Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
04-02-2024 19:42
General
-
Target
2024-02-04_da0b1944ce4584dd9854d66ba784d0ef_goldeneye.exe
-
Size
180KB
-
MD5
da0b1944ce4584dd9854d66ba784d0ef
-
SHA1
9fb53df437c42ce8952bd11c8ca8f90219f68a30
-
SHA256
2b887ec3d949eaa909458fb0c65c8f686acc87a012a6bc088045ce6f4c456d97
-
SHA512
6aa72a22b83b1f3778540e18ba52c3596b72c22d184872beaef1935f7d54a39de2e362b2ff9eb1ffeaf9dbe4b449cf76779fd78aeef96ec0e765980ca057d714
-
SSDEEP
3072:jEGh0o4lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGSl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-04_da0b1944ce4584dd9854d66ba784d0ef_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-04_da0b1944ce4584dd9854d66ba784d0ef_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CAE01679-2524-4b5d-B9BA-C5F7B5DEA877}.exeC:\Windows\{CAE01679-2524-4b5d-B9BA-C5F7B5DEA877}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DFB5494F-05DB-4301-BFB3-6CEB73378957}.exeC:\Windows\{DFB5494F-05DB-4301-BFB3-6CEB73378957}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{27176B4A-07E1-45c5-B836-3EB505ED5F8B}.exeC:\Windows\{27176B4A-07E1-45c5-B836-3EB505ED5F8B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ACB2D0EE-570F-406a-B3B2-F4872647C24C}.exeC:\Windows\{ACB2D0EE-570F-406a-B3B2-F4872647C24C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1EC450B5-8968-4246-8B2F-DEF9BA3F6B3E}.exeC:\Windows\{1EC450B5-8968-4246-8B2F-DEF9BA3F6B3E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1EC45~1.EXE > nul7⤵
-
-
C:\Windows\{88F9AC0B-3EF9-49d7-9775-5E056773FF96}.exeC:\Windows\{88F9AC0B-3EF9-49d7-9775-5E056773FF96}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{54E95123-13F2-449b-9D49-66DEFDF02871}.exeC:\Windows\{54E95123-13F2-449b-9D49-66DEFDF02871}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DA463235-BA86-4dd0-BF5F-8AF295DFAE8F}.exeC:\Windows\{DA463235-BA86-4dd0-BF5F-8AF295DFAE8F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DA463~1.EXE > nul10⤵
-
-
C:\Windows\{71389830-E1E5-4a74-B06D-36E34F51E6FE}.exeC:\Windows\{71389830-E1E5-4a74-B06D-36E34F51E6FE}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B416DADF-EE4F-4345-A518-1F9324B22236}.exeC:\Windows\{B416DADF-EE4F-4345-A518-1F9324B22236}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E49AED92-0891-4aa1-B721-B57321BD5731}.exeC:\Windows\{E49AED92-0891-4aa1-B721-B57321BD5731}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B416D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71389~1.EXE > nul11⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{54E95~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{88F9A~1.EXE > nul8⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ACB2D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{27176~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DFB54~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CAE01~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5d329c264c844f997b1f44f79447bd72e
SHA173f569f161169ca9bafd9c7682429676bc204944
SHA256625fddf5e4c9e660d1dde97ed51a48f93ebda8670c2e6ea784216da9d15b773f
