Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
12/02/2024, 22:29
General
-
Target
2024-02-12_96f7c4ea173f147d5dff08592d842d89_goldeneye.exe
-
Size
216KB
-
MD5
96f7c4ea173f147d5dff08592d842d89
-
SHA1
a77b1dc13287a636dab6e77d7fdceba21a9a9f73
-
SHA256
b3eb380467aa727b235c8f9ae9dafa71839500f253a4c2072115611cf1124177
-
SHA512
d2ea826af104da57ba7eec81e1ea401029b74f3498c35aca3af842563d1527a7a597534cbad80f4e731a1194188844d4e8cc529e3bf36f23a84c7629da7850aa
-
SSDEEP
3072:jEGh0ogl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGWlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_96f7c4ea173f147d5dff08592d842d89_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_96f7c4ea173f147d5dff08592d842d89_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C4AD4A58-D209-4d5d-A59F-12F3DC0B6ACB}.exeC:\Windows\{C4AD4A58-D209-4d5d-A59F-12F3DC0B6ACB}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{14CD3BC0-87C7-4057-8A22-F06D2D29714D}.exeC:\Windows\{14CD3BC0-87C7-4057-8A22-F06D2D29714D}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{14CD3~1.EXE > nul4⤵
-
-
C:\Windows\{81295D3E-FE4D-438c-9182-88121BDC0ADF}.exeC:\Windows\{81295D3E-FE4D-438c-9182-88121BDC0ADF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D70108F8-DB42-46ca-90B1-7A300B23B267}.exeC:\Windows\{D70108F8-DB42-46ca-90B1-7A300B23B267}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D7E0EE01-10D7-45ff-BFAD-99A2281EFBC8}.exeC:\Windows\{D7E0EE01-10D7-45ff-BFAD-99A2281EFBC8}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7E0E~1.EXE > nul7⤵
-
-
C:\Windows\{D5A87E6C-F41F-4afe-8987-7267795978EC}.exeC:\Windows\{D5A87E6C-F41F-4afe-8987-7267795978EC}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D5A87~1.EXE > nul8⤵
-
-
C:\Windows\{B67C6801-902B-4bca-849E-BD065D4620CD}.exeC:\Windows\{B67C6801-902B-4bca-849E-BD065D4620CD}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{777D4FD2-4C1D-4f16-81F6-E733B22726A2}.exeC:\Windows\{777D4FD2-4C1D-4f16-81F6-E733B22726A2}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{777D4~1.EXE > nul10⤵
-
-
C:\Windows\{CB69D188-8AFF-4b4b-ADC9-7532100D19CD}.exeC:\Windows\{CB69D188-8AFF-4b4b-ADC9-7532100D19CD}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{80DFFB8C-1CA3-4285-A2FD-916702740EA1}.exeC:\Windows\{80DFFB8C-1CA3-4285-A2FD-916702740EA1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80DFF~1.EXE > nul12⤵
-
-
C:\Windows\{E905587A-090E-47c4-B8DE-0CAE4A6635E7}.exeC:\Windows\{E905587A-090E-47c4-B8DE-0CAE4A6635E7}.exe12⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CB69D~1.EXE > nul11⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B67C6~1.EXE > nul9⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7010~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{81295~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C4AD4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD548ded0af9ebaae00d3c0af63ec4058c7
SHA1647075698328ad1a595e97631accbf1a8a7c9438
SHA256dc16c5684c7a5f5b3cca7567369eb802bb4c50d92f06e0b44c27506ef7b3334d
SHA5128e79290d01db70e93797ed8fb2c886eba2311570ed39dd3dec0025fbec3bdee09f9fcf421427a9e5f46c681bcc1003bf9c1dadaa6080b84139ffa8718065968a
