Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
17-02-2024 09:23
General
-
Target
2024-02-17_068ce879b0ff9b560bec4a3669ac9456_goldeneye.exe
-
Size
180KB
-
MD5
068ce879b0ff9b560bec4a3669ac9456
-
SHA1
76220103d1cd75c342d0d8cc11bc7d2b9e188adf
-
SHA256
689dbb07a8a99fe712c973c3aa61b3be4b2dc7a8c7236c797b88da9ae6fd115b
-
SHA512
e4b28bbc0bd2dbaca8209b7887ec442f4b610b76318d24b0130769ace75fd536bb5b64d5c3c0a3718ff788a5f9420d1d83d42e575c963de44db65dc1325b7735
-
SSDEEP
3072:jEGh0oilfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEG0l5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_068ce879b0ff9b560bec4a3669ac9456_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_068ce879b0ff9b560bec4a3669ac9456_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C2875AC6-F7BA-4cb3-ACAA-CB15026FAAF7}.exeC:\Windows\{C2875AC6-F7BA-4cb3-ACAA-CB15026FAAF7}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8D5F989E-1AEB-48be-BB5F-A9BC2CBCC5E8}.exeC:\Windows\{8D5F989E-1AEB-48be-BB5F-A9BC2CBCC5E8}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FCE9F1A3-3A02-4320-8021-CAACD48C3900}.exeC:\Windows\{FCE9F1A3-3A02-4320-8021-CAACD48C3900}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6CB450A1-DC0C-428f-B8F0-833B6D171B0B}.exeC:\Windows\{6CB450A1-DC0C-428f-B8F0-833B6D171B0B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CB45~1.EXE > nul6⤵
-
-
C:\Windows\{546B6D03-2BDB-416e-A27E-4E54AE9B4AC4}.exeC:\Windows\{546B6D03-2BDB-416e-A27E-4E54AE9B4AC4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9CF67C19-5E93-47b5-89A3-4CB4C5FFEB69}.exeC:\Windows\{9CF67C19-5E93-47b5-89A3-4CB4C5FFEB69}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0791E8B1-3274-4c37-BE36-4B83331C95A5}.exeC:\Windows\{0791E8B1-3274-4c37-BE36-4B83331C95A5}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5482956A-C604-4008-A1F4-A59ED6130ECA}.exeC:\Windows\{5482956A-C604-4008-A1F4-A59ED6130ECA}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B3E6C466-A7CB-4ac6-BE63-647452B71670}.exeC:\Windows\{B3E6C466-A7CB-4ac6-BE63-647452B71670}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{48DEDCB8-2A04-499e-8EAB-18843A91578A}.exeC:\Windows\{48DEDCB8-2A04-499e-8EAB-18843A91578A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{809A17B6-8680-4f28-BCBD-7725BB027633}.exeC:\Windows\{809A17B6-8680-4f28-BCBD-7725BB027633}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48DED~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3E6C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{54829~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0791E~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9CF67~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{546B6~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FCE9F~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D5F9~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C2875~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5b62e532af4573e2e21533c7ad9b981d0
SHA1a451e441df9316ed44bfdcefb5f4b45bbbc3027c
SHA256af70ba758d205718585adb3907169660ebc1a76e57013f117bdd8890e0974224
SHA512d522fad36a0e28a75b735527bdf9022bf10590446bc53d641e469b6eb6980ae121feaf6132a7be4071f118779c0e22b60c4d0693fd520c6a7de708bc71a20109
-
Filesize
180KB
MD52a37f4841445e1c88c230185ae2c85fa
SHA1a4c577ea7f3981ed38859c232f53f8d36ac8a5fd
