Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
18-02-2024 20:59
General
-
Target
2024-02-18_ebde00a8d2cb913906981af18ef09ec1_goldeneye.exe
-
Size
408KB
-
MD5
ebde00a8d2cb913906981af18ef09ec1
-
SHA1
cc8bc14d768772428701970d5f13ccf4af650e0d
-
SHA256
ead1c1be9af8396f66fd161f2c91b07c542d9174df516327fa7a1aeff1b60e3c
-
SHA512
6ecff9d22abce2fedf0b52156b9c39bc57fb69271ffb213c80a5405568c31a3147d6b83db23e7d6e49794d2a5ba13269325db3b50da50ff7a3cb70e24eb57ad7
-
SSDEEP
3072:CEGh0oUl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGuldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_ebde00a8d2cb913906981af18ef09ec1_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_ebde00a8d2cb913906981af18ef09ec1_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8874D800-1955-44a6-877A-2E810B536C65}.exeC:\Windows\{8874D800-1955-44a6-877A-2E810B536C65}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{54C44DEC-1B08-416c-B3C6-6FAAE124B1FE}.exeC:\Windows\{54C44DEC-1B08-416c-B3C6-6FAAE124B1FE}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{54C44~1.EXE > nul4⤵
-
-
C:\Windows\{1283511B-D567-4780-B0E9-0921C2596922}.exeC:\Windows\{1283511B-D567-4780-B0E9-0921C2596922}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2F957002-5629-4579-9701-5CF09A563DA3}.exeC:\Windows\{2F957002-5629-4579-9701-5CF09A563DA3}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2F957~1.EXE > nul6⤵
-
-
C:\Windows\{E1BB3A7E-42A3-4d42-9921-5F46A81279A7}.exeC:\Windows\{E1BB3A7E-42A3-4d42-9921-5F46A81279A7}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E1BB3~1.EXE > nul7⤵
-
-
C:\Windows\{E7640DD2-9220-438a-A21B-EC7B955D5CAB}.exeC:\Windows\{E7640DD2-9220-438a-A21B-EC7B955D5CAB}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{14F9BD33-03CD-4803-B8BD-EDFE09F9660A}.exeC:\Windows\{14F9BD33-03CD-4803-B8BD-EDFE09F9660A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{12F4EDC9-023C-491d-BCAD-1178A42B0101}.exeC:\Windows\{12F4EDC9-023C-491d-BCAD-1178A42B0101}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{32384B71-2A01-46e5-9EAA-E4F8DDBC5B1F}.exeC:\Windows\{32384B71-2A01-46e5-9EAA-E4F8DDBC5B1F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C7E0D100-354D-43c7-B1C0-3B4CD4C94335}.exeC:\Windows\{C7E0D100-354D-43c7-B1C0-3B4CD4C94335}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C8D29713-3036-4845-920A-781C0C9E35E4}.exeC:\Windows\{C8D29713-3036-4845-920A-781C0C9E35E4}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7E0D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32384~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{12F4E~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{14F9B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E7640~1.EXE > nul8⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{12835~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8874D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD589f997f06e9487f5dc7308dc5e2d6d27
SHA186743e017e0eca9d298328f1522ce495446385f3
SHA256567cc258e7f5072956bcf7203ec143088bc1ef68dcaea0d9e9b47470cabd2e54
SHA51226c0d17943853dac3133afc9c5c8da964450d74af64b04c18bc48bdd6e890bd2e5ee93794a06d1ec8b28173cb1b84ef434313c3dcae08489225f0939350c8b74