-
Filesize
216KB
MD567a7bd6493af955f35cd946a81c95dc7
SHA10d4c6c7e0593a94d877049a0a8fc08bcb913f76a
SHA256f999cd837c09f39014e8388afeb2dc5877665171846aa1145a5d5d1926c648e7
SHA5125fa30c085ff0b591f671a1a7046f52bc5be871a975dede04d1ef2e6a6a10873b9dcbe6bfcab140f9080eac4797caa3192fa76c4b762268cecf2f08114eed384d
-
Filesize
216KB
MD50855b7a9d09db975b9da366aa86880b6
SHA16f671a2dedd9e7498158506fa4481f262934d75e
SHA2565b73282211a8c1149ba23c75003710c1c757dfbde25503a7e0a9d504ef46846c
SHA5128275a0c63e34481f3f8b2619972ef7ff16e422cd421574a45c5b7b93f8873ad396f87040c13db4a3c01cf74b753557f8f0d465597bb05c857b1e01c513db4a94
-
Filesize
216KB
MD55bed373c122382109636f08604ac52dc
SHA1f24ba4a504343a6c36bc0b6477ebbb7e216a75d0
SHA2567fe938d397f3ad48b56032d7e260f847372598d321b8b4dbd6f9ce6b870aa590
SHA512fbec58ab62afc02f00951ab50bccef0ce0ec2986bfc496dc2798df353b05e2b34e641fb4d47da4d32877230bad168add094cfff2b623d276cd28955a6e5304d8
-
Filesize
216KB
MD5fb255018160aeef23ac6f078078dc61d
SHA17b7da0e2089ee74b7aedcc04508eefb8fd17ef64
SHA256b61e592c132c2a8c245160ee3c81ea513455e305b23744eb6980e6785690918a
SHA51225ed7a4e7b880fcce45d754b1cf74a5b36f7ea40837463b0da6e098ac0e704c2f3e0b2bf9e6201b2326ecce0b6813cf8149ea55fbd2e1af326315b937ed43ee3
-
Filesize
216KB
MD5abfc5de1eff9c0e814e4f00aefe12286
SHA1ccd38b0abc6ed40b13a2c5ffaea6476e38e0dd5b
SHA2564a2ffeaa03af0a0e57d906788c10acf015322c69bad3144bf8e6532922667723
SHA512d97ec6096df8f6b4a09cd3145eaa70d0c2a93505a89635c0a2c58d47d42742e50cbef12a00a54657b216bce3615ae46cca0a2d61ad0d2216b2cdaaaadc474e5f
-
Filesize
216KB
MD531998b8940e4b5e4d19faffebac3cf42
SHA130aca14c32f8dc1ddf591abe62819d7ee3b352ad
SHA256d9df2f478a8792dc415dec969d84a1acf098ba1cacba9ea3c269fc1164e7b6db
SHA512190305e8b234dc457bdaf0e150579e3df11014d3df17b06eb134477b0170610ee8fc13f60e5440d19cddbd758c2637e0861872bdbc84503de4bc549b61f9f0e8
-
Filesize
216KB
MD505a2227ffc087c182877771ef3f8776f
SHA1c9e18934a7d2cf5053f2913b2c199cf3b8b80c1e
SHA256284b4fbd0aa332f4d500649c571e4fca3bfb9f9ea83dcd15c2fd21d1c2c2eeb9
SHA512e0543da3ccc1c7862fb179ca53105d3cf9f49d79341840b758c2d1f7e767691aa0418687aaaab535cb6ce24c1d8d870e9f15f4bc33c18993101127870e9a4e75
-
Filesize
216KB
MD53365a44258224aaa86172fcd01e6d25d
SHA1b1a3c3ef578ce07521eaea0f53cd6bd79403ee2a
SHA2565a9f22831082cb7e8e2f38cc7e2dbbf2e9e318d3553278a2fcd7ece2243bc42f
SHA5127c836d6ef25e76e04e2ee5c5d36fddeae3edf59ba1ef9a3fc7b50eaf9c407db17f36f3c483fa55657b03357f595fe4345b9c21d2aa616b8a6743fba609e50a69
-
Filesize
216KB
MD55d327c5a1d18a3e61947283eac8602da
SHA18a289f42016cd5e220851d9fa377fc9435183f65
SHA2563d9e858b1d76748b270623c619f3e95dfa0d813ac0fa867999be5f1ad580366c
SHA512e14624e620c788b26b7d10375fa871c6656f4d5e9246a15a795c1ef64a02dece477bece525b4095395738ee3162dc164e8d079482bf7419bc529eb466fac9faa
-
Filesize
216KB
MD55213908ac3e55a429a3e90321cf82714
SHA14ddfd1b90083e56fa20ebe5901e00c6337d121d2
SHA256732a530ae1d339ccabbb0625f74d83322dafce652a7c0df8c4d72859ebde0662
SHA51258ff5d25233cc30f102d016aee89f48809b020c035c55e29fc90a3a359f3f13062d9cde6bd9ead71961a01f43d08b347cd8fb8e8d6f0550c8c8e237d0337e09f