Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
18/02/2024, 06:41
General
-
Target
2024-02-18_2dd62cbf4e13bd11bf8eebc33b0caa4d_goldeneye.exe
-
Size
408KB
-
MD5
2dd62cbf4e13bd11bf8eebc33b0caa4d
-
SHA1
045e3f2dc462fb33b9f27a248606987e21956006
-
SHA256
cf7516467c41e7395ae2a0140c23eb9f5d9dadbb64ea7b104fafc5ea4c22e81a
-
SHA512
b7a7fe285719c1cfd29ea472c56122aeac72490a3ad49b486fb4968e77bf353ba9c10f7a89b0a370dfd1932b96cd3a51a59aba08270de3e4df55edb8b43b89ef
-
SSDEEP
3072:CEGh0oHl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGBldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_2dd62cbf4e13bd11bf8eebc33b0caa4d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_2dd62cbf4e13bd11bf8eebc33b0caa4d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{131727DC-D11F-4f3d-9DDD-C51F46E38935}.exeC:\Windows\{131727DC-D11F-4f3d-9DDD-C51F46E38935}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{662CA401-2FF5-4a4c-8A1E-BF51CE6C420A}.exeC:\Windows\{662CA401-2FF5-4a4c-8A1E-BF51CE6C420A}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{662CA~1.EXE > nul4⤵
-
-
C:\Windows\{ADC684E6-D404-48e9-A23D-32DB08A59B2F}.exeC:\Windows\{ADC684E6-D404-48e9-A23D-32DB08A59B2F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2AE55241-2870-4493-8034-ECE9534DE347}.exeC:\Windows\{2AE55241-2870-4493-8034-ECE9534DE347}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9A6A1EB7-5798-42a3-963B-91D30531B233}.exeC:\Windows\{9A6A1EB7-5798-42a3-963B-91D30531B233}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{49C1ABCA-0FBF-411d-9AC4-BF2205CB4EAD}.exeC:\Windows\{49C1ABCA-0FBF-411d-9AC4-BF2205CB4EAD}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F2B362DB-1D3A-4654-B2F2-47947FFB8609}.exeC:\Windows\{F2B362DB-1D3A-4654-B2F2-47947FFB8609}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F2B36~1.EXE > nul9⤵
-
-
C:\Windows\{F412AC15-5652-439b-9244-EE4B631C3D87}.exeC:\Windows\{F412AC15-5652-439b-9244-EE4B631C3D87}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F412A~1.EXE > nul10⤵
-
-
C:\Windows\{14EE025E-D0F7-4827-9A26-A6446A689685}.exeC:\Windows\{14EE025E-D0F7-4827-9A26-A6446A689685}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{14EE0~1.EXE > nul11⤵
-
-
C:\Windows\{666BAA9F-5521-4043-BC5B-0FC85C509534}.exeC:\Windows\{666BAA9F-5521-4043-BC5B-0FC85C509534}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{666BA~1.EXE > nul12⤵
-
-
C:\Windows\{05DD4C31-0535-4266-8A29-B1FB3276C469}.exeC:\Windows\{05DD4C31-0535-4266-8A29-B1FB3276C469}.exe12⤵
- Executes dropped EXE
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{49C1A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A6A1~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2AE55~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ADC68~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13172~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5a60aa5c6673a879bb30d0b9ac5dc80b5
SHA1620478567fbf43cacd45e3a706c7904ddc2922c3
SHA2567ced00e9ad7923e2c9d34d0cfe20c23c730580c9d85776e95ef23d6499005a05
SHA512af96dd138fa91e6af2a1c27ebff30db27e2e421f2ddb6aec562cf8c66624822917d97a454f34f8745788de17628be47b4e8eeed3ce61219de30754f5537bbbf0
