Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18/02/2024, 19:46
General
-
Target
2024-02-18_4390c88d3c74d38f2fd37d6aad54324c_goldeneye.exe
-
Size
168KB
-
MD5
4390c88d3c74d38f2fd37d6aad54324c
-
SHA1
57ec83b48e4bf563e118679cc16fcb4c9f56c171
-
SHA256
b50b6c9a49abfde0abee2c361d476f5fa1b44e94fd3a4c33e7b84538e595a2ae
-
SHA512
7f07e8184e1340e057279c305c7a8576c676c1b816ef5b24647171f72e5662f5cf8d4ff1c74ad06232d9efbc4b6a03470925924946fe272f04b100ece8706cf7
-
SSDEEP
1536:1EGh0oRlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oRlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_4390c88d3c74d38f2fd37d6aad54324c_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_4390c88d3c74d38f2fd37d6aad54324c_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EEE85776-6206-44a4-9FA2-C8A9484167E0}.exeC:\Windows\{EEE85776-6206-44a4-9FA2-C8A9484167E0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FB7796DB-F152-4d0e-A56F-98D628F9AA81}.exeC:\Windows\{FB7796DB-F152-4d0e-A56F-98D628F9AA81}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DDD703C1-F9E0-4139-A46D-2E3F224D9909}.exeC:\Windows\{DDD703C1-F9E0-4139-A46D-2E3F224D9909}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{37241E51-4D10-4992-90F4-B96488C386EB}.exeC:\Windows\{37241E51-4D10-4992-90F4-B96488C386EB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{37241~1.EXE > nul6⤵
-
-
C:\Windows\{DEBDFA32-8852-40cc-8923-00833D82BF8F}.exeC:\Windows\{DEBDFA32-8852-40cc-8923-00833D82BF8F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A084471-3C61-4727-986B-F3EA3193A168}.exeC:\Windows\{2A084471-3C61-4727-986B-F3EA3193A168}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A084~1.EXE > nul8⤵
-
-
C:\Windows\{E56972B1-B7D1-4a5a-971E-A2CF8000DA39}.exeC:\Windows\{E56972B1-B7D1-4a5a-971E-A2CF8000DA39}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5697~1.EXE > nul9⤵
-
-
C:\Windows\{BFA3707A-55E7-4ff0-8589-74364A2E3F12}.exeC:\Windows\{BFA3707A-55E7-4ff0-8589-74364A2E3F12}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BFA37~1.EXE > nul10⤵
-
-
C:\Windows\{2452F5FE-0854-4636-B9F7-3F5E88D191D3}.exeC:\Windows\{2452F5FE-0854-4636-B9F7-3F5E88D191D3}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{58AF2B1C-2ECA-4e3b-A452-F152EA20F7DD}.exeC:\Windows\{58AF2B1C-2ECA-4e3b-A452-F152EA20F7DD}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{EB6F393E-DB7A-4913-BAFE-ED36B7215811}.exeC:\Windows\{EB6F393E-DB7A-4913-BAFE-ED36B7215811}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58AF2~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2452F~1.EXE > nul11⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DEBDF~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DDD70~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB779~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EEE85~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5034e1274aa4bcade0e54a0eadd29bc86
SHA1858caad94f1e290373e6b9867f980e1be43b449d
SHA2561215f298b669ea2ca7cb29a35f905903ecbe8fa1e1ea26d018384beeefac9959
SHA5129a7efeff86ee0ea8b243f421013f48c4a3220de3b01506f44abd1ae42285cf9b7cd0f3eada0f5ef6b80f2a2b4017b5bee7f91ed568df6263090787a1af315287
