Analysis
-
max time kernel
144s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
20-02-2024 00:25
General
-
Target
2024-02-20_1e2586bcac04fbd7ec13c7f364511c12_goldeneye.exe
-
Size
372KB
-
MD5
1e2586bcac04fbd7ec13c7f364511c12
-
SHA1
ff4d0b62608d1c85b735e06a04378a6a20748ab0
-
SHA256
befb8dbbf62736c6503047ad8c3b395207f58fe20d57a14df397f0d679d6f901
-
SHA512
f067f3fe588c118648756b0c584f3ea09f9041412a5a4ba3ca1dddb30fc1edb4e45e2397c4e4bce70d30365cdba126883de2effeba3faf3c23b3baf537c648e8
-
SSDEEP
3072:CEGh0oolMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEG2lkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-20_1e2586bcac04fbd7ec13c7f364511c12_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-20_1e2586bcac04fbd7ec13c7f364511c12_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DC43F9B8-5A09-48db-92D2-D743513EFBF3}.exeC:\Windows\{DC43F9B8-5A09-48db-92D2-D743513EFBF3}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD8F0B4B-30C8-4649-BBCB-A722B4A687BF}.exeC:\Windows\{FD8F0B4B-30C8-4649-BBCB-A722B4A687BF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EAC6886F-C561-4569-B666-244977B80C05}.exeC:\Windows\{EAC6886F-C561-4569-B666-244977B80C05}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5756F4B3-FB6B-408e-917A-3D2FBB95FEA3}.exeC:\Windows\{5756F4B3-FB6B-408e-917A-3D2FBB95FEA3}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5756F~1.EXE > nul6⤵
-
-
C:\Windows\{FB9D24B7-5C08-413e-8B66-B5BBC990CBE3}.exeC:\Windows\{FB9D24B7-5C08-413e-8B66-B5BBC990CBE3}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E627994A-9530-4a92-9626-88C64E92A1E9}.exeC:\Windows\{E627994A-9530-4a92-9626-88C64E92A1E9}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6279~1.EXE > nul8⤵
-
-
C:\Windows\{943E3F85-5DAC-48d3-B0AF-AA22EFFFDBA6}.exeC:\Windows\{943E3F85-5DAC-48d3-B0AF-AA22EFFFDBA6}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D742CAE2-FEBC-4d40-BD77-41F7C186AD73}.exeC:\Windows\{D742CAE2-FEBC-4d40-BD77-41F7C186AD73}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FC15AA05-4BFE-4a84-B623-A397E98A4474}.exeC:\Windows\{FC15AA05-4BFE-4a84-B623-A397E98A4474}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F9004898-E130-48df-B245-022A5DB784E0}.exeC:\Windows\{F9004898-E130-48df-B245-022A5DB784E0}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F0E4B0D7-5F3D-4a39-8F37-D94B9DEF9003}.exeC:\Windows\{F0E4B0D7-5F3D-4a39-8F37-D94B9DEF9003}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9004~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FC15A~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D742C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{943E3~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB9D2~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EAC68~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD8F0~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DC43F~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD50dac1705bf8ea96ebc35264099f3094c
SHA1b4766be4cc4f1bf3e052487e762774d1daf22676
SHA256cc2601b7a6e26f97e117d5cbe716b4b5801311a2d7599407cdbc41eef30a2163
SHA51254e3cdc86f7196afa2847f63431017c9a46d7d48643ea218489df35180c9f44e16c2ff16609eaab0fa83d947e96a72946ec492a5497194bcbd541cb92c1f76ae
-
Filesize
372KB
MD5aa6889bb6d0359b15ce73b65f86f8f7c
