Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
17-02-2024 18:47
General
-
Target
2024-02-17_f545279219c36d29d20b8a2181a2c0d3_goldeneye.exe
-
Size
168KB
-
MD5
f545279219c36d29d20b8a2181a2c0d3
-
SHA1
265fa349b42c9f69e8f0b2e579a57fa1a2d98be2
-
SHA256
f3be57df0353f24a8748685606fc4fe3184fe6ac5ac1c517cb26384ad4264736
-
SHA512
860ecfca0b7edc9af88894e5ad0613456e9cf93a6f6a424462ed4686ab09a391ee5ff0f426464aed8babd3cc7acfb2ca258df148cef86624e4f8a5ffaa1c1f73
-
SSDEEP
1536:1EGh0oDlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oDlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_f545279219c36d29d20b8a2181a2c0d3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_f545279219c36d29d20b8a2181a2c0d3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1675111A-C1D3-4163-9AEC-7626A9ED6A41}.exeC:\Windows\{1675111A-C1D3-4163-9AEC-7626A9ED6A41}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FF601EC2-DC8C-486c-8727-B038A5363FDC}.exeC:\Windows\{FF601EC2-DC8C-486c-8727-B038A5363FDC}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{775E00CE-9797-4e9c-8CE8-D07202A63EF2}.exeC:\Windows\{775E00CE-9797-4e9c-8CE8-D07202A63EF2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FC95A2A1-97CF-40c4-A899-4EAFBC73F481}.exeC:\Windows\{FC95A2A1-97CF-40c4-A899-4EAFBC73F481}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FC95A~1.EXE > nul6⤵
-
-
C:\Windows\{EAE8DAF6-EDD1-4dbe-9A27-B06CA3013D81}.exeC:\Windows\{EAE8DAF6-EDD1-4dbe-9A27-B06CA3013D81}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EAE8D~1.EXE > nul7⤵
-
-
C:\Windows\{E5CBC1B0-C0BA-4d54-B58E-7073AD6E4889}.exeC:\Windows\{E5CBC1B0-C0BA-4d54-B58E-7073AD6E4889}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9A5C9B1A-8D09-4ccc-BDC2-8635DB4286BF}.exeC:\Windows\{9A5C9B1A-8D09-4ccc-BDC2-8635DB4286BF}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A5C9~1.EXE > nul9⤵
-
-
C:\Windows\{CE381316-D930-4443-AB3C-2AB79D241BF9}.exeC:\Windows\{CE381316-D930-4443-AB3C-2AB79D241BF9}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CE381~1.EXE > nul10⤵
-
-
C:\Windows\{54F4C1E9-1E02-4138-AFCC-6F807C954D3D}.exeC:\Windows\{54F4C1E9-1E02-4138-AFCC-6F807C954D3D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{124FF75E-26B7-4c22-86D2-420ABD52E5BC}.exeC:\Windows\{124FF75E-26B7-4c22-86D2-420ABD52E5BC}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8863BFB8-EEED-45ef-ADFE-DA98184434BB}.exeC:\Windows\{8863BFB8-EEED-45ef-ADFE-DA98184434BB}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{124FF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{54F4C~1.EXE > nul11⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5CBC~1.EXE > nul8⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{775E0~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FF601~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{16751~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD55d4ab7f5a673b2bef9ceb8a1da6d163d
SHA1bdf956b6ec52631277cf4ee42c8dfdc3b2cc4409
SHA2561610e3401c638166c738583f2852181f014101d402ddb553b85a8a6c8f5ecf59
SHA51211275d815cf8c119cbd6acf1dc39078b6f6eb2ed4f9ff60f096414715777fe70a119fc925aeac4fad2911021208593726ceab51f7f75029fc2950a7f3d68485a