-
Filesize
168KB
MD5010ffd73f03e733aeecac4b27eb073ea
SHA1ba77b957effa8f9c89a33dae80dd63b92b76c136
SHA256cd66e83a21253d191533a4acbc912176ac584cb164d0a7353ccc53330bf92da7
SHA51289982e2f50c57cb019f36f45e5b9b43cab0944db917976cb1cf8493af562632566165e70f7556567ec6c04b194872918797d9de0818a9643a33ef714fa2a7813
-
Filesize
168KB
MD549492905da529fc49f51f034dafebd79
SHA116b5041b82c37cc281bb97a549ea73aa6bc094c5
SHA2564ae3445b5f92e5545b4916f098e389965376efe19670f3ecf35fe853038dc637
SHA512aabb10094032cb0f8c8ae5a88f30662400e6861b9db31774be9a428ed4a5a3e31f09d9287607b2a3ead9d7799a89328cf53dd9856671ba94f09182a6931190a5
-
Filesize
168KB
MD5f4ed4e743f28b99e1402a888c678e2ee
SHA1901e9b4e16f41a2ea45e26a9b5294a7685df9d8d
SHA2566fef0f943645dbfb6e4c24e50edc5f00a3fb51791a54ca60160df96fb151a495
SHA512a4502d13e813a00942fab3bb45f65f7bb3d49eac0d9e5530283599f8112d759c4d78bc4b6922ef722358925dcc495ea807b0ea55d535af3f60082734fc30652f
-
Filesize
168KB
MD56179b1574963b260b8bececcfd2b280a
SHA10be547e31c072c8e6dd5e28982af9c9bf0bf8f1c
SHA25678d381e24b13cbfdd576554dd23b5a8f4997a46d32dd528b9bffdf4e87b0478b
SHA512f772d1446d0523aadd2e4ba0af1817f60962309d45dc03ad3f31e3a17cc6bd4f1f8902fa01c5d7e3dfffd9d12b5587a786a687607ad7d639d22a2a0e2d776176
-
Filesize
168KB
MD573126d0923fe858559e1306fd6ba3cc0
SHA13605914abf3bf386cd85938e1b6d4365821ec446
SHA256946b81cd56504a28cc5d0ae5d53ab6f223dcc461f5907a2cd78c00d19dec068a
SHA512ebdfa7184b8768436fd9416a4dc80b87d0d70f8989b6b4121adfc71c1f77a0ef4e9a940cc816b2a9698febc81e15e30056d5caff279e31e06cf692b251025a76
-
Filesize
168KB
MD5f4377d1a06685cf5557c21527e0b8898
SHA1878294e0b5f03c19832366881e2d09c004dc3a53
SHA25628b3a4f75a5c93c08dc90968a484bf2c2daeadc227c28d5741ad8d644360e0a1
SHA5129d7d87a36e19dda18608877e0157d08b779412eff5d4cb633803df4b3d7da7363c3892cf6464d9ce6549e1b9613a443f71b965b57b8251950c3e38cc95b47130
-
Filesize
168KB
MD5a70fafe91af192641ccbb8e387dfc6c7
SHA159cafc960345b7a2d6e4144748becdef2ece2cad
SHA256508bbffc0430933efa98d346e7f7d37bfc367a7af9c78f27c12878fc567e166f
SHA51219cf69434e2efa4e84c290604bcce167a7fe139425d2593931b187a102ea51fb6bb1d46509ba1eaef44ad1ab3508ca73352336309a4c81d3dd7b56df24fd85af
-
Filesize
168KB
MD5c11527a132ac6d9670adb9b426ca9314
SHA1c952df47028fa99a149ff477590028b299f703ca
SHA256e1d3ab2ddeb4032e279b4cf34983277887efcc4d6c97dbd8d1cacfdfc53b8726
SHA512d07e5a4703fdb9dcce61dae8ec535b1d60096adbae0726141ed801fc7ede9211147c101a00807431f0f1adb621c383538f27a57dffb5d31257b64e79f602222c
-
Filesize
168KB
MD57ecf999e8dbfdf8e30b4d8af79861369
SHA1c44b31d2e5954538a09e7f28a80d337bb4c42095
SHA2560887a1c89915f64a65c58fd9e7a60f46ac268df6732f0df5c34ca974df00ec53
SHA5129e3aa3a6eb29dc4cb3f21b11f27c114a6c0927ca296c7a51ae829cac41114aca63be8ce3f12a5162ff42e3c1f1ad8fafde78f7f2afbd328e4d7778b18b8d938c
-
Filesize
168KB
MD53e732dca42dd6b3fb82d2f9e822863b9
SHA19bfd8f1e34ae03f3e85bd7dae5ea5bbf6927dafe
SHA256565f6883b9c5f86da77393887ffb8999a88e4d9eb4563272ce7986348a4bc384
SHA5122bfcc038cae6567ea8d707a2510e444b44cc7a9c25db699647fa4902a12e532e85553a498b8fc60b5382162f63c83d2184cd59f87d3bfb65ed2931bd4dc0eeee