-
Filesize
408KB
MD5f14826d7f1634c1c9ab6dec5eb862c86
SHA158b11a53b0dfbe6b8ad72eb121a72c10c96c6f8c
SHA256858ec342ce311602ab732b699848099cb21fb2466a982a0328493d9fe9698a48
SHA5123e679f2003913930f97152830e744ef665520e2d9ce135656d9a7a799ea1c84d12093f6281749f8f30bd9aa32345b65618fb8332f85edd386bb0f33a087ad436
-
Filesize
408KB
MD5e612c825c113f530f9992138c8c0f724
SHA149233daa2fb9a5be3e04100de3c4206a0ee3e814
SHA256475daf5c8fb38a1a59e301a1b072a4fa3eb029301f249839a347baaf2bdba8c2
SHA5121272398b151562e3ffb0a75191b600558859c03b230b36cc568cc9ded22f301dee017849057ea849f11de3ac16c03e010770e977ff7732d09e41be289b24878e
-
Filesize
408KB
MD568804d87daabe20169cd638d14164740
SHA1d7125b6f4f50cc06dadc09b2bc61c74c40ceb432
SHA25616dad3c1c1070d7182dd56fa794495ab736d0e9de7d45559c7c47a2948d7f5f1
SHA51217127baed9d14c3448abfba480f30f2ee222ef71d0064901bac4b7f8e2942b20f0c2cf1b2fd15a9cecdae0f172688229076ad54a5164b6689a7d1fc2d43e5a98
-
Filesize
408KB
MD5a8a4ecee45cced84dc4753008bc7bebf
SHA1c77f3eea3350eed7320a7271510b88ba065ab73a
SHA2561b96a92659602f887e3719200a3ecf44b2cc9ee47b661fada5cf7ed645c102ff
SHA5121c2021337d159cb100bccb6c60a3bd7ba3d7a30579f0902f7ce63804ba742ff1d9b71bf79dfba5841a9c18fa4a06ded5591eca7c8ceeae3f5de030636fe60a93
-
Filesize
408KB
MD5d6dacd1340166793b0e58b84dc501cf0
SHA19bb6fbf020e5a18e16d3aca9792ed6a7886fa478
SHA2560d558393af234703c43eaecc6032cd500ae8f84a8b1989587a22ce5230403936
SHA512660ae7ced648305bc23f2a0f56cc012dc2e4d8b73feef3aa161db4c7861793c45a0fa15afd36e30fe90e9a9abcb3a3bf246fffbdbc5a1aa5f843736e4a9058ee
-
Filesize
408KB
MD5b33647f01eea606c52e6fd520c128e74
SHA1606d86835fd8edfd99fe1fa6f45f828db875e8a8
SHA2564cd28a54cb270ed0d7aa563d097d2ae1367e5eefe5ad9b374df459ead9710f13
SHA512287ef567dc12b8e848404a163161976d42c4a6f2af0823422c3e43f022ebb52ce98f5edbfeaa95d938fe8b7159d9178d175f41833622c5aac38e445cd3a40c77
-
Filesize
408KB
MD5cefc5d5ce0854911eba123d5bc063e54
SHA182878d6fbe2f8fb1024f403bd478eacd8513e585
SHA2560c19b7300765bf8fa1ea715e62c2ba900fa854e5e77a1b07cfea0940270f54f3
SHA5120b4e39a155bebc6e00ce126776427f4aa3b8c48296c502807ab47ae7b041d9b7f942eb29f22437155343c918e3e6a9893aaa7ea6033cef9ebe5f445a66804369
-
Filesize
408KB
MD5a6e9d69cf32a1bffbddc916e71a21e5e
SHA13adf8d526d0dbba01b42e406f7ac89b0f3710cea
SHA2566510facaaa41882fa78ce6eb5bfc651646c8f537b30c5cca0eec25ecab0cd47f
SHA51289deb7686140555e6b2234e6e221647bbcf2fc0e11aa43d7935a4e5e5b66fba32ce396d5003fdb71fed1661338267be14402e3127f83cb12bde3110e764c2071
-
Filesize
408KB
MD5f9b8587222db3e3983e41651c6988055
SHA19a0dff7a56e4ecbb5d740446de7d1d6d9260b2f9
SHA256d1eafb214a8cbc6d60c7055e04cdde4409ddd600f7febcaceeb88d8b6b84cd7e
SHA512efd45f799b985585660fc1e0d99a71ef0859ad4b045b4efe36bd5553c6854597ffc725ada271b327111aae9334bddfd94cba4c2a231c5da535643fd6096841d5
-
Filesize
408KB
MD5e4843f769193bd0352d87672a0882682
SHA152e2a06ce03737457be4adc0bfc796b5c201db9e
SHA256d35289c32ef3676dd13e8be65909ac6fba691af5c11be71b7b1a27e1fa56a5ac
SHA5127114a76c7343920f9998db665c8d5e445aeb96a9b52443e9d7bfda1056568bf917cd4917bddec5fb04965bd08e4aa944b98eb95ff55df89e752a7cf38cb61199