Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22/02/2024, 08:38
General
-
Target
2024-02-22_6f360bf34160ce1c1d4eceb2f1b8ebe9_goldeneye.exe
-
Size
197KB
-
MD5
6f360bf34160ce1c1d4eceb2f1b8ebe9
-
SHA1
05dda87170ab591591b3db0a58a89e4f4796d291
-
SHA256
52505143d91cc995066bf962444dd2a645913e5904dc6ba012679c08f3f6c868
-
SHA512
516baaf60d332473dbaf50bc529b791af76110d50a97cc49c83d2b42dbf572b43f82813e3b033e65b945960a0c629fbe347dd2f641b067dc7153d7ffb3324dfa
-
SSDEEP
3072:jEGh0oVl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGvlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_6f360bf34160ce1c1d4eceb2f1b8ebe9_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_6f360bf34160ce1c1d4eceb2f1b8ebe9_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E208A0E8-C687-451f-9C8C-314262539982}.exeC:\Windows\{E208A0E8-C687-451f-9C8C-314262539982}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3A356A39-1520-4ca1-BB2D-78EB9CAA3869}.exeC:\Windows\{3A356A39-1520-4ca1-BB2D-78EB9CAA3869}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3A356~1.EXE > nul4⤵
-
-
C:\Windows\{B4AB2013-5F1E-4bf2-AD43-7DE98EB6F14A}.exeC:\Windows\{B4AB2013-5F1E-4bf2-AD43-7DE98EB6F14A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B4AB2~1.EXE > nul5⤵
-
-
C:\Windows\{7A2230B1-1C51-40f7-BCF8-AE2BC5642B33}.exeC:\Windows\{7A2230B1-1C51-40f7-BCF8-AE2BC5642B33}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7CAD9F45-D099-43a6-9EBB-C54A9660A3E8}.exeC:\Windows\{7CAD9F45-D099-43a6-9EBB-C54A9660A3E8}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7CAD9~1.EXE > nul7⤵
-
-
C:\Windows\{50D74FFD-7A21-49d6-98CA-253557918333}.exeC:\Windows\{50D74FFD-7A21-49d6-98CA-253557918333}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50D74~1.EXE > nul8⤵
-
-
C:\Windows\{AB984D00-33B4-4d8c-8EED-E8F95C68B837}.exeC:\Windows\{AB984D00-33B4-4d8c-8EED-E8F95C68B837}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F842D0CE-D478-45b2-8A61-1AC6B022FE3E}.exeC:\Windows\{F842D0CE-D478-45b2-8A61-1AC6B022FE3E}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{553127CE-52E7-49ca-9EAE-DA0E85E1B1C2}.exeC:\Windows\{553127CE-52E7-49ca-9EAE-DA0E85E1B1C2}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{55312~1.EXE > nul11⤵
-
-
C:\Windows\{C507CF5E-CF68-4f93-AEAB-3365CD58184D}.exeC:\Windows\{C507CF5E-CF68-4f93-AEAB-3365CD58184D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C507C~1.EXE > nul12⤵
-
-
C:\Windows\{825EE112-3109-44b2-845C-E7670BF1DE3F}.exeC:\Windows\{825EE112-3109-44b2-845C-E7670BF1DE3F}.exe12⤵
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F842D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB984~1.EXE > nul9⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7A223~1.EXE > nul6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E208A~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5a252679dad526c400ed398f7b15e9f2c
SHA1c3383ccceafd208ba7af17f98e1250b3607a5ca8
SHA256d9a3f7a926e7132ff21b629c53afea189b6c5fcae0497379328fc5147247de55
SHA512641caf0a26e31154c0eb13cf50aa712e9891ffb666875f000ce94ee430612a72c82c467ab55228358e98ffb0a70f0c36449011f6d353ba3a3e91eaa68d7c1f85
