Analysis
-
max time kernel
152s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
19/02/2024, 00:45
General
-
Target
2024-02-19_39b6973c17305ee207a537184fb4ecc3_goldeneye.exe
-
Size
344KB
-
MD5
39b6973c17305ee207a537184fb4ecc3
-
SHA1
3cfb241701c8a796a27aedd26a1ce31a68d72c34
-
SHA256
1fbf9700e4cbae3c46a310a11de24527a848b81500d98660c6bbf4dc388f7380
-
SHA512
b3493e96a463cfa97434f97280fc2a96179fe6c4ca79f8efc42068968869d6d8f619e7da796f3a00ad947be766f691d50ab48af0c6ae8950a79c31dbf387111b
-
SSDEEP
3072:mEGh0ovlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGNlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_39b6973c17305ee207a537184fb4ecc3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_39b6973c17305ee207a537184fb4ecc3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{98FFDCF6-4607-4e80-A790-195269537E30}.exeC:\Windows\{98FFDCF6-4607-4e80-A790-195269537E30}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C6467E9E-BAC4-44cb-AF29-A6C81053F905}.exeC:\Windows\{C6467E9E-BAC4-44cb-AF29-A6C81053F905}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0F20D262-48EA-48bc-9E5C-3CF3F39B7107}.exeC:\Windows\{0F20D262-48EA-48bc-9E5C-3CF3F39B7107}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F20D~1.EXE > nul5⤵
-
-
C:\Windows\{C1730FCC-8A84-4009-9D1E-6D123F1A991B}.exeC:\Windows\{C1730FCC-8A84-4009-9D1E-6D123F1A991B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C1730~1.EXE > nul6⤵
-
-
C:\Windows\{D830BD2D-B7AD-4ba9-843D-B387181F009A}.exeC:\Windows\{D830BD2D-B7AD-4ba9-843D-B387181F009A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E7FF4717-E31A-4731-84B4-AEA9F53FDADB}.exeC:\Windows\{E7FF4717-E31A-4731-84B4-AEA9F53FDADB}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A30114CE-8A5C-4a3f-A9DD-28D3FF9034EC}.exeC:\Windows\{A30114CE-8A5C-4a3f-A9DD-28D3FF9034EC}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8F392C5C-7356-4d59-A934-4DADDF991D62}.exeC:\Windows\{8F392C5C-7356-4d59-A934-4DADDF991D62}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F392~1.EXE > nul10⤵
-
-
C:\Windows\{C7ABB856-51F5-4d18-AC7B-92EC4CC86965}.exeC:\Windows\{C7ABB856-51F5-4d18-AC7B-92EC4CC86965}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7ABB~1.EXE > nul11⤵
-
-
C:\Windows\{BC884E96-2F48-4a7a-BF50-E56113E5C3B4}.exeC:\Windows\{BC884E96-2F48-4a7a-BF50-E56113E5C3B4}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C34691A6-8453-4951-8001-D438FF683989}.exeC:\Windows\{C34691A6-8453-4951-8001-D438FF683989}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{66371C22-5897-4317-B273-F5C50BCDA9AF}.exeC:\Windows\{66371C22-5897-4317-B273-F5C50BCDA9AF}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3469~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC884~1.EXE > nul12⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3011~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E7FF4~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D830B~1.EXE > nul7⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6467~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{98FFD~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD5315a96b04fef4c95bb701a407daddf7c
SHA1759fa3ec9170f2ec29d4e2fdceb483f9abe182da
SHA2565b1462fe137edc8c3fb3e5c5007e27ad748a24db7e32fc39dbbb11da82f35923
SHA5123c1e4a02395bc859fb86975ccf51ccc77bcfd133e7d93601077e83564b0c7ac0b1809156e3cc241a5c96509753a7e1728b3166db9cff732c1cd68e174d224943
