Analysis
-
max time kernel
144s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21/02/2024, 17:45
General
-
Target
2024-02-21_8346cc1ff7610685707d513db3841e91_goldeneye.exe
-
Size
180KB
-
MD5
8346cc1ff7610685707d513db3841e91
-
SHA1
4f3eb52da5d9d96e5fef79e8e3ab6db5e6a2573a
-
SHA256
94bd55ec9ea2e4ab56d004c09162835b99016a924f7d3cf197115fe6c26fd3fc
-
SHA512
129801e1b3a53e44f9a64d8a4dddb93bbd623853a5e5bd1e4143fd1f45606d0d094dcd1aa7f56fa51c1804448a6772b02d6c541e37e7b63de3f78239865d8172
-
SSDEEP
3072:jEGh0oDlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGxl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-21_8346cc1ff7610685707d513db3841e91_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-21_8346cc1ff7610685707d513db3841e91_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FDCAF76D-E948-4ba6-9E9C-B4CF42628708}.exeC:\Windows\{FDCAF76D-E948-4ba6-9E9C-B4CF42628708}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{43CC76E3-5F06-4903-B3B1-B231BA32940C}.exeC:\Windows\{43CC76E3-5F06-4903-B3B1-B231BA32940C}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6570E9ED-A1B0-46f5-9E3D-F47229801F3B}.exeC:\Windows\{6570E9ED-A1B0-46f5-9E3D-F47229801F3B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8CA259EF-C286-410f-95EC-2480BDC7DF06}.exeC:\Windows\{8CA259EF-C286-410f-95EC-2480BDC7DF06}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A01F0931-E65E-4661-87EA-FB62626FE844}.exeC:\Windows\{A01F0931-E65E-4661-87EA-FB62626FE844}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F0479AE8-EB72-4d07-B3B3-68900061DC0D}.exeC:\Windows\{F0479AE8-EB72-4d07-B3B3-68900061DC0D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{86AB184C-C280-4cd4-84B2-526A7D03920B}.exeC:\Windows\{86AB184C-C280-4cd4-84B2-526A7D03920B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2EEFFD5C-3FB8-4c2e-8E5E-B29A54CCECB0}.exeC:\Windows\{2EEFFD5C-3FB8-4c2e-8E5E-B29A54CCECB0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{540DA734-7E7F-49aa-9662-EBBBAFE4D977}.exeC:\Windows\{540DA734-7E7F-49aa-9662-EBBBAFE4D977}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FB181F18-4172-4b98-B414-EC7D28CD0EBE}.exeC:\Windows\{FB181F18-4172-4b98-B414-EC7D28CD0EBE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{CCFFD642-B964-4f8b-98C9-50E94F67E0E4}.exeC:\Windows\{CCFFD642-B964-4f8b-98C9-50E94F67E0E4}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB181~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{540DA~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2EEFF~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{86AB1~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F0479~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A01F0~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8CA25~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6570E~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{43CC7~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FDCAF~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD51d295a7e2d0e7c7c378eaa0b235041c7
SHA1f7b8a7e25e673b18ef21c892117f2fe9b2064f47
SHA256a7756138c8e600251a62039099192595e8baacd68dc6bf4aa36d66fd90cdf6d3
