Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22/02/2024, 05:19
General
-
Target
2024-02-22_a69ef239f48dfa32d126bcc7e34d66d3_goldeneye.exe
-
Size
180KB
-
MD5
a69ef239f48dfa32d126bcc7e34d66d3
-
SHA1
95d02543cdbb4688a340f7446b6470c3f2594d8c
-
SHA256
c052255549416e9ec290b58fe344eb185c7d019cd95162151bd18a046cc33097
-
SHA512
cf452d21b24e960ac1a9a7abd11beb80edcfd6c664c2d8d664e7367ea2f98b7ea2835d5981feb83685e831b2c398725eeb50f2ae9fb3ea73fc47447cb3f9516d
-
SSDEEP
3072:jEGh0oSlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGYl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_a69ef239f48dfa32d126bcc7e34d66d3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_a69ef239f48dfa32d126bcc7e34d66d3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5B755379-7704-4b64-A805-6840D3D8B310}.exeC:\Windows\{5B755379-7704-4b64-A805-6840D3D8B310}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D90CF428-9B2A-4a8d-9709-8E8B0732ECD5}.exeC:\Windows\{D90CF428-9B2A-4a8d-9709-8E8B0732ECD5}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5EC528BD-46AD-4298-A646-12B5C2064CD6}.exeC:\Windows\{5EC528BD-46AD-4298-A646-12B5C2064CD6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5EC52~1.EXE > nul5⤵
-
-
C:\Windows\{E09C01A7-C8FC-40ce-BD58-EF35EB38F1CF}.exeC:\Windows\{E09C01A7-C8FC-40ce-BD58-EF35EB38F1CF}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{833CF578-3E63-4f9a-B17A-341BE3069DD7}.exeC:\Windows\{833CF578-3E63-4f9a-B17A-341BE3069DD7}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{05820FEF-9F5D-46da-9B30-BA32E931431A}.exeC:\Windows\{05820FEF-9F5D-46da-9B30-BA32E931431A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{05820~1.EXE > nul8⤵
-
-
C:\Windows\{C1CAF0DA-3A93-4541-BF67-D7652B34DC0C}.exeC:\Windows\{C1CAF0DA-3A93-4541-BF67-D7652B34DC0C}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A90F2407-698B-4e9b-A11F-DBD7DAF3EC6C}.exeC:\Windows\{A90F2407-698B-4e9b-A11F-DBD7DAF3EC6C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{89DA5269-2BF6-4786-BD91-71CB76793F67}.exeC:\Windows\{89DA5269-2BF6-4786-BD91-71CB76793F67}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A31F0911-2F2E-4e75-A58E-DB3630D83E0F}.exeC:\Windows\{A31F0911-2F2E-4e75-A58E-DB3630D83E0F}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C3A2FA5F-1AA5-4601-895B-6B56AA2C08EB}.exeC:\Windows\{C3A2FA5F-1AA5-4601-895B-6B56AA2C08EB}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A31F0~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{89DA5~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A90F2~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C1CAF~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{833CF~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E09C0~1.EXE > nul6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D90CF~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5B755~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5230a37dcab9a0ca74b8d0c5ec474654a
SHA1e465fc1648e2e830e2519fc3bb144415c7c82e8c
SHA2562287c5aed18d944adeedfb4289e269ce552469752de9747748a95baed52a9092
SHA512ddfaee910b4809878980348a75a6ce0aa942bb370dc326c4adee8e7285333016c1ee8ee39775c913d4f93a442426ea6e6c6488817bb14b150b19f732ccdb2859
-
Filesize
180KB
MD52ef360c68da806a403f990a6461f70c5
SHA178623391f6064edc6f0573e0f734888c720c3ebe
