a4190
SHA11a6e4e0522c203a471df2dfeb92c9b016af78c17
SHA25622ae7d47defc78fa1069925c9093e7db293fdee2b467ffc5efc26c43b0847ba7
SHA5123786239dc81e83fec4b0faa9aaaa87c481993b867d01ba36071fe24c1210019ade34f4f66c9a2840e781632d3cd6fb2a26226a0aaffb99d549249c73ba7925a7
-
Filesize
408KB
MD5fe37fda0270f017effef304c54e3287e
SHA140262802ab3642af114a2e6f2bcb3c42c3eeb261
SHA25647d1751b9929311b08f2bfd04a915e5ca16073b7dcec1da5fb484f0d72295fe9
SHA5120b4b279d10cf6dff02271e750619474f70a0af5576d520a072b36c8371718e0ced42eada800ab4023ed4f7b7936d007ce157302a3c0ca3015031c96e92495065
-
Filesize
408KB
MD5188e7ad007c16bc70f2a9c4583ebb63e
SHA18b3612f3d0d99b202d7c4bc96a2920c3ced89bee
SHA2569459c0c3657284d1eb991de26b624aa2a7550110cd8ed44be3fb5aa4d8d1f86b
SHA512c89501265e12bc5cca9b6bf483c93b04ba3ae151105fda25b83a2589aeeade7ec145f213eaa4948b8102e2a099a3e681009a728ecbbf8795602e042ce6f0d772
-
Filesize
408KB
MD5776bf614415027ee8c5154d97c25a35f
SHA1ce2d696e59c782b93d7d9e4299ac27ce62c7970f
SHA256df81cd0216cc5856d3417eec6f63064d9ee8cb6cd599d95024ced8ba4d491e4f
SHA51253163f50517b392bdbff245f08ffd40360854c6c05783aae66d9a24959e66f110306bb0b94846a0e5e708998e1a40636c45741c2f6969d50cd9104303d1c6d8e
-
Filesize
408KB
MD56e015b75369ef2500b0fc1ad5d875762
SHA1e88376b8e401c6386c11a10f47dac57ccf44b8cb
SHA25690836b796cc6833f18440805e50d166dc7185eb1d431439bfd92102617653730
SHA512f689d8fea6bb810f183fe1086dc7a676c2b6bb591f5fef6190110e19b859921e2439c141337b63c76164a4b84d249ab66eab14ec2dccd456eb1f133e8b937ce0
-
Filesize
408KB
MD57a1efb0136b8b6b23a326339febc3a3a
SHA1d8ad551d3d7b34fad436bacc41c98e7a4265bfe4
SHA25621fcf73a289b4881dbe92d6c001e2bb09d875d0b14e1210170b5ea5faf5c81ef
SHA512c1d28e406f160799a63a9613bc0da08b7a66470660b56dcae88d824d2db783fbbd4ad2259d125cfccc26ba46740da8d30a340c94876918662dbb90cc74299498
-
Filesize
408KB
MD538c96621df1063d08d9ca608af8355a6
SHA1894de9f62964e85340afc96f52ef9cffa1c0fca4
SHA2560f0447836ab299431ea437448278f7e44d3b13fc8c6a020695b260126932e59e
SHA5129c19f62544a48e736b1038b95467917ec63626727f553da943b61c16fbd291bf57bdc5804043c3974e6c3b418c0c94c91a4ecbdc96a3b1f43d11bd24241c6036
-
Filesize
78KB
MD51bee25d9d246c2b46325c89cbe1ab7d2
SHA12be5afb6d2d58756511c4238235c860699927ac2
SHA256949d7e480c6fab0aa54cdf07559fd86e30f27ced1642a4d3ef9cd24134b00c44
SHA512c54bb1dd7c4eb74368d7a7ebad0d3959255f8914ec7a4c77be03da572be3ad323faa1c2ee91f223c5860024d2c1746a44197dc42c87be30e16c199b126f65258
-
Filesize
408KB
MD540b7a92f408fa0b10b0c26c8508ac997
SHA151b41b7d97e02167b5af6525728eb1c1563c3cf1
SHA2569428eb1a5b4692669cd5e40984e21356a85ea11200014ed829ffba7a1dd95dba
SHA512a048d3492427c6a95fc0992c3fa745f0235e912657f9820ddb1a55224b58eb57450f602eadb8316d1f932c5729ebe09ad9772858820189540a87c8ee3fcfe3b4
-
Filesize
408KB
MD56815f3224fd14ee0296aae0342408450
SHA1b42a1a01153bdc844e9907043533f3edec4c0cdc
SHA256d36c06b51fd8ad320a4bf7c0bfeae39028447dc3863e1e94b502bc55f9bfcda4
SHA512543fe30cc9e488d3634a90bfa91d5ff124bba64a4e4a7f58414470ea2b58eee3ed2e4c7ee3e4069a5a1e20fbbf939e641de4f94c711984b27eab2ce8c9196112
-
Filesize
73KB
MD5509708a894ad8a3af5da5b20688ffbb6
SHA1348a9c5f68f6568d532925ee143fd7282d2139c7
SHA256fcf0cc13c3dfcbd5020db2b03c82863c1538993e29d1229b462e836c11c9311e
SHA5125d2267dfc2e1eaeacab8b988800237b4ce44eb317924d10e3e18cda59aab772587f3f3afae2ef967c94f92eca8fb9f2f8438e52a3101e4cde7fbe8a049b1dede
-
Filesize
408KB
MD5f127e3e7f7b015bb25c366e563f3ed4b
SHA14e1d696f62063badedc9a09babbc253d39035789
SHA2562edcaebe911d8c1624fc1ce3042a9dfa040c4300436a48278c39c68135fcf6f5
SHA512ee1fe327e32457835d353e4328900d447159b27d6c92582d4fabc4fa8314ff7fcec9b5f804ae16f5e8ac57ccb85df52da5690c8e8d0458ee293aa978b6cdf091
-
Filesize
408KB
MD561da219e0b78b875d8e8b8656b87b7e6
SHA1b4266bcd25b4a8ac01fde57bc27a17778576f8fa
SHA256653bd67b28f0bd95b03a813d53c586595c1b357e21fe6816a11cd4f8029395c6
SHA512cbac516cdf44c67f3052141c49b7fd2de6ee5bd64eaa06d80029aaa987a7a02a2d5c4b84bc32ce64eee87a4c6efd3a0966c78c89d1ecef599ac8b721a3d13d98