Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22/02/2024, 00:31
General
-
Target
2024-02-22_3d301fc4956d18fcc31ed3cba65c191f_goldeneye.exe
-
Size
408KB
-
MD5
3d301fc4956d18fcc31ed3cba65c191f
-
SHA1
4fb3ea50eea4ad7ba7bb4f5dae42862cbbe4ce6a
-
SHA256
7bdd4f2471e13e4b3da3ea883a0475358d426160712f4a877e1b838b8a89bfdd
-
SHA512
aa91c9a58eac8521aeb36efb272587e058e56a20ad9fa8a2cca243960b63b01ae194aecaa8438f7a2af94494c5ae4715abc859d31b02ff4e453da543f665bb4b
-
SSDEEP
3072:CEGh0oMl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGWldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 18 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_3d301fc4956d18fcc31ed3cba65c191f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_3d301fc4956d18fcc31ed3cba65c191f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ABB17D70-7B34-483a-B063-9F3720A9762F}.exeC:\Windows\{ABB17D70-7B34-483a-B063-9F3720A9762F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3F891712-42F5-49fe-9A65-6A9CC763A208}.exeC:\Windows\{3F891712-42F5-49fe-9A65-6A9CC763A208}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F3EF969A-2DF3-410d-8175-A8486C180840}.exeC:\Windows\{F3EF969A-2DF3-410d-8175-A8486C180840}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F3EF9~1.EXE > nul5⤵
-
-
C:\Windows\{2F969BCB-FFDD-4762-8F7E-C32FC9A16704}.exeC:\Windows\{2F969BCB-FFDD-4762-8F7E-C32FC9A16704}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA0D279C-CD9B-4f03-9F6B-0624F4043D3F}.exeC:\Windows\{CA0D279C-CD9B-4f03-9F6B-0624F4043D3F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3A4E56FC-8404-4ad4-9F34-CC785AE6E7EE}.exeC:\Windows\{3A4E56FC-8404-4ad4-9F34-CC785AE6E7EE}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E9D4D2DD-23DA-45bb-9D86-8FC3F8645ED8}.exeC:\Windows\{E9D4D2DD-23DA-45bb-9D86-8FC3F8645ED8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{089E62B3-D658-44b8-B9FF-2E94FA89F247}.exeC:\Windows\{089E62B3-D658-44b8-B9FF-2E94FA89F247}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8122C62C-F31E-4836-B700-0C6462226588}.exeC:\Windows\{8122C62C-F31E-4836-B700-0C6462226588}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C6907BCE-7722-4bd8-AD35-BDD18235B4F1}.exeC:\Windows\{C6907BCE-7722-4bd8-AD35-BDD18235B4F1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{91FCCEDF-0569-442a-A2D7-AEC117B7779E}.exeC:\Windows\{91FCCEDF-0569-442a-A2D7-AEC117B7779E}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6907~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8122C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{089E6~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E9D4D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3A4E5~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA0D2~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2F969~1.EXE > nul6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3F891~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ABB17~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5b9c43d1eee5e753f6195cc258ad6a5e9