-
Filesize
344KB
MD511ff7afc05b01fdfd56839149f26fb9c
SHA1b61802a2b66686594e68a03a11623cb931e2ccbf
SHA25634d0ee29a9d1d3693194f782a69a3369df40b6160017e66df1d097cc6289eea7
SHA512423baef5e506d2e1ed8948c49a294edc33d48b245e32ca85a1d65c967293f16c11ba1927f6cd30231189f78ebe91ddfc3854375d64c0b7e654f854a12fc314f4
-
Filesize
344KB
MD5cd852f042b99b3ff586865a151f8fbb6
SHA1ce1a32609270af6ae80c27b36b5014367a0f642a
SHA256f009dc2a60815e4ae7361fd5cf282be0222165c823f0c49c778f2c6032c831df
SHA51229c50b8d0a3ce7621ecfbf1e2a8c3819682f5305c43ea537123c9d24bdb43e6101dfdcc58978f5a99de96251f932b9c0406fde66bedce35718d282ec90fc4b52
-
Filesize
344KB
MD5261168a1446390f108f1b8fd0ab8f515
SHA14d391189bf731b0abc0020f6dd16a6847a547c95
SHA256eb6886517f5c3ea7e77671cf2ba013b5b7e7c7e7d4e5bea6477d9c3a05a2a552
SHA512372f9f8246744215ec8b74ff04e934cbe1e342ad695bbc221f7d1a744a928a40d5f4c49f76ba484af5d24b669bd85e44bed1b66db004159f1a7f7f51c4ccddd6
-
Filesize
344KB
MD5642f8e210886c6ef8a69e137434b5713
SHA100ca8385f75540ef9dbb83bd0beb26c13a2bf54f
SHA256a07acbff3525cabcc980ddb13cac7f7ede2a32becfbed65aac9698ac039b19d8
SHA5126bd74213aba81fa499403a2dcdf0d61f232cdb9dcfc605ca65c936af365d08466bd13413bdd579960414a03803113469e229e2af0046de6dfec0a615e221b12f
-
Filesize
344KB
MD54eb91032a9929263bb1ee37ca0ac196d
SHA1106344f1f7777492e6b6579bbedb6631a9b3d298
SHA256d7a26696d5b32ec4df736907e55110a365b14172830f6a3450a1f434e7ba44f3
SHA5125136029d9e3b5c16ec0416c35594a93d64dc6f7052d4dd2c44b594f2e12faad08c81758bd74677cb1c030561eaffffdf27ec74913fa86dd29ac96f6433ecf428
-
Filesize
344KB
MD5ecd2610ee873b587172851429f3d9cbb
SHA17299f87ad6a3f9eeee2b9db389969bb293022f48
SHA256c011ee746eee745fb9783c5046738fcafae918560774088eaa35ab190f4a6391
SHA5129d46529eabe0eb82946b7c606e3c990050c9fff5046d3c3f5294b3453635bb8a105ac5b7874d5bd5542474bfdd11859979de7fab852c7ae1906c13dbd3cfc793
-
Filesize
344KB
MD5415c0fe3cb34fd364e608ef91b3e3b16
SHA1ab5f3516acf6a4e4265437d148939ddbf6d6fa32
SHA25674b0bafa5281c3a1f1d2e9b73d7f9e1ecc91276913c9c052b500d9711d0224c9
SHA51207256d2726f12eb9e70cdb8807e0caec9b55e9d4237a344f3e3571b943087336bea5baa566d2286cc43fbcf356d87d5b115a1d92624f66cd45dd2bf6f2969bf2
-
Filesize
344KB
MD50db810c84fa7d88534e8b2a2b5603c77
SHA1cadb8659b0f661cb00c3c0e4a0c75015113c010b
SHA256d4cc822cbb2aa90b0e9887fafdcb9b3a19fca56f4d3701666e8fcad5702bb498
SHA512df680ed7516e58e7537b31f8b321e5af6512bfc04d6ff118f6a8b0f86cf76973c3f03548639c1a9246800eeddf181f7e357c1f4bc571572fd48d169b1868ef81
-
Filesize
344KB
MD55ba5143a560edf7884ed48bc41e23b32
SHA1dacf964e2afd66e5aaa16116a230685fcc49c9ab
SHA256eff4bc5ff771dccb901ffabfc6dc8d889be117b3404c1147145863ebfab399ee
SHA512d3e6c46db00f4d165946f7553130f24e0b8ebc7d34ee0f2ac3f05eae236d320f5d7928f7b90c79b13f23e490eca231b83e868ed6ce6b6551b09d7176e54ef517
-
Filesize
344KB
MD5c5b37ac30711c7dc71e0fc5d6a51a550
SHA1bcb331fe470bd2b86a341f1820ec490d5c2180a6
SHA2564d441dc12bab2bbb61e3c486db67cec314d12f74eaeaa31873173c930915eb9b
SHA512bfd2ea2861dc42bb9f22e9efae349ba7188de47cf2f692776b4857fc6ca03cefbe16dfe35a4b190b34990aacde612d68240536d6b8b906e8f17e79acb6c1e184
-
Filesize
344KB
MD50c75d0d12db36a5229953f30c99aae9c
SHA1b13deac14b453469a8543cf00930a96c1147dc18
SHA25639f1d8ff8825fe8980eeee475b0cd973701cd51f33c3f8fc8bd45abf5c2ee215
SHA512216656cc7c28c1714792d2ceb7da1844232053efba07db5f43e99f643d59b3f22ff8e2894c9794f81a23680da1d01a8a6e1dfd9f73e54bee72363d416c865eef