Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18/02/2024, 04:25
General
-
Target
2024-02-18_10dcbe75571016fbe79c1b17292af06d_goldeneye.exe
-
Size
192KB
-
MD5
10dcbe75571016fbe79c1b17292af06d
-
SHA1
5aa13eba387e8dc8b7dd06d795fe16854c43c000
-
SHA256
f58c71901b0d6d6ff462b700cb7fffbb8868e2930f81e6d918ef4208fc1919d1
-
SHA512
315d6b048688b9ed5b44912ba2b813464921abb15bde716a30ac5fec232002f7cb1426e65f08eca585054e6b9033fe27a1c31392642febb7dcd5d799d6016ede
-
SSDEEP
1536:1EGh0owl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0owl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_10dcbe75571016fbe79c1b17292af06d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_10dcbe75571016fbe79c1b17292af06d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{235FF904-7933-437f-B512-0FDD1EF68F44}.exeC:\Windows\{235FF904-7933-437f-B512-0FDD1EF68F44}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{27B35A3C-10F7-488a-93BA-81992E4FF82E}.exeC:\Windows\{27B35A3C-10F7-488a-93BA-81992E4FF82E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6D39D58E-2185-4cf9-8868-D91BDE901F48}.exeC:\Windows\{6D39D58E-2185-4cf9-8868-D91BDE901F48}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B50256A8-F1F2-4dca-B4A0-24F768D221AC}.exeC:\Windows\{B50256A8-F1F2-4dca-B4A0-24F768D221AC}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FFF94DAE-C116-4885-A1C9-DD32B8E8DE51}.exeC:\Windows\{FFF94DAE-C116-4885-A1C9-DD32B8E8DE51}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0F2FA809-8CB7-4204-859C-19A5AFFA451C}.exeC:\Windows\{0F2FA809-8CB7-4204-859C-19A5AFFA451C}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D9C17EBF-CBDF-47ec-A93C-5C0A314D739D}.exeC:\Windows\{D9C17EBF-CBDF-47ec-A93C-5C0A314D739D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3DB3C2D7-56CC-46a6-99FA-3A572C201F47}.exeC:\Windows\{3DB3C2D7-56CC-46a6-99FA-3A572C201F47}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{AA441040-61A7-4d1b-AB36-40055ECB92D5}.exeC:\Windows\{AA441040-61A7-4d1b-AB36-40055ECB92D5}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4865EDB0-58D1-4efb-A236-937353E01FBA}.exeC:\Windows\{4865EDB0-58D1-4efb-A236-937353E01FBA}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{47A405A5-B30B-4105-A118-95F328D0D680}.exeC:\Windows\{47A405A5-B30B-4105-A118-95F328D0D680}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4865E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA441~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3DB3C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9C17~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F2FA~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FFF94~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B5025~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D39D~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{27B35~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{235FF~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD5efbf40760386592ccab2600ec9f128e7
SHA14de41bf148a3d2371d7ff371157b9f33854396f6
SHA256ced2648dd016bdcd5b4e37e335cf3d7ece178b154428eb7ca88ba8df3b2ff1d0
