Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18/02/2024, 11:30
General
-
Target
2024-02-18_27ed72194c07f737d37b0c4514082e1b_goldeneye.exe
-
Size
204KB
-
MD5
27ed72194c07f737d37b0c4514082e1b
-
SHA1
be98205239bf25546ba20e79bb9745ccdbe67b46
-
SHA256
101ef0c3f84802a3225e733dcb1c010fb79f3cfe405102da6b8ea37370c77d39
-
SHA512
657fbd8801e2394d0dbf2e203bf02106c9d84fef6586c9869faebb2dc17729b3fd9a0d2e5c00af773b8a3679a471600a7b4db84e4baf73b891dc95fd89098445
-
SSDEEP
1536:1EGh0o6l15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0o6l1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_27ed72194c07f737d37b0c4514082e1b_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_27ed72194c07f737d37b0c4514082e1b_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2580D449-571A-4979-925F-430F5C8C1B92}.exeC:\Windows\{2580D449-571A-4979-925F-430F5C8C1B92}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A07600D6-2449-4e3c-966A-A15C5468D375}.exeC:\Windows\{A07600D6-2449-4e3c-966A-A15C5468D375}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{91B85000-4725-4b5f-9185-46444EB67F34}.exeC:\Windows\{91B85000-4725-4b5f-9185-46444EB67F34}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{91B85~1.EXE > nul5⤵
-
-
C:\Windows\{15C23FBC-3C14-42ff-AD37-BD8143FB66AD}.exeC:\Windows\{15C23FBC-3C14-42ff-AD37-BD8143FB66AD}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{15C23~1.EXE > nul6⤵
-
-
C:\Windows\{1FF5E517-32D1-4484-8127-3285A8B83F05}.exeC:\Windows\{1FF5E517-32D1-4484-8127-3285A8B83F05}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7E0184E0-F4B8-450d-ABC2-ED58A26C95F6}.exeC:\Windows\{7E0184E0-F4B8-450d-ABC2-ED58A26C95F6}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3C0253FC-D98B-4832-9A04-A93F017FF3A3}.exeC:\Windows\{3C0253FC-D98B-4832-9A04-A93F017FF3A3}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3C025~1.EXE > nul9⤵
-
-
C:\Windows\{794DAB0E-E92D-4721-8164-65B6E1020AB2}.exeC:\Windows\{794DAB0E-E92D-4721-8164-65B6E1020AB2}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{794DA~1.EXE > nul10⤵
-
-
C:\Windows\{71D40858-72D0-46bb-A56B-E6C4B2581B79}.exeC:\Windows\{71D40858-72D0-46bb-A56B-E6C4B2581B79}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1D57158C-4BBB-4171-BB61-7FEA6F475ED6}.exeC:\Windows\{1D57158C-4BBB-4171-BB61-7FEA6F475ED6}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B1F516C5-E0EF-4b6f-9DC6-31C794DBE275}.exeC:\Windows\{B1F516C5-E0EF-4b6f-9DC6-31C794DBE275}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1D571~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71D40~1.EXE > nul11⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7E018~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1FF5E~1.EXE > nul7⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0760~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2580D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD55ee129928ce51eb92790d270e5084b9b
SHA1c9e0e2408c3d3f903d500b80ea6e91e72f547e80
SHA2560e2e22fbcd23955ea569c84d14ed6ad3832184b7ffea6f54d9c26146afc0278b
SHA5128ae6e6a067e3a73bd0678eaacf6c04ece572a7caa460922e2718ccea16ac5f50b9d4677e7ddb27c873013a3504633ed0d9c767f7c445abc36ac41a1b5c369d70