-
Filesize
168KB
MD59bcfc86f09f86d81f59592227b544e7c
SHA1e9f46b87816505b82934482ffdacaf24c984998d
SHA2562ee910268b4c0effd25f01e74f75ae91f7817af2c2953435265552453744b36d
SHA512f2374eaa5ec6485dd4e0e1cc63b81b9c8ce9cd60dd900c35fa74e94ec0a2d557938e61960d6d2d1e683e0be3218a62bd93fcb4f0cb1a84bbb10ed1abc5434eee
-
Filesize
168KB
MD56c086868d20e357520eb4ece64f1774b
SHA159052d4a828226b8e22c9e6a6639124f88c3f524
SHA2561a0834b7df77e22640673fa4f9eb8f14f0c5bade91023705a2154d472268340b
SHA5122ff64c0cb220c2eec5d30be90c95a7a42bb5a4757ad19d474ddc023ea3868cf523614125835874aed4cd6a9c94949bcd0c1b8f668257349f059d56d777398dfa
-
Filesize
168KB
MD5483660f2a04149719d08795073ff697c
SHA1282552db0188093138173af6471c4b192b953d9b
SHA256900fb0a7435cc8d29bbd54c6d924c34d67b951cdd1463525dbd0948d1e73236c
SHA512354111cbe991c04b4b4df0258062bb7f69982230f3f12f5236f9ffb07dd6d65bf4eaf8ce5102ffdb30476c071201198458712f7740d740b306c2a176ae2d8c5b
-
Filesize
168KB
MD5f461544cc164de22200c353c4de055dc
SHA1ed4191b52c0f1dfbabeb5dd87bf6056ac24e6ae3
SHA25637af27d7ea9be0050d81ccacff6599d5e3f5676c2c2255c599c09fc75155d435
SHA512594470763a3678158a40493aa089950042886756bc141e7f6a709491a7dd00cc90dbd23bfa8a651848541914362b236b64ee8876736f486efc890a5067b455ac
-
Filesize
168KB
MD5335143a72b2e16fb76cb7ada38a56fd9
SHA195f33c3df7b84cb52049784eb26b5e0424f7ad60
SHA256d3e5bc444b1bfcd3fe365692cd39075b1b4286795cec5f5bc5a69459aef61f20
SHA512c7a00bcb9e50a64790e598bb31fe736ccbaf70e4af638a71fbe3911a3e9b2624f155d0ee4d4600a66973da31bafab39a41a0a5b66080497ca2727a83b65ffa6f
-
Filesize
168KB
MD5ded2b8c3121b147d16fd98ea93ab1356
SHA1a040a2caf6e01d3240b1e391845f26f7bec31a1a
SHA256703ce8e50bb78c788efa937f72803a0abfb0b12c88a4edf1e122d0e85fd9b500
SHA5128eec8e99406451e1ee20470f297522d12cbd791ef2cff552b2de5756d9410c2887c7d68d39149ab3cc147ae6030a051e5d758e50a488a08b9f49a810065454aa
-
Filesize
168KB
MD5b0547df1855b095071af06c788f4515f
SHA1d1c24b6e845c0080d180e986bfbd1471deeb26d4
SHA2566b68b84ff09fabbaa8f432a97025502f0e6760b5b6e200b81dc4a80291e227fa
SHA512587118c8eac69fd4b7c05ce2712b7e7d28d6048a7fe98b37483816ca246943de6ad850ab4a75b75a09e36ec9193f795b43d8231f5d4af77e69e7db4a20047073
-
Filesize
168KB
MD503fa87d4642285a2f1e6cf86a37d440f
SHA157e73f0fb2a6101f1159fbd3a91237ba43c6db43
SHA256c1353d4c29a67b6c239e73bd3a75716dab95f12f1881c22b39fc4d86afe56b3c
SHA51277f36770013fcf9126c7908a07cc10722b3c32aa72cde23ce3dabaa8babcfdd5de1df4b8fe5efbb91673e0f48581893c7d82236822f56ebba7f8cf70277f916f
-
Filesize
168KB
MD5003b1df1f2935e88d20210d89cc609f3
SHA1d016125f0ecf055aee52ba9c4f805476e6429dec
SHA256cd568f72476df910eab033e7be90493eb96143c1b3382ef06693bdceea9deb8e
SHA512472e13eb1236be31aa02a469b325b158a0e306211cafc6d979dc422b555eb31758b8c2a85ebd1e492860acab0c09b5e41259a4c72036994d2ef81c00f94a1c04
-
Filesize
168KB
MD5212d2040bdf2a61074ba8985433d2c85
SHA1e74c2b2f883be7322836024ee424a4ca8bb2290d
SHA256000253b73abc1fbc964dc79711f0b9e70ba900ecaf826c9c61283823f9cb21bb
SHA51277f1d91f5186ea11456218d257005cc68657984cb4e7fe0ff50c3d47acc14a5a7ccd833efe483bc643db827c8e7819640f1e45f84ee2dbcba2bf2da30adcb261