SHA512ad8710bea03ab1d02096bfbf9da90578b1740b0415978c5aad783be3a22ac1ba1a3d8244754049a7669a69e0bd0ccc82628fff776f63847877e6c85e413a39f4
-
Filesize
192KB
MD57fc1a9dd47c91ea3c3f78493862c8f4c
SHA10282e58eaca39ea0346381f5b244f69de6b10f0e
SHA256088e50586a7ad81bc52900576da52a51d98c97720d0a5046c9ad9ed043f8abb2
SHA5125a326c1630e436646623656b011f25b4cb869ad9a40377f350471055d73f65bcc5da4f8e844f9b4d330fd6aa442afffc5b73d7868073392748b4d0c20204f2df
-
Filesize
192KB
MD5c26c02797036106146dd498c359ff4bd
SHA15ef56ecd9fe278c4f33e7de393ca0b216c7a6055
SHA256c183340e1a4008584aea6a9cb28d2570562e6d0810fdb6dcf10709ed42697ca9
SHA512526b394f7a99c1c935cbe931ca412d0136a88fed1a56071a1fba1eed98ab41141d88cedb004ec43aac4fcc5c6248bfcba9b2e894bd9842d3a68cbee6a256f30c
-
Filesize
192KB
MD5076cc943e4c3c937f0e9109c17a1f377
SHA14497a6bbe98663dcfdb96879476a056129644f52
SHA25681082e03141bc7c1277ec452fee384407b54eb412cd9f80274f9fc54952a6e05
SHA512622c48b0be282b6a4bbf0d46d4c9a87c1f197036a1730aa5bb3f8de567bf1807a2a3d2aec28f17665af0e0bb171d8daa3fcaf3528dccba31de0fef99d79ad47a
-
Filesize
192KB
MD5cb9c6e49da4061d511d6b7a13dfc7df8
SHA1ca93fc1fb168adcc7b7587157197d0a7e20359d7
SHA2566fe88af02669fbcc2bdd7b0e7a94aad22f719704aa00a22e27f57c83cf61d403
SHA512394112d8b550b692ad0b777e353e3d93b3ecced8032ef19772b7539aaf39b9c2d7fe9c78673e7ad86ad22bf323d80e1bac74d75218d231ad5be7b619a2c49470
-
Filesize
192KB
MD54b68cc696c0129eff914aba3a5ab5a24
SHA175fc118bcf43633bab20cc15b21a31038da9ea14
SHA2569c5defdb2c7e2114cbd1ddbe381a9ba67ccbfb82f395392936fc288d853f9b17
SHA51294d6107f24fe040346b11eff200b2f57681244c1ab06092baa39279b1e918fac44e65d34b7021293a9770b485616dd118b22ab1a59ff7595157fd968d958e90c
-
Filesize
192KB
MD5dd91c0206e8538242b9477b0c59b235c
SHA1a22793bd9fbe3b0a7b868b4ce6f2afa85b4b88ad
SHA2562a8636f74e03362eda5a45a4357057190272650b279ad591c8fa5c151418cd59
SHA5125a016c59b73b4d90d0d28a0b4a08b6dce9c32aa91f2b3ed6770a0df76847d6bc9ced40608201f71d1883385636560a52f81dd927fb21f3ce5d9b43d858bd7f34
-
Filesize
192KB
MD5dd9d6e6f9166332ae149b95cae409cfd
SHA1f8d471f0ddbeb5a7e0bd1fee7eb14a4d46c32fbe
SHA25656fc0b46e3c6e01d5b258d2d9b0073fa58db3083c39bca012cd7560e12873b70
SHA51227557a90316c46fe9e9b14684fc81fb9398488410660df6474492e49e71fa2884499f82fc0948a69f07f7d85d8981b9b835b7f170c50295c9627593325689ebe
-
Filesize
192KB
MD5f8beec79381b9454676809142280a053
SHA12fc896c36a0f7e6f12d26ae9eb5706f3011466f2
SHA256e8d039cf939684e0b2923929cd3029e84dc6354827831789e030bf62e169253a
SHA5123cab01676ea961db54082137f2cdf4f098add524c85947a55ff3416fe8e16361cf00e1cf48cf9633385e92e99df3c8c6829f2d0f52f36ad556793b6525a1f756
-
Filesize
192KB
MD52e640b53f9d4edafe7c2d461d8186027
SHA12ac261bee5a14bfa5fd0e5d2ba5304968012db81
SHA256b7c9ed7a159af89c588f00e29bcde532f01dff08edd218bad0d49d75857da907
SHA51290e744526bb7fc97cea4c63496fb8db74d982eeb6c154f01f49f2f757bfb937432eccd99f59fc860b058966c9f9c86c8fe3fa37a35a7c73aa99ea4adbb21f01d
-
Filesize
192KB
MD5a270ed14c2c73dbfb77eaf4a443c2cd7
SHA1e64dc997a7f1ebc8f52c1bda528871e61a81f976
SHA256237c4e6351b368ea753035e6c479c08a26c119fd204ce1d150e7cae6e67101a1
SHA5125a467093d8b9bb1bcea1098e455becbcae0a37bf3e1091f0340a0d1688ba82a0d8fa8fda4792f55d87fdb51d79cad6d575b3702dea09a6b1918050d6aa2e6924