Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
03/02/2024, 14:27
General
-
Target
2024-02-03_8b9b99c59a3c7c70124284ee523f822c_goldeneye.exe
-
Size
216KB
-
MD5
8b9b99c59a3c7c70124284ee523f822c
-
SHA1
983b62033684a530f2c0ad920d136661a3711741
-
SHA256
71b3c9721773a2ac6067f205ef667729eb7514d05b9a40552f82e73280eac878
-
SHA512
a8b7c72215b954ee10a90eb4539d3a7ae0f6141cbaa52b7ac7a61c5ad79886ba94ad3b2469c796d15b21bb032120ce5066aaacfcfa7c52e2e83919521068d925
-
SSDEEP
3072:jEGh0o9l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGPlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-03_8b9b99c59a3c7c70124284ee523f822c_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-03_8b9b99c59a3c7c70124284ee523f822c_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{970477DD-C566-438f-9F44-D52CBDE34F32}.exeC:\Windows\{970477DD-C566-438f-9F44-D52CBDE34F32}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{417D6EBE-E15F-40ad-904C-5BF71E7A89A9}.exeC:\Windows\{417D6EBE-E15F-40ad-904C-5BF71E7A89A9}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F995B4E3-C21D-4bcb-A2CF-F2FFE50EF20D}.exeC:\Windows\{F995B4E3-C21D-4bcb-A2CF-F2FFE50EF20D}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{68FE0DBB-8A4B-4aaa-A412-014D2E539043}.exeC:\Windows\{68FE0DBB-8A4B-4aaa-A412-014D2E539043}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{60B6791A-ECF0-4092-BA26-D530CE9E3DFC}.exeC:\Windows\{60B6791A-ECF0-4092-BA26-D530CE9E3DFC}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{44F83AD6-ACCA-4775-9743-BD8B3B5F21EE}.exeC:\Windows\{44F83AD6-ACCA-4775-9743-BD8B3B5F21EE}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AB475CB7-0782-4290-8703-CE86E065062D}.exeC:\Windows\{AB475CB7-0782-4290-8703-CE86E065062D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{62E26FDF-A3BF-40a1-A158-BE91709D3FB0}.exeC:\Windows\{62E26FDF-A3BF-40a1-A158-BE91709D3FB0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4130E684-8FCE-4510-8771-964C9092DD79}.exeC:\Windows\{4130E684-8FCE-4510-8771-964C9092DD79}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BEF89E0D-3DB2-4088-99FE-908F30BC2559}.exeC:\Windows\{BEF89E0D-3DB2-4088-99FE-908F30BC2559}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BEF89~1.EXE > nul12⤵
-
-
C:\Windows\{D6B79562-5E94-4179-BA08-D6B4C6AFFBA9}.exeC:\Windows\{D6B79562-5E94-4179-BA08-D6B4C6AFFBA9}.exe12⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4130E~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{62E26~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB475~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{44F83~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{60B67~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68FE0~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F995B~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{417D6~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97047~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD563d5fbbc2317c37e60cf778ccd1ec131
SHA1497f40b4d90d4eaf441e21622026c2d5c9c6a595
SHA2563ce241ccea3704698c8b2d2fb09929dc6c26be05e7ec349c69ccc398403b26da