-
Filesize
197KB
MD535b092188ae3d82433bed392de2f00a2
SHA1f055ddf51b7203648a1eb27647df84aaff05e3e8
SHA2563ad1bfad6f18bb3f37ceaed4ee0abb734afd42b9571184772922c5752241aa32
SHA512a72f6b269048b63a9efe522e1c44f09b2e9408d4809314958029ddd81341cd385a39d9de8b02350f04456380a6afbbccdf770b0ed83662c8ef2a57d912410f29
-
Filesize
197KB
MD55f4b4bbfb6f99d31098874da0e6c6588
SHA10e88b646b95ef2e72a1e5079840d4f76b49e5811
SHA2560c773680c9fbbbc31ca4a84f61f98a940fd025e7ca06ec9f42344d053f91f263
SHA512843af31c9f903c0b36b3d9d427b37b536d57381641bb24c8e710a297ebb96e8ab4de4cc727c5f6843943b0f5d539df78b80c510c5df9dfc6a97a81b3ee9b6a7c
-
Filesize
197KB
MD55a1eb06490aeb2002efea6d7593cae76
SHA17e7169efee628b0b230504ed68f845fe2f366e1c
SHA256912f19a4c0175096a01f054c0e3bf1b97c65f2b142ce7bbd6b0c0a31ce12731c
SHA5129adf891effdab49b6c4a8ef9e2b244e5cefc5544b44cb7bdd61ca1ef3f401d06f2e7b16a6136c285398073a4801afd602d914e25e9980afdea614decec107f17
-
Filesize
197KB
MD5b1602fbe22f239660aca99078f0501a7
SHA18e010dd7855ed6efc0dbb7feae7f3f9d63a3f6c5
SHA25667fa060cafb2f5843a13e8409ff0889edf03e3db65780bbd2050ae818fdf6353
SHA512fd1f16c1508e42b1c02d602d165f87d598fda7be8c60e9a3cc761f37ea54c16de4cc56ca55a658a43dc59dce7b2af8882638e8c6faf16eb0a0dd15b6647b1689
-
Filesize
197KB
MD5d06fdb9d4f7093aca49e3f087db03ce7
SHA19b111c8db3c3a13cea1832009af039309d0af763
SHA256fa2ae383122b1b26a7b4b9664b79bdf7a322e41ce9d593df29e3605027c48fda
SHA512c2a85229f1bab59f2ccd07f6fb186bf9d5e37d5fd53655d83b1d3e68766ced0de0f0bd4f4e5f375bf2793159248e354890748717af50a232bffc7d26cbf01941
-
Filesize
197KB
MD53fec34572019dbb59dfc18624f711629
SHA1544b12147800223a6ab11c458de8f2cb29b98b60
SHA25657b77924a145a92c3e21487e2e3bb55f1420cc4592e6aa3a30ee55adc72392a2
SHA512216495f818b8131bdf931170d68280b4cbd84caa75b34bb178e9550ea55433a4e11b6dcc03082277733e7f8fb547782d9e84102ceeb0eb2b75760e34e9cf6c8a
-
Filesize
197KB
MD5e3d77b4520b1473525c5f236ed84ec6b
SHA1482ed9f57f6e61bca520eef01ca9e639dea81290
SHA2567df5de63d0e4b0928c788c1e6fdb2dbf880c000ab966631a4eecd042f2dca2ae
SHA5128ce3b3ff2de072e8b7299eef88a0af780c94c3124bbba4f33c40c24f04d8547c4e67bdbecacb810dc2673e9d8fd7627b3938f7cc8e7984e57506065d63780068
-
Filesize
197KB
MD5e71837977a8e69643fa30a0be9cbd653
SHA1241a239865cc85c09f9920716bdbecb659642258
SHA256556e321220906d15a32817b1373cd16cf516c1cda0561e5754e12c5080f86144
SHA512c6b0c2ccf2d6fea8fbd09b797e60edf8aaa270e8a808716f500681b4c67f2c4198ae2bc7fe55d9655328dd4a430fe423a15335f873767d824f14eccfa4c297f4
-
Filesize
197KB
MD58acde159b302134a53b205a24913917f
SHA1d3fae37d86aa55aca069985e3f887b3ce51c60c5
SHA256b8a9141754446fb12078169ba03aae2896f44085880997d57827a48942a0b3cf
SHA512b15a08b0c5d1d7bd3a05bc0e756b33f5e7593f6bdebdb1ac3d62d1413f97a288689970e297365e110369894258fc87f2b1069729d2ae8a730dda8844b9186ba8
-
Filesize
197KB
MD5722a1fd31b94cfba63686fb71e18e959
SHA182d92cc3b0415213c9e597fd6599f884bcfeb788
SHA2569243f006cd02e15f75ad1283aee0e83c0ec89d1e448bac7dd01f2c38384ec472
SHA512537a4bd44d7f63e4f6955cecab6c93256ee5b1f862b8c95c2a6085dd40b700e09e8b6202cc660a7921a16c03c8ff8bda559759c3233eb946f1820e2966c7c5f2