-
Filesize
408KB
MD5b787c9486b5fcb3f68d321cf8a9f4fac
SHA172c6fc5cdb782ab439908489950c6b98459be180
SHA256e699f11202adfd2be0a3b8c0990638652bd16fc7fbb4485f9b5fe7f90a41525c
SHA5120f2d3ab5c8a9ed551f0413e557ab254c0796d3cdc7a9ff9cf83c2b23ec7d4a6757dd7b8f1f1a261c08a4899ac073c0bad97833509010dc5d35b520053307e71c
-
Filesize
408KB
MD508fd2bdf2603393724e5cd5a45c4f591
SHA1ac83d7429f8fc09197ee4206dd2a5f33e7c29402
SHA256f7a27cfc1f9cdd7e6eea2ea74037635d0575cbf6dd310e3b5b3dccb0bc003037
SHA51210d50cf45c93b819a30e2b24a256ea198f4a1b74627b9ca3095ba9ee76b46102e1bbd31ca55015ffa7907c04f6305856c606d18e8e4b983724616b4ab70e1e4f
-
Filesize
408KB
MD523773c1c9d3a9d7bb54407b1a2c1afe2
SHA1051db5ab02d2f478db92f15ad469ea11d980a968
SHA2563043906586f67ce628a7c6752cc7199df9177f8b584e9171f4204690459791fa
SHA512c7a70b69c5044604075603c1b03d775d5d771c7b91565e2a8e0be7d1174d5f9cf1cb1395cf48118a71374f93f56dcd0e54aad21a73b0df8fff9bae44a7bfb730
-
Filesize
408KB
MD5f3de4bcc8e69a8504ad3b4c19f01f681
SHA14973f2106112c9bd7c0414c38c32896e12f2c6c2
SHA256d65d9683eea107aee333040a84a8d26264ad4acb15503680ee6b4194f78b85e8
SHA512e338754867b83970772ffe2af5f704b854f9580c5c01dbe318b71f300c768ced8fcd068d421448dff2ed1e5731145d54eba81c278ff4ceda889a809f214f2716
-
Filesize
408KB
MD55850445f060dca6a530cf92b877f00f3
SHA1a88e67dbf1459ce5b5d130b854d096f326a45d7f
SHA256845f64804b8f39b43e13953132e31eb6dcced165b7ccf3bfd52d80ed4199d8b0
SHA512cad3353962ff2f8b2f78df1b6fdf2e3820f2011df8068347d8873ad473c6f570d77a3594ad18a859b06b769e4f3873e08e28231cde14d11d6e60254e77ff9939
-
Filesize
408KB
MD56ce89605b067bf91283b0f42ea51c185
SHA13a2ea910f170d431d15d89814bdc5a9e00452a83
SHA256de4a8051d6ee0c4e3bc2f7182398b9e7b37d5e49d2a2228b439ffcd6d37940ea
SHA5128df02f29c097aaf3d28c658860bea433327a1474c130b7fa624d93f6d4db554092f873bfa6379d2de8450c46f36b012b322b93194cf9d3c902723c4b67bd384c
-
Filesize
408KB
MD53cdd72a1c20f863d4fa126f904503311
SHA1deede505cd7ba3817ead66c220197cc502e72b94
SHA2560c7bd3592be482d5ec001d5265bdea354cc0518856ce96e244e07957d28a8fc8
SHA512cd125c1dadee876df7870a7ee28de8d17c577671a7049316af3bb848e3e5536c8786c2425573a067c73e11b6263429535bc72c43a9489600a74072601de91f5c
-
Filesize
408KB
MD5db42ec867e53c6145e9ae95f3c1601fd
SHA132727f2851939a12fef83c32ccd254acd9ecde72
SHA25613b7243e1b2d71da6928456965492185253fda03d7dc33ecabe12f59dd4e4c37
SHA512781ee6feb6d0f344c9206a2852dd3502098f04699ecb3736ede30050a22c31fdfd1fd1e1b38d2194250c5246bac89cebb038e1ca1d4b7b32199f40179e61edcf
-
Filesize
408KB
MD52087c1d5a86fbb39fce1848bfbce0cd2
SHA1b1b6038106c4438781ae593032bbbb268da9ed89
SHA256227200cb493b9579f1e0006896925064f890355c9618c5651368a7300a802e31
SHA51266d2498dc394c999f8caa13e722ce742e368c26626e636a3c70290e2e76e094c301683fe52ec0ffe5d89bdb75168f2cdc447759b21dd0158ab7326a4878e221b
-
Filesize
408KB
MD5170086f6d7a93e7d2a70d6ab3dafe82e
SHA1e2105d86563e9bcac0ae881dc80de6ec2486cae5
SHA256c63be89a193b6c153584eede501005594352acbfe0eff3fe2b4f344c87c9bffb
SHA512bfed09cdcefd47b94ab3096b5dc0e92b01b39967b1e1e0b39ef28db0492a24e5626c647a5a51df2a368ace59dcda8a1ba4eb9802a913322d4e2377ba32bf810d