SHA16e556b06095905364c44d77ddd34b0ae939b9f87
SHA25611dafc7b5e049fa06b57559e8bc144de78ba14900ac8ad30a04984086dce2229
SHA512ce7cb02dd2108ade88b900243f192e9e90f59dec6b07ff54a022db21f9d162b53b3d9079d7738fad75892b6f75c764184d0e5f9d64371535ba71da7e8e814aaf
-
Filesize
92KB
MD5dcbed5693447fe7e851720e11efcce6b
SHA1a82b4f9e9cc8d5a6a55bd48797ab12115382906c
SHA25671b78961dd139330d76fcc2615d16f64241fb2e5c2b696eb387cc155f3f0d155
SHA512fe2b3b9d4dc82699a0238f73f290438a6d28f7befc0acd7c32ca21dc5c9917fd6c198b20bb0017c9f7a96a05338c594fe08b166c54cae7ec7c787faa39599cc1
-
Filesize
408KB
MD5986094fbb42e2410d950c8f2f0f11c2a
SHA1e781fb971072b3ba6df838a0f366ca09e2677cc8
SHA2560d84df70059070f943348c8418608827b0083b41d94367d24f4987f88a4485fd
SHA5129d48eb5574a6b7936804f255d8157394970461ddf8b2259cd0b8d2ad98afee35fee34475333db9d0d09350e57c1149b04034f07be4ab4a0089ecea5c16e121e8
-
Filesize
315KB
MD59a1ef4d1fc03281a4b0517f52db39fbe
SHA17854289279e6bcc14c336835fb773f8d41595d52
SHA256b797fb6b458e0a33aa1d0031dbdbb8db6e65293206b6f54e8cf1e8e548b3e71d
SHA512017eca3077f0e92704c303d06fcad04678f9630a7aaeefc0f13191b914d0e9817a162d1fc520a802065bc085b5e4a3732dfc1aeb16b792631e56b9ff954ea395
-
Filesize
36KB
MD550574548b5df643328b48d6be27d8c7d
SHA1975cd437a5ed91cb35058d1995805c089b396174
SHA2564dc5ae6b48f15842b6e598fb029e3e3603ead8e0c1fc0a0390091054f7ca0bad
SHA512f24ff763d00cefc25b9a47fd77675148a95ebcfd5e7405eb3468956b76df389ae2bbaeae8ec4e02a4e3bbd7c8c9a6819ed200b77cba4854e802be2309a204ee7
-
Filesize
408KB
MD5a5d5ee680e9f219859d219917c88e21b
SHA1e9cd1fc4635005146575fdde21b70643141a0ed6
SHA2569b94fe3eb8ca0df719739a50ff1c442d4bbdaeface37f7b1cabc35f38ec2184f
SHA51273ef73a4f986dadd33c71e7765872fbcb62c27c3a9c4f518dda789a7fb8becb87b686957acac991fe88fd2e82bdf1629ee78d58f081028613047deb130d9c448
-
Filesize
408KB
MD51c8ca569b46927f0d21700cac221e8b3
SHA17a67551c31ec99bc0a5e8a4360ac1c3705da283b
SHA256fdfd86d916517896c18e3a3865e2f834a19a150356872728d107f66f74c1b0ea
SHA512dca0baafe871a447a9aa00c72b432d63827c193f0b18d676ea472c5fa80aa9e5ea87b47fa3cea06c1f3cd563eba69ec1eeaea5893fec3a200b025ac70c89459f
-
Filesize
61KB
MD58d773dc03b42bd25507a56805c0cdb88
SHA1b77f29b59405cb31d6358315c8712a3417183bb7
SHA256756b4183f76ee2fbe3ca8c39cfaaa1f315f37621bba14070a819bb3db6c0dd58
SHA512d9bbd42b5e601da08ff66249ac6540b1072981252508076e09b5df3ce139d969c01d16bfc9b7bc4c212f9d8c8668e5baa4bbaf5a077eaeb062c38afe7d6bb1cd
-
Filesize
187KB
MD51f389c3a4248b7aea5d036bbb7d5b1ab
SHA11b6879e48af33afedd9eecf4973cfb2ce480316a
SHA2566bf56fd0586b44ef394928cb2dc3db880d7149fa6c74ef4091a3efb8e11602b5
