Analysis
-
max time kernel
144s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
13-02-2024 00:40
General
-
Target
2024-02-13_ace975e9ccf43064a51a057543cc25bd_goldeneye.exe
-
Size
197KB
-
MD5
ace975e9ccf43064a51a057543cc25bd
-
SHA1
4f13648eb24e185bae74c5c1212793e0627653ef
-
SHA256
680dd3a9a8783c3c3b7c5ebbade50bc410e1bc85e474579da41396640bcff14d
-
SHA512
d6221681fed659c515b0b1e9e2c6de4870f8c1ffb5ff44f7b0f897c17ba4f0e1699db8891c3c345d7f74d3ed2adb31beec2667589604f568e1ffe85aff0d211a
-
SSDEEP
3072:jEGh0ofl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG1lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-13_ace975e9ccf43064a51a057543cc25bd_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-13_ace975e9ccf43064a51a057543cc25bd_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DDAEBD1F-5208-4717-BA6B-F51F5067A815}.exeC:\Windows\{DDAEBD1F-5208-4717-BA6B-F51F5067A815}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DDAEB~1.EXE > nul3⤵
-
-
C:\Windows\{0A89DC9D-071E-428d-82BA-EE702B86BA81}.exeC:\Windows\{0A89DC9D-071E-428d-82BA-EE702B86BA81}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A89D~1.EXE > nul4⤵
-
-
C:\Windows\{0D734673-D977-41a1-8F3E-02DFD1CEE02E}.exeC:\Windows\{0D734673-D977-41a1-8F3E-02DFD1CEE02E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{83A6DF77-30A3-49d2-94C8-E1D5CE7F9714}.exeC:\Windows\{83A6DF77-30A3-49d2-94C8-E1D5CE7F9714}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D19D567-63A6-450c-8066-A22D54271380}.exeC:\Windows\{3D19D567-63A6-450c-8066-A22D54271380}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D19D~1.EXE > nul7⤵
-
-
C:\Windows\{746BC3A2-BF5F-4c5c-B7F2-5D7672E1EBAD}.exeC:\Windows\{746BC3A2-BF5F-4c5c-B7F2-5D7672E1EBAD}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{746BC~1.EXE > nul8⤵
-
-
C:\Windows\{7AAF5A1D-6D26-4ce2-9778-ACDCCAE98205}.exeC:\Windows\{7AAF5A1D-6D26-4ce2-9778-ACDCCAE98205}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{23704D49-DE0E-4d15-9F86-4EF7577BC938}.exeC:\Windows\{23704D49-DE0E-4d15-9F86-4EF7577BC938}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DAA44D64-C589-49b4-AFAE-C58C622EA51E}.exeC:\Windows\{DAA44D64-C589-49b4-AFAE-C58C622EA51E}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6FB68658-4F27-4d84-9190-A652FC33BC79}.exeC:\Windows\{6FB68658-4F27-4d84-9190-A652FC33BC79}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6FB68~1.EXE > nul12⤵
-
-
C:\Windows\{56742CC3-B185-47a8-BD7A-6C23BAB1375A}.exeC:\Windows\{56742CC3-B185-47a8-BD7A-6C23BAB1375A}.exe12⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DAA44~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{23704~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7AAF5~1.EXE > nul9⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{83A6D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D734~1.EXE > nul5⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD56cd16f89bde91d11d48b7e9d130f7efd
SHA166b9c732e1fcf21694268a3ebe019b467354dc91
SHA256611555e9a9365a4cc3264ec1f7ceda246864e0210bb5f0118a2b6b2df875dcb0
SHA512b05bcc4e250eb9dc104a9255e6ad6f4cf94e46896318a513f566cd82c9047de8f78cf73c75bc86dcbd8116166d24c2fcf82d6ad97060556392eae69469667504