SHA512de91d1dff6cc8af3ce30e3cac44ba69659bc049251153979d4252fb8da6d48b2dc02b8e6d9f45c065c41151e50914e2a2db28956a915f6ed19ae449cca45e4c8
-
Filesize
180KB
MD537a6f9483ec1efee0ee556ba760e9ad0
SHA1b0add96f2ed0a7f69fa1280369baf436b89d3adf
SHA2566be6d5bb1f1f76c03d2a772e4b5bc85d152228b87e711372297a7621b2b43c09
SHA512e39bdfd198272be13b274e4080e040f0cdc5760b2feff02de9e598fa5d30fdfe5f2b6c422f62aa8b70aa51840d0a6ff3ba0b70b47724dc8187fea89b95c3f405
-
Filesize
180KB
MD57c602e46d928eb4b4d21e6b20220d1de
SHA109e0e2cb33d407fba8d188ae1ef7118baa6679c6
SHA256fd55ca177d70f6f3835c47a32ee07215adf4f9915cc6ecb0ca2ee786cfe90101
SHA512cccf39a94753f985e43284bacec827092ee2905e743ab8853739d5045a6c923fc582f1de6fef24ec23b8f6dd8162030e64c9673d92eaccba08c752ad8aedd85d
-
Filesize
180KB
MD5cc013bb6b938c6d219fe1df398b8e9a8
SHA177bb845f310378224c03f31fcf52a6a8430dc2d0
SHA2568cf43879beec52414fc782db71c656959cd8c718a0cdf9c60c6f7240bfbab178
SHA5128d0a304538e2eae11ff40939ff79dd39338f31742953fc5dd93b6431c869fd911e9294927daf95fe5a2c106d57b2f2560811884d52b4ca6bef2adeea9ab664a9
-
Filesize
180KB
MD55e94ce4259558a46d08f8039326c44db
SHA186c991a2f291fcbad607066eb78a09bcbbcd5cd9
SHA256b27f71ff9fe625f488f5512db86177ed6db65d4cec4e872eb0611fab4e4afb99
SHA512eddeb5a7b010f58db4036ce01d1e62aa34c73bf2ad630f9ab5f2d3768167a6e4243b580e92297ee8c2bc9e481649c60c6cf07f067d5ae1dbf7af873f873f12ab
-
Filesize
180KB
MD548de5a2d20d8227efa41ad3c9d9ce79a
SHA1bf868cdd21b21a7b3a60e559388b389e88c37631
SHA2567f455020aa8277ad86c14d389b3a2d805f05166f2e2e35334090f9fc3d9165c8
SHA5124540a83930d39015d772123c2bf7f32bce2d40b5ba2fe0602a85c5993058ad2ab626e057968ec48891101e48f64f09af6a7cbba323bb7098235563d294a476d4
-
Filesize
180KB
MD5c17b0864140e5830acd9385a2ba9c3cc
SHA1cd8ecd8ea40b1da3de0aaa8d49046bc66b98cf67
SHA256e835b225622a3ba5f00878c737bee78e9773a03a128fdba91f58010c3f7b80d6
SHA512cf3f104072c5cd7149c73a34be144c41aadf037a08e786bc71d76cb752c6545002a4533f8b94bf6cbff95031f4569a235c3c800ce579d09c401dc820287a583b
-
Filesize
180KB
MD5c98d6565ad442addeef8021c35be0058
SHA1ad7b603e6ab45e18c75e54e18e0845f510d09559
SHA256a147e6310e0466f214dc154887d0a49d9df2120cd4015203b66133a00fdade34
SHA512ead675a6461f832ba8f0819de5c0de275079292055283882f7652428ff07f57e25b00d95f5ea086468cb810f4109799043fa2f393a3d543eab494ed341f132b0
-
Filesize
180KB
MD5ed532e188f8fcb52d7c47aa2888cee2a
SHA1227c4651b72fb877a19994e0fb3b54ebb045b739
SHA256d4fd44705e449daaddd98494017633c65f0a1177a8a47b9a64513c4a6a583d8c
SHA512bc29ec2ced15d31418e3ca973f595f36cb4bc2378d5587e7266ccb8c29aec4ca7cf46236220fbcf73c69a28e0579424a3ab1e39d1c413cce0ff2cb469c342330
-
Filesize
180KB
MD5f9d228b598125053e1cbcebab87d3aa6
SHA1d6762f31fecee672004c586aeb58dacfc5a9e99f
SHA256d6e263c105f343616acd0fa187d979f2cf85e03e52374330c3caae4fae462bc8
SHA512f7a37cf6cb7f8d1dbaad27162558c8e8a5670cdd2010d55fee9e6a57a0149a25e9682b8cceca1af591050f00ceaf7ef49f0f1ca4a87292ca404921132ea19645
-
Filesize
180KB
MD5dfbedf3d67b89e2f1009b12ef4f5cb27
SHA168eaf4383e42ad4e282d059f8a95e1e6ee07afaa
SHA2569c7497238b3874588147329b0618b68ddb27375a9c06bdc81933ad2f6c641e88
SHA512e25ad037e32f1939e72fa39c2970604c1d706725a17399df801e877fdc6d62d8a5e2c8a4bff767f6610baaf3b7363991adec11baaa1911f5a49d9ce167324b93