SHA118a5f72b821cf602b520c3c9d184c6267ebf0ddf
SHA2563a68224d5a7b7b48508b25f20580ec0a4f5d12d9fa85303802a07fe4d5c37a97
SHA512eb3d6cc369818ed407f26f72f5948332dddbd9a2e896ab5e5d8b64ab85b384715b800e680be49cb0dbc728400cf44067beb7a58b755fd4d74a6178ffb9911275
-
Filesize
372KB
MD5a892d1e359483d585e2b4ac284d8e81e
SHA1a29a16117d995374d5775c4bfeab6efa070d3a00
SHA256d2a49ded5d4c1ad0c7c84b12fbdd67f764f5c803b935519e557e8520ea91bc1a
SHA512cd4ff4e402dcaba26fdec6234bf6fd5cd755cf76c550146122a0938e98107fc97356648333b1b8400a54058156557f2d5bbe57c26ed46facce06a24fd7b55f67
-
Filesize
372KB
MD5cec02be826bf91fdbacebdb5fc32a0ca
SHA1d3ae7e81c8d0e3bdb9f8b0bd2fa737f3e4d75255
SHA25652e2e9763929cbadc3b88900c488c11d474a2e24f8ddfa4c4a74daa38811301b
SHA512f139fa9ffd5b5a2ffcbaec6e59f1e0b8664a1fb73aaada5c66aa7b5a7b9fa8e27f1a77a6595bf16ffaff6c3e6c0c3f8b108bc05fe41040c98826dab772897f34
-
Filesize
372KB
MD5acef6b2a19f8f298a142787d2368b290
SHA13010084a8d61bd741321feebe6d643305b6790dd
SHA256acd974ba8c597d2283785a888b6d1bcf2146871c0fe4be95c42a2bdad6ddbee2
SHA512cfbbe306612c3a059a589c76766c5f5f4eb9967ea9f2be4e325bf8549b1147b530ffe7ef86e4f56650d21362c234500707c64d28d1083b941500b7ad8f478ca4
-
Filesize
372KB
MD57b1b94e9dfb2ed8192f72f2edc52f902
SHA1d8079d59f0a164f6dd2694c5f6edafab23497524
SHA256628b74e3c5a4b3804b736c4f7de4294a38d9c16257046dc949c2d3e949c7e950
SHA512d7ec24d278746086211ec7450a9d353a66b6d3a3f2422283756923f6f68818e829ff3b839dfb80eff516b1fc26bc49088a7a006e0b6e5647e82e15ba2cce9b37
-
Filesize
372KB
MD5de8d61a76e8f77230c8a572303621991
SHA176342ceb14098d2c52cbec1a67759981a553c567
SHA256a8541ca93635d28444baf87082a110486458d25ee8d13c73c4478f843dacb5d4
SHA5126dea1b4f824b3a8f3d77328f029ab163054412bab73c04e95e69af1f5fec559b800d971f3ca569ef601cc32c47baebc8246417ca4b7d8b994ae91e32528017df
-
Filesize
372KB
MD551869bbf373860eef290988d0fbdf199
SHA185960fcd5f43edf8575df41331c96c88330334c9
SHA2561fa5c51b7f46cb89659482978ba7dd6e0021534da8cc91a3306ac2d6ad2ba90a
SHA5126dd766f94fb1338a2702584d16ad21b46273aca91a99d570c300f8155927af635d9014c0d64cf546580e94a0ecd4e01d916ead0d4407d78f6e61738ddd0d6beb
-
Filesize
372KB
MD5bb1f5ef80acd95e7362f9a195228efcb
SHA156f4afcd71800dde9e310ecd13d48198b2c19a6c
SHA25692bd9914f6496b5aec6661d22afe412ea852ebe2128dd4ef7a61d49fbfb8c886
SHA512d99f81c682bfd51919047eefd3bff330d38f58fee3705b4eb15bc589c6695d4f067d63a7680bf3f31aef3aeed6732708a73c39d5ecfba9f5c5c0783f5a16b636
-
Filesize
372KB
MD57b738abe0cd01d895ba11c798034301e
SHA1307c99b5036c4218b5ddc57f615838b2b223bc38
SHA25630cf1182df0b0dfa8e39ce3840ce794bf24f2f950ab30310f2146ae9bb3babef
SHA512b0995bdcb5bd24a5012a37a0bc4e54752fe6b2939af84f6b3a64197567dd003176211e416407c7216610b1d22807520c0854f7873c6b26fba8c980cfd889d7ee
-
Filesize
372KB
MD58b057bc5194d50b8d6d5e22dbea70f20
SHA120731122b81d3d9ae37a5243ce99b987ddc7f6f4
SHA256b77a373d041b246dbc79c7f44f927b3795516f7f3b6afcaa9c7a8c277d69e82a
SHA5124628a0ce6f861aa747fc0694d065f54336177c6029c2c7e7afd74c19d53daaa75963ad93e324441968d878964dfc3295c168f6fd63c327949c421a45f258e68e
-
Filesize
15KB
MD5b2608a90680bcd43127f7b2e8a22a415
SHA1ba380c4b9c6c5a9e24f36f9f7b3bb56d9014882e
SHA2560d8e5291d2e540e99e8829b311e88474dd8fd6f26d5d5a562107295b07234fd5
SHA5128831c2839b380e8d9b7d920d81b2d29883616efafc405e088d2dec45047618c01727892d41729b65568ad765ac5625ffd1c5a3dc3372f864eb41300489e3f20e