SHA512c097861030e00ad020d2c9f97123bef02859003f77b2e617f4957d0199c4a6dfdae48390a513d28fab4a70c2912503c6de69652101de8cb81455d8f316a41300
-
Filesize
180KB
MD57ba9a10515c23b5ec32939a081026a76
SHA16e78d2728f03040d3ff4457ebea4560df7d9ba8e
SHA2566a10ad65233fa460b8e476802081632befab06a14e3ec809df34ffd17875cea9
SHA512f0f70697da9bb6d3bece89183f65665c56f1f950124abce07bb8c12bacfe23191f13d47498a5bfca9e10b69ced129be9432531aa912d254032e75b2ffac032f3
-
Filesize
180KB
MD56fb676968bdd9dbc1551b93ce74ea8c8
SHA1eca80d744e1ac7acdfc28e25cba4c814db43b8e6
SHA256df24351bc01225742fe04c772ee1dda0099406ca27674c458b7cbe827c409d5f
SHA51290d308ecdacbda4ac17743f1a6e5a6bee4606b5c7ad40b506b32dfb1cccb62deb6887036121ac3d3d0c70c88bfc959c00d793f38babbd9a38102f65bf7551a94
-
Filesize
180KB
MD5ce2d73c1f2474d8a177988fb67186536
SHA1ea55444acde5bf1f24a93b39c1504380c23fb170
SHA256b50d57979aa3cf449a4964f161a74fc9f3c26d19ebfa02331811488a7379e6d9
SHA5127c62bed1909f9ee842f7eede540e488a335b0c6f167a3f608a3d5ff9734f625db8e9e886586ded86fc9c3e5ed7a67abc66e053cc888c5b1a343a88691ff778a6
-
Filesize
180KB
MD538d8e236061a30158a587eff0d0f0420
SHA19f50172503a2cb96efbdeb9e4ed6b0dc264a4e7d
SHA2566b19bc07551aca6c0dd1cdd3858efe2a82a8e2c66a6f38e5716e44fddbb14bc0
SHA512e41ac77af5acf044bb257bd211d30f5d69a3af764055345d5ec4733f9b844afae2bbdb788aa72d1ce2424070014de364b527263161a0eeb04266a2f89e591185
-
Filesize
180KB
MD5dfd429713406886e500c91fa7da33a8b
SHA1a87ba4793332843589379f471fc91239397cfc5b
SHA2560a6dc3a31d262b1fd47329d8ef5d937905afe6b0c1af8da3473eb25afb7f1318
SHA5123801ec3c67eb882d5e902e3013f96d5d4b1c0120dfa81b7d3fa313e9d6bc30c50ee669ef13dbcae97ffdc5aea1f8080906bb50563c8a6996d0f2a5ae08708c24
-
Filesize
180KB
MD50b321e73b4ba4970f529bb3573d7feb6
SHA1a545c0f4ad48067125a2245505482120239a85b3
SHA2569b8fb747c7b4bf0a57daf1daad20b68e247551a8ac4e10d3995abb36d8ba7159
SHA5127c145f77d2977e7bda86ec90e410a94098283eb831a9b2b9606d6ff31b6163499fdb49adea4fff21bb231b3d51e034179ebad4e4b7156da1bf66d1f1f695d58f
-
Filesize
180KB
MD5c49114190756d029f40f15d6c573a34a
SHA195e7dbe9ec1d6fb88320fc0896cca77e6e4ef7d5
SHA256d2a2058e7cd08d80a06d8589006b06ba4d352d7a725e51d7609cea785e75aa7b
SHA512dfad2e394bbc42ddaa5001b633a3a558811124f928cffcb51b423f9edebd4b186293dadf11fa612421f819f3f4390bcbd799184ee77982d4e9d687677c312d2b
-
Filesize
180KB
MD5ac259e96aa8c63703eb4f0161d00b179
SHA11399c16a4f003c17edf1d45747cca1a40187abb3
SHA2560d5f7ce28d833d803a4b15b5fe25031b523372600f8ce9dd645a1d29108402e3
SHA5126fd1292a3a4472f116a08509b4cde6c9f498e5808e7118aaf2647177ae995e25ea547fa7d926dbf5d6f079a5783a9b5e7341e064cf3d4b50d75e6ea041666dc1
-
Filesize
180KB
MD57bc1abcc2c7a55e2a8eb4bd32492b0a4
SHA1753a1ffbd1a80b5b8fa1909c23f6fbaf938e86ad
SHA256135ee78e2aa008ca07e2303f6c4ff747fe68594894134c55f36651fc77cd9519
SHA512e925b5d53ed1ba590348dfd7d4ba807c548bae0d9daa79226bd06ec0adf48034dd81728eed0bcdf1911ec21bd4bd45098a147dcc7fb3f2ea4fcf0ad4ee61d1f3
-
Filesize
180KB
MD5509e7441259212c34fd230e80ac8d87a
SHA1330c5ed450cc3d33fcc5fc25665a7b07d717093d
SHA2564cfeff2e0bf31ce42b3f28e9f35163ed445bbba50cf0bc19a1a86c979943f8a2
SHA51215d2e576df8ee902108bf3b96f1745079e8b19ac04eb25cc309c6271d29f96447a64b41edc8d66d7827cb21d68c6b80895f7743eaf9de1d8a1fc77dc9b19d239