SHA512fb0734f04dd124e5bbe7c8ee27af91844ede3288d7ed6893993e5f38015e807f9d691b60dc205f1e0efb4f5b7cd036000fc19f49618154c251801cf968d31d3f
-
Filesize
408KB
MD590ab37de2f6f86f2004a10919ddb1009
SHA1570a88e8b6fc128042af678d339bb0e1bb5b45a9
SHA2569903f3cd24b7bb9cbd1302494512a61636826775a0e64adf046e53ae376c1062
SHA5126265cc20654c017158ebaaa6d270c73cf1c600e477f8c28a48c041e6dacb0356fc25b1aa2bbc0d02876161ac9463fe76df60558e0672fa01ed8bae39de41b1cd
-
Filesize
408KB
MD5be6b923d7950981617354ab3bba88ad5
SHA13d76580312317ae0c182d7ede93e6a5981e40a13
SHA256c745ecc9977ccf548f7ba08fd80907788288a302a2a7532880d03cb53296e7d4
SHA5126eb421c931c7d9447eddd9fa7856ac5e033a7e944af37e596bd2641ef10c2e7f1e5b0f35fb5f9bc000a696834a328d79567279ba230e13b2e557f953dce69d04
-
Filesize
313KB
MD51b22ef681b52e824cbdae46d92f79818
SHA16b28058016c21d866d428dfaeb4fd26e2f57475d
SHA2569cd8f43c79cea061dcdefd72981d22c15098453b1620559deb37b46f6dd8ef9e
SHA512a99ee9354caf9ede3fd5280bcd704a0611e7b86ff853c72556d02aaf1816c4e8863c96c51f02abd4b51ed000fbca0dc8d13e373e4f79353c0a400ea37c92d4f8
-
Filesize
45KB
MD566bfad9f5b452161ec7524164efbb73b
SHA18d120279219cb301b175d80718a0f76fcec08653
SHA2564cbae41ecf07a89bd4d886de875e48fe7d4c355e995ed57feecdcce9497b020c
SHA512c748595b679bbdaab0d9d9a16c25ac535741ae08248ac4d4cd1cebfe03d690d18405c737103fe1b6f6e1fc1a18b2717195654ae7d2670c4fe0c82ce7b0b39c4b
-
Filesize
408KB
MD5fca38d0dc4687214ab780ebbb503c1d4
SHA1c23e28c8332e862535412a1b1112faa9492121fc
SHA256176d78d6beee07b50a5724af02f53e247ed50f3a503ff71e26822e84935ef9e0
SHA5125d859f6d8f07e1bc8396b840e53db475af51b3e45dd937b6d310b232b4279225dd825c6d54b32468f0f242b1420db684b2c25dd76363c648a14e7846a8a206cc
-
Filesize
408KB
MD58c7b5137a699693f18d2074f2005b987
SHA16e44260b4358aa0e6670dcd02b88d8a6d674f8f7
SHA256e42297749bbc10046ae369c974b4c887a4c0743bd2463da70878e2a0dc70f0c7
SHA51257c83c1b6373b9083ac6ae88f157d162d6e858ae05987d1f5c08ef8e0b565308eba621b2da525e0c4d5e153cd333b56f1c56e7590b79d8a389bebd4a78d5c62b
-
Filesize
110KB
MD514308c72618cc28b7619fac5c188428a
SHA1310000ea088dc19cadc0e0eda002024e668e3b6e
SHA256089f7da9feb6ed159a11c4ec52817a49dc252a16c3e3edae11ade05bfecb1dcc
SHA512164d30e8606aa017b6f5f5e579a72f9f8a79f6cae42c60de80c6224b1a3557fa34d6a64f34ed276af2e3c32953ea156aeee8ab4d9bf198fbf858bff3f8b47ccf
-
Filesize
408KB
MD5672a9d162c198049e35ff75c3d829fc5
SHA16986340735b0906249ce26a7b0d1606779ce6746
SHA2569fd29fe4825c2880ad78b608d151444bfc436c73040df071130022f69087f729
SHA51275617da61883930c937dabc39c3b41bd6d22b27f7e67309ed1369f36ede89aff0763b91b0ac7541653709d519a7240ba9c7fffae4b075f942216ea1688c3b8b8
-
Filesize
408KB
MD59e0927542f273ce7ba24b05fa66c5cb3
SHA133623e48bf23f51a38fdd62d6df8063a034e00cb
SHA256b40d2c294b0525a42c3322aecf95699aea88bc2748f7f627ea5eddfa4af3cc32
SHA51233bdac042096698f00d223efa3d90c443fa73e79876a9978a905258e6da1ace244dbc23909069b29c3b76819ffca2cff74d0c00a1ea70f15242982d69ecf80b8