SHA256cd186a06324374c00931d2d4d82a500f31268cdd71493e044d1c01ca12d7c5d9
SHA512a1148dec6b45b8e4d7f55d1653b7b7ef95596b0eb6cbe952ccf5ebf0983dc3bb15f5f9bd7002f27feda186074e93fd470069e90c7bf8645914737c338ba9ac35
-
Filesize
180KB
MD595cd50fad28d5da18a8c67b5cdc89b81
SHA1b9b31aa07a9e73a6075fddd6027b52d50abe45b2
SHA25600c604b7daead4f4f296d7399d03685645249e94c84d0c3b7533f03282001c62
SHA512d8ff6324dc5c905c6762084c5128819716e30eef313e7e1dd7df3c24b5a388563e9204529006b37759bb0ef2505db4e4857446f866c209a818f7f0bf4b41856c
-
Filesize
180KB
MD5e312054dab17d8e65fc7bb67a9bb5a6c
SHA1fb7ff4701b9b0cab1ae1202ca0b382677ea44550
SHA256b99b53261b8d0d9076ddf1b94cbe09b0c04f75a81cf2747154a1b35dab2efac9
SHA51266cb0dd4d871a18cc3ce66898191174db85d2c25719f79418254964b952df0dfcd192f0700b13ab5cb2719c3d5fabbc89f8669e42e4459f850710cfa8cc81657
-
Filesize
5KB
MD534bc67e64361094aebdf0880ec3a03b9
SHA1bdd62bd41284d2f325dc7151c4feb3e572e8113f
SHA2566fdbe4983ec12a214d59949a9281e8956092ce8f026f6852f412f112fbf126e5
SHA512c72a4da39cf90d30074f185a362d478022bb48d5dd7b358153ce9740a9765d5a54ffb9067caba283de0971900a3bf1e36b3aae224fbf2d172104aaefd33796a0
-
Filesize
180KB
MD5e0707170d0e864c7153f3657067c8cd5
SHA1b08774381bbf723d37fa6c84d10e1086143dd030
SHA256999a7e5d979705dc1310f64d893996b75f31782eb0332851c4c8b84e2570de6b
SHA5129a3f99a89991f04eb90639ad3d992c62f946276f45d9a7307cdfeeb0d3746a442c8c17cd92210b69246f2e81cf2c0326dc8493009329616ea637071cd8af868d
-
Filesize
180KB
MD502dbd2bfdea659049d68dd7f4b50c605
SHA190f34eb6d71917b4b925b056f7fdfd79d14ea245
SHA2567744bf92ae852a02f5d50aa19e238ffde78c8c17ca2274afa61cfed7a1f8892b
SHA512822d4021544f91104a917e823eadd92786760b23432519fbdc020e5655a0f5025f5ca23a84218757f02c5cb18298246102fd35cf185b66991f9c850eb1bd3edf
-
Filesize
180KB
MD5a8e13b0e8b7365c371eb613f7f1ac556
SHA1e368ed9416d5edc569f5aef93260dc861bc18339
SHA25678b4637f71d3d9c22b5cb9c723592992a8e1906f2821b8934a0454fc46d6f265
SHA512eb944c6c916006f4d8f16641a28ba0974338cc5d00606dc3e1ebfcc03774a1d456901126ce2ce86dc4f1befc08a7dd4d3486305757ac651c1094e11b0e9dc895
-
Filesize
180KB
MD5ff97f2afe9ed76b6142c41638c52b8f3
SHA1f7bebf6c79b938b38ab4c51568ec7f50fe56e9cf
SHA25657699025b157a2793beb5253261370ae0be9a9a069c293276cb0e66aee969617
SHA512e66038a946f55b666699ea686229e5b295ffda4c94017c3ee12138cbd9cd38d806e40f8b05cdc43db99f63ddf6953caa36c5dfe45c43ea9e77a9e89495f08b0d
-
Filesize
180KB
MD5cb402298e156506f375128899cf1e435
SHA13ed53b68bc72c2792946d298d7fdb8a6c3e1d82d
SHA256693ee10b016588b553665f2ea4c9979a99563b0ec2343b8820b932bcc80b1690
SHA512613cc944c370a3a501c7f4af05f08b388c05c738d5c9f05f5f3048a14d886d77daee25a2eba322f0a915389ac0f06e62c1a20218237484af68ba9a3a324a6c51
-
Filesize
180KB
MD5780809cd8cedba71ce97ad5abfea7e34
SHA123bcb1fead83aa6b9ceca46efb918da0231a945a
SHA25621c9d5a6d788d760cc97feb4e5d86f80a417f97146a2fd6a250e7c840c906e1f
SHA51237f1a3bf4479fb4ca126b0bda135b6ddf4843bbc9addbf3e8b25f82013c3abc458118c6028db944a3c7976eb95f13865a21aa8e0cd316f7215b05567452c90f3
-
Filesize
180KB
MD5bc36501514133ea39666ce68cdbe2763
SHA116be1ed9c69ea1fa047663c214b55518dde13734
SHA256e08cf6617c2eddfcaf13abd41f99ef901f8a140c069de24480414ca3c5c103ad
SHA512f4a8cf9c3633334297922fbce7adb7c1a3bf5ca73584782869446b42b0b9c2b22374053dd6206203b28cdb426a6fafc461e9aa99dc6d03eece648c79e6b2921f