-
Filesize
204KB
MD516e9bb9db0ed6504a33db746c29d1d76
SHA1ac0882537f1ec96bcccf2d736893574ab3d8c0bf
SHA25607d7d3f2b35fd8b331b3277186a4fc929f5fb4faeccd7a0baed3f3d703665994
SHA512aef5996025ae2a1c821b11a97655a0d2dfe87ea1ddfa9b15581ecb7b62ccf6d7bb6a4bd6ed81ed940150a1682da71874e5732ec0c2b319838db2d1bd03638be1
-
Filesize
204KB
MD5e968ea4a7914f74c9f2362d53a038f59
SHA1fb6da713d3249711f8b76d3b3dc9acc285521776
SHA256d93fe9d69024213fc16ae93986b1b9862535f91735dd309beabaf3f217c8b71e
SHA5125dc0413714ca8609fbca457e1dc75f3bbe154b4595a7252180660c2246916b8e73dc1d8bfcdc22f98f522ad8b7f826c7ffaa8bcd6dbb67140053d5fbf5620eaa
-
Filesize
204KB
MD579bb341dd48e5870fe72dc998d3dacb8
SHA1421fd619b727c742477ad33434abc47a1c865c52
SHA256bfe95ecad1b6f82da9365d90752c323ec84d2f1a0d381db4f6d7d222d441fcfb
SHA512abe7f802d94f45c6dd9df875622b00b0e0e70b9024d246203210cf32037e11b79d932b77ae70cf4afd89f4e32c43a01bc9916cb5b3cbcbf03c836d497855ee8c
-
Filesize
204KB
MD5b41b93bd08a881d6b00f33c6171cf477
SHA16d19f9195fd424ac5cdf81b9bae40c79df63f6ad
SHA25616706220a8ac0fd55fb0a777b52fc7cb60cd7b408b317f202e3b7c6f9d51533d
SHA5120c1e0e002040069cf5f2603f0dbf1707c32835d3646fa2a898b33e012be8eaaf7b57bfbca1459500038a416f77b9d37698d785db65630d6ce7b7c6f0528e3f7e
-
Filesize
204KB
MD54c3fd02a49ffbaad6b64985478dbc36b
SHA1f2d4a6ec067ea88ca29e11066a62c9003fd78abe
SHA256e5d74608fdf7bb7c337bc7059bc85fd87796eacdedd115a99bd1b37fc2cef643
SHA5120a0635bbf662107985c08800b1c5f98888100d2715ec575c1d89368aa3b5369fa5840d2db14bb870843c17dd425ea03a879e4ddc61db9d61e849aaee3781fe4d
-
Filesize
204KB
MD5b4c9dd407d0e8f216a36a08dd41900fd
SHA176d8283c8b45f9813c4a3783248b31c55dca6155
SHA25675e1ecafeefdf599b3f54cee338afe3c9bd00b88b1ea0798f5464da6b75f4677
SHA5120250e883fea6b902e168eb37a6f58b80e91471aada38c567c19f1f6997cd7eeb0225d81f09635d9491b2b25d1635af4613db844cfc110bce0918c135d36a6661
-
Filesize
204KB
MD55d66e5eaa033a56e9a94942bb913d59e
SHA1bc3055ca06e1c6ce111049409714cc1c871bed4a
SHA2569e2fd660f5eb11e46c081d086d607841504f961a812bcad6849ab259be364c89
SHA5125176216c2313b503c1db7a82a3bfa466417cec2ba5bf5220bf70416ab77679a0035e24877144a56a98ba8d6af2c1a220a523a550b35f674bb61bb1de114f664d
-
Filesize
204KB
MD53f2d24d6855b8adf82b12c36a6195f2a
SHA1bd3ec5dc6480167d381a034f503b14dc1c1fd803
SHA25698169f0f6de76accf805bb6a53eb14aea0f86527c1d558f21cdab180b7baf4c2
SHA512ab4727e24d06315bf65365a3f2d5206feedaf1f24a71cf60aea87063ce5ed258208f5d4b3574cb4e9ee47ff229aa46ba62f14b0792c327d98bf2d2c1f697f28e
-
Filesize
204KB
MD533f98ac7241698b1570d01fe00fc080e
SHA1b73d46baf7fbebb4557441350eae8abfd86389ba
SHA256187d261ab9243d58b31c56d9963f0e048178a4c039b54595b3cf05c37f960ea9
SHA5122c7e0f68c57176347e09a9021668b6c00913ad3dd25b2db46378483d3c5c3b9447ed1b1b2e74eb96d556a4df7010c1cd4e84f3ed999e3a2c41e175dfd5c129a6
-
Filesize
204KB
MD5484cbf0e00f5d0be89cd776818b289d3
SHA1f2adb6b89f49b315a55fca68c6c8e755a590c2a5
SHA256c0c9ba762b880fab8026056de4fc1805aa562f8aef66e27ba509756cc754e2dd
SHA5129be652e4f2e039ec80c5fa732e5cfc68a19f69f102214d195ee31acc9a3ff5cecbb4225e4de599c9412b915c8d2893205c19c3817dc03d151d37ad1ab9a7d306