SHA256a88ec5eea3f043008422c309eed2a4b713f3bf98b186626da78c1516c6ed8693
SHA51269af3fc3b7494ec637ccacbba3ddce5d45c9a047e824024fe78e6da0f837b2898c0db485af61d00d5a81c807450de2485df5d740cf542fbf594ce78d745a0ae5
-
Filesize
180KB
MD5891097ee83cda3c2cfbef4eba7af04fd
SHA17c4845ff078741847e9f98161c990cc1d4bff699
SHA256bd9db9822bcd605526999c6c25a71e5bc3957ace7784a9ca9bb6789ec957abb7
SHA5122af5070e76fd6bd11374350714fcd561477cac3c7038ebf622be1a15c16166fe21dc61da5137c9714184d876a71dad7712e340d464afea8ddeb1bdb7d728436f
-
Filesize
180KB
MD59c8fa04ec971c73567820abebb90609b
SHA1eb2e68d10a0f88d6065fedbfffafba3b8741fea4
SHA2566f1f054177377164870712722b36e6410922caa144dba8d00cf7b22b875df08b
SHA5127d26bc5c86fbfbbfc5ff063408513332a8862b48fb04f6d225203b117a3610cece484d07935bfb465dce85785c922313451460c70694bdcb3186a8736075dcfd
-
Filesize
180KB
MD5c8fe145fad92b2b5c95455c8802581d2
SHA12cc95ef98faae0179095e7a6712d7d9a6bb4863f
SHA2567318c63ff2da33c004835998bb85950e1918850a3100976a166944edbb5a13df
SHA512d671d32dc651f768fdfaaf42f1cb43051c39eaf3707c8936da760184e36023833f426baff25df79dcd4cf91bbbbb878fefb1809824e57e848fde7647bfa17c54
-
Filesize
180KB
MD56e1c3ca0326120d9db958ada9d0cd5bf
SHA1e55fcbf8527889d956b804e977a148da2b3b1ac1
SHA256f8c6dbb603db371faf331d7958e043e52e7cd26a63d112b79da19fe13c4e5fa4
SHA5128aab218dba7f4efdebe3931ccd5aaa737f0bba3942b7ed817c6ef042571c85e934fb31b7cbb258bad13cebad4483c6303a0a1ce058862ebc558b118335ea1f34
-
Filesize
180KB
MD51d3fdfbb6cd7060374f910737e395817
SHA1d1d42cef3d24d3b1584de3bcd2ca80cd5b9669df
SHA25667458f0bd765fc791ae2bf9ac8fe93962477f75a401b931edbe74241c5d12354
SHA5127daa282e0c7063009de576ac2fa77d0fff8cee0bb57cf327b85fdf2e8f18180eeff73df9fcb3d27499ca3dc229b98e46bd29a52fd189539ce5ff964207e17e7f
-
Filesize
180KB
MD5beeca72b03d5634fd5bef1f5ef2f52e5
SHA11dcd9af91bdc9d1160d1284d4be5e2c6227ad0ae
SHA256fc13766fa3a249fd5789c6ef1c45436bb8ba1c294b7d7caa9c1ef6caa7b40549
SHA512fcd8142c9d39b61c5161e0e33403b7618e1c288025d920f713ef161047030bd6aa872a94a4e51713ca52b30b58e22453f626c6af4e789b0c660f39e68bc5c896
-
Filesize
180KB
MD53fd004511f0a98cd110590f260d928a3
SHA18344d852fcc250318938710076c7811504742c1a
SHA2568390c2c0b4bfd1522144e877344045932a20275604fc326d6df18fd6ce039e07
SHA5125e743cc8a5cca17c3851ce015ec86c55bc8d20f88d39b1b534eeaa554204f89defacfe3cf53c22d5dc764dc33738b61986e1467e24f6defcd686adb7869f3182
-
Filesize
180KB
MD502a77a4abb7054834677f4cca5bed8a5
SHA18be7c7fb4090175fd90d7b1bf22e6b248bcb621b
SHA256f6c5c6e4f8bba3954867ef3d124fd5fba2aee84ecc76be382c00d02ec74e7a15
SHA512995cf5422661f44c2b4a5a9834ea46d0fa9f8b36df0bdaeb5c81b9c972b34cbac4b393a261ee7b585134f44c789530a190aac6fd95fa59f84d18a3fe63511c99
-
Filesize
5KB
MD534bc67e64361094aebdf0880ec3a03b9
SHA1bdd62bd41284d2f325dc7151c4feb3e572e8113f
SHA2566fdbe4983ec12a214d59949a9281e8956092ce8f026f6852f412f112fbf126e5
SHA512c72a4da39cf90d30074f185a362d478022bb48d5dd7b358153ce9740a9765d5a54ffb9067caba283de0971900a3bf1e36b3aae224fbf2d172104aaefd33796a0
-
Filesize
180KB
MD54b656c7de00a8a54b1cec8f5ca61658b
SHA156b5ee33a2b8d80445b6950d556a8f0e94ee3279
SHA256a55f97881bbf83686063e5a2d36f72790817320459c6df0678259ea0d49222a5
SHA51283b566cde6ad311141fa9b4d150fb1708171d90782486affd1d7436b39f03f5a740026b29131ab3a16182cccd5d4da134ee5d90b7c390b1647458f9d591e69b1