SHA51279e6354e815be3b471e2af2a5ae09d35ab148b05da1329e4bdbde18acc30f062adbe6be2ff751d08b128227300552cc661474e41c7488cbfb71bc48f47f25ffd
-
Filesize
216KB
MD5232aaae2ad8343139b00b2cf14f69dc4
SHA1154f9b400b02fab2585a6773c7a723f21db4dd15
SHA256658caed9f53644f2235a10e305b66aafbf38e1643b0e1f9d090292a3aa5ca180
SHA512d1667671ef2ae136dc87774bc1bb19bad07c53eecba60fa3829fc73fb33b8c84ff2543b6992e6b074969be826ad63098101203e2ec0eb71269968677dd6cfbde
-
Filesize
216KB
MD556b1d522179d24dade65fd303cc26279
SHA1c61e37fe910a781e67b95f3a8a3197a32009acb3
SHA256379598e05c58f9428429abdd70a54026433e20141e17f4298b33b66ba73cdd5b
SHA512f026822218d3a191719c062a26781a60ed4e44b405772aa45783cc76b0682c4612fa7f266ef88e08780920580207011f43835ba913b485683c6c9fcbf817ed9e
-
Filesize
216KB
MD5f0d931635329757189ea13150498e620
SHA175f277dba645b22dd5ae927b4a0c9393e5f76aae
SHA25636fb3a4866193f1a810e4fc0d5b3e03f1ed9f797f57e1330ddfc4b16cf8fa0b8
SHA51268f472ce627d6b942a8855141bf2d391bcc20beea58c760ddce3417db2f98d7fdef7e066a3bf086e05a353924c89038cf0ecff9f27af1dfda5c938ddebd704a5
-
Filesize
216KB
MD5d904bc273ee27656881924d7283c689e
SHA1697418acb925e29dbf1db554b24e1dd6a4d33610
SHA2566b7f782117178274a8694594fe1cc5fe7a99ca1db079db85e7bef6e255ac3313
SHA512299fec6e6175f9ba8b085b16b97b3cc6ca2f576914dc8080c5caf325e79f280c3b70e1fec77dce2a11f795a704ce1b1efe33132e25f489c43eb6ca7db3e5b5be
-
Filesize
216KB
MD5f2a1cc85f7787e3f227687f535518dda
SHA10a11b0514429896188e03b1304643d293c00d7f7
SHA256b1e80bdf71c144a718a60d63fe2ebaf027c9b9338130f1ff5268b3feb59fbd34
SHA5124be026923307e38d7f44aebb6b3b3e9f8ce78e4b35ddcb2cccc9bc6effefc46850573ec779c6b7c8d7fee9d161b376409b5542a6eda5d1c82ce3767a205ca9e7
-
Filesize
216KB
MD52975cd037f89ef4d3b0fedee99f636c2
SHA1c1b25ab4a9c759f7306b268bb28f452cc655f752
SHA25646aa557d308395fa7536a3b100b998489c3c88100863edf85e892627aeb8f100
SHA5120a5378936cf6a5721e66a8363271333f2c212c4eada55a1dc68144e4a69acab2829a1b445b9d13707dfbfcb62956312431f0108f24622e90b9d9f2854e83e7e1
-
Filesize
216KB
MD5bf44ab061c96d862e7ddad0b6c80b5ca
SHA188eea775919f3fc51e999c8864310b77c98462b6
SHA256230b8037709e6ad4f9344c20c098370fd77a208176c236d3879c34ccec608e2d
SHA5128c35f1df8aaccad60c76cab017a7da1486219cb4306d92d8c310e961a43507199000126620b69217138617cdda2b7895d69e4a5af1e0a72062c527a66a09bdf3
-
Filesize
216KB
MD5a966a16096531ed7bc2262dd653755d5
SHA1d9be12ca9c9f60ce4523fcef53a8c3708f836178
SHA256ba334c7293a23f9dbb752c66bf96bde93ff738d00f471be559d7a3b3b17dcb1e
SHA512234282cfb4144499f73b6028ada070df4552acd456c9c70ab3fad3ad04dcd022ad4b4cbe0bd3babba8c77d9c2d2f5784933849c4624a94c53abbf728960dc7c3
-
Filesize
216KB
MD5e117263ee1be5676f9df74bc81047bfb
SHA117a2e33f9174021d61ca22e94e977c7c2f7c48fc
SHA256f32b1376344cb8075791a81ebc14d6f418d7dc6252097e198f4b1867d6fc1848
SHA512e450a39d8c8349172abed1af73cef4b45e6694537737ae61f17f89463f8c91ef668244c6fffe0308193bc779fe2eeae6db117e69c09f5611b80a5ab5946d31d7
-
Filesize
216KB
MD5f581d8763f2e15b2020902cbe1b22d00
SHA12da59a55faaf428c99616e0161d4f6ec15ef9e37
SHA256ec8a1938ace52161dacdeb4d736d73c1abc86c1c2f8ff1cb1f0138182a3cb04b
SHA51286a2bc620b239dde254ad31cfb934744a3ed19496e1ce76ccd7d9619d7ac3e0dceac0fe726dd620c84e970a5a2d0e2b47d9140022146fbe4065a39396a254cb3