-
Filesize
197KB
MD5ac02243413160241718f34c8d6b60805
SHA182520ffc17f25697e78b065a853691b467dfc713
SHA256ec6d9d52ebcfe2e648885cc5462cc13b30d92b969ff6e1e6118dd3138fa0725e
SHA512ef14d83e461f715a896425fff8aa55fe28f0fa744f060a9aed40d0f030b1d2fc51e541fb6c79a4e49b6b6624427f5872aa8c500f23d2008ee9896423bc3b552a
-
Filesize
197KB
MD50a43a3fc7f3abe4fb528fcb79babc9f7
SHA12441775f22a6f9782418608c77a0efd931d541fb
SHA2565ecbd941cad30c10c8871d54da65c5329b83a73e65f67880ff06c743f92b8a68
SHA512b7a98bf84d6a86fbd8a5896f1bce5ac6c8b5d61729af54dc714f4abc2a109b0a4dd0883a361a617a8382e5bc829087f570d39e60c8fe380f6e4e2bf2a4a3c337
-
Filesize
197KB
MD5bacb23bccac6f55e0163de268194e643
SHA1cdc96c76dd64e19a8b8cb0def5f57409f5940477
SHA256c0eaff5129e456e6f3c9ed27c475c3b571e5d30ee2398454bdf4505d0bc13f07
SHA512c5038f878ebb9e561694c8d1df48b007a6bd7588157ceb1e833425006ce2a8af6e018b86305505a403741a33a98989dcb9b30672f0e375941db59964f8d03915
-
Filesize
197KB
MD5a47ceac62012ed4b48d04a5a876abac6
SHA1acc6e55c9832411071853cf393547b07e7008698
SHA256d0ada91ef5d6437b04e74991fdff98fa8a1ced0acc64d5eeb0373299f2839bd3
SHA5120e534f3f1751433ac5bc9da817e1c5d5e1c563421559bd11a84a3c291b0c3d849de5defd093906ab7950433a5fd0e1bc290f7db44357e77c415f95ec0823e262
-
Filesize
197KB
MD52558cc9bcbc132d6a63e2bf674c27c4f
SHA140e9d984d3aa21a6cec2491520ae44feefdcd2f3
SHA25694ba745cf4912fa959946eafbc1ab8c1ac0c5c5e6931bdc64657f4e0492b07c9
SHA512b47dcf6624adcd75e9d9516b3f62f5c9424b54cde7bc535a42dac486056abc7fbc1d323887027d7a8eadfc2002dc90c3bf47bb7e0c19869e11d37229f4bde986
-
Filesize
197KB
MD5d75b874bbe1f6e016c2436e3fba0c011
SHA143d5fdd8956db32360e6c9d32e576b20fc6ad80e
SHA256a540323d2b7b37fa700541e97c0533a6c91005bcac3e9711a826c67ad8b2eafe
SHA512fdfea72b86a4c6a81c08eaf3705831519624d2f17f68f1b4100bd32ab117fb84208fd087891eaba430fdb30a15db03ce490e144b61a96ff85471994f573b2a0b
-
Filesize
197KB
MD5bf277c2cfc01141cd69a347515f033e4
SHA178e5444dcac2b8c3e339131ac5bf7e1f5b4deb00
SHA256d4d1e9f92ef595460e90cecaf8d12db40279a07e6792e3414c6ff64ff78457d4
SHA512c10326540328c3eed76b0e5dfc1ab80bc288bab7c8e6410549fa5ccd1df17270fba7e44835798380884f1ba182195e02c60e8fa0284832147036a417f739a38c
-
Filesize
197KB
MD58e4529106c83d5281b628049443a4b62
SHA135a871db4c6c2895aeaf858409a7fc09e0e2e8c1
SHA256be39c4b606be3998778b3cd0a16decffa9c4b17ee33a2373f7de55cc3efa0715
SHA51289a919c830ef5a25dae23fa0c99778867a45b98dbfb8812a00367967501d47405965042c7e247925372faa6fd9b705a78c4e1485aec9f7152c724e15260b006b
-
Filesize
197KB
MD5d95fbdc5cfe10057ce855bba3debfedd
SHA13df99a01ef6810b12f2e20bfd593f33a25a128fa
SHA256238952ad5fd311dde20470723985f4322b89c9cbe6f25802c2cef6f75550bf42
SHA512264405c2d912b1f52b39d5b6916f05c94ec013b1bad1d5f0017e7ef461eef0ce9770f12afe0dd60a21e81a02e0b1ee3c9b28734c09369fb79146bbc98a7596e5
-
Filesize
197KB
MD57606fdf98f7054ccce4587d0bc26f8ee
SHA12ac38c6816dece1cb352f283e98f2de17bb0e039
SHA2560eafb6b82d321e9a7d81eb833581e68871b7a0b1187e820eae15c41c35f8f7b3
SHA5120fc5ecbe143119fa7eee2abc3faf7db17be258843532af2da5680eb3700559c9530c2966df3fa506c245da3af81b55f45214b0c926dbd6107131c6e158ed6c97