Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
23/02/2024, 10:02
General
-
Target
2024-02-23_db435dd7189fa75b8dc97ce4e36f90a5_goldeneye.exe
-
Size
168KB
-
MD5
db435dd7189fa75b8dc97ce4e36f90a5
-
SHA1
d444c8025c30c10c95904404c3bb6482630b7047
-
SHA256
b0275712a85ca0a5117febe4d7f1e6bdd819360c95595784a18effd26c9244db
-
SHA512
3490f578519595314ed2763734eeb2ee785e67e98a71b22672ea57ab6f116a6a3886ba339c633263a049fbffec67b0a804811d4578066517c951b4691983987a
-
SSDEEP
1536:1EGh0omlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0omlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_db435dd7189fa75b8dc97ce4e36f90a5_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_db435dd7189fa75b8dc97ce4e36f90a5_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FF02A9A9-8653-41a5-B1A4-685B2DCE7F95}.exeC:\Windows\{FF02A9A9-8653-41a5-B1A4-685B2DCE7F95}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{85A42440-3F8E-458f-BAAE-EC02CA81E137}.exeC:\Windows\{85A42440-3F8E-458f-BAAE-EC02CA81E137}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{85A42~1.EXE > nul4⤵
-
-
C:\Windows\{3B906A2C-586E-447b-8BC3-A62AD4AB1BDB}.exeC:\Windows\{3B906A2C-586E-447b-8BC3-A62AD4AB1BDB}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6B367F91-A65B-46b2-8B97-779E734B6BF3}.exeC:\Windows\{6B367F91-A65B-46b2-8B97-779E734B6BF3}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{22A8A854-F76A-49b6-B76E-DA3B2D527795}.exeC:\Windows\{22A8A854-F76A-49b6-B76E-DA3B2D527795}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{95DB04F7-7828-4700-975C-22A5D1696E10}.exeC:\Windows\{95DB04F7-7828-4700-975C-22A5D1696E10}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1A9130AC-7FAB-4496-97DE-C49E332C78F5}.exeC:\Windows\{1A9130AC-7FAB-4496-97DE-C49E332C78F5}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9BA3A015-CA49-4423-AB12-977EEBE0F702}.exeC:\Windows\{9BA3A015-CA49-4423-AB12-977EEBE0F702}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0BDADED2-1A04-4d17-953A-871FDA93BE8A}.exeC:\Windows\{0BDADED2-1A04-4d17-953A-871FDA93BE8A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{15BDE677-D8D9-49ea-BE55-E00B940354B1}.exeC:\Windows\{15BDE677-D8D9-49ea-BE55-E00B940354B1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{15BDE~1.EXE > nul12⤵
-
-
C:\Windows\{CCFA0A1E-83A8-4dc7-871B-BD6BB8A739A8}.exeC:\Windows\{CCFA0A1E-83A8-4dc7-871B-BD6BB8A739A8}.exe12⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0BDAD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9BA3A~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1A913~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{95DB0~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{22A8A~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6B367~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B906~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FF02A~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD55855b56140a0b01f45f6e4bd27f76b33
SHA145a7d7e89685157f363af4361af17d8b57b39ae0
SHA25601d1d301e1e7ffbf8c9b9faadfdc3cfb47d6f435d3a7b032b3316e8cd351ce15
SHA51271e1573cd7c9191e28c25f6cb71241a70015f8410adddc1a7df97dd33fc21a879ba52ec7efb6b55254352751a2446ffcf98a83e9740d83e46a534accbf4e6ee5
-
Filesize
27KB
MD5ac55a7b47c15edf178dfc1d263dfbfdd
SHA1d217c3f6c486b0e76aa041a3bdae56916e2c6a22
SHA25670ee66feed006f8596999f7d83b0044ef19dc706fd9e99084bfe5e11f7714ff6
SHA5126cdab9bcc78e70e8f3ac82849bf4e4e58b54b120d84548667df659b2f982ef7251e39da7f3b02a4d4373ca70269e16404038bd6a687dd04d60966a26fc191e8e
-
Filesize
168KB
MD5b29867417116718be81fcf0840283f9d
SHA123220d42dc4f8d59148fd5456235053e32040aca
SHA25669692417d88c109ea27ababf179ae8bf4680843ddb0faf939b00b9dfedd54155
SHA5124696379d28ba65a65b43bbf7da023e8bf5bf3b1c3b2162ab918e3ad574091d4427aeb269127d473c81730dc6c4e338ad6e5231ff58b0fb803c54dbb061847faa
-
Filesize
168KB
MD54bc22e79c1a91148c5be8fcc6af8467e
SHA155950e0630aae96ab1adc2fab560c942df2341d2
SHA25688beebc353997f14f8e53e5fb12da4221db6fcd55e2e7f5d141355e951f9ad59
SHA5128a7cae1e179de205c43659305382d736e0dff850a638eddfdc729504dba4b28c5419df62f720655680010fa7e2f53863a2614312c7c44f33b6e802bef0f87081
-
Filesize
168KB
MD50d017414d75d92d664dbbe96f19c5611
SHA155a7f748580f5e0cead666395446ddf316fa2b3a
SHA2567df795f2f0fcb787434b385de95eead6231ba69bde8bfc327076e1264a4867aa
SHA5120f27e54d79c4d3402c926e5235b87fc5c441145f63a2bbe3b602709eb7ee2b28b859a5da832a6cbc1235b0362dd2a1c0b61379cccc75d507790b45371032a72d
-
Filesize
168KB
MD5545a0b8212ff7fc184e70bcd96699f24
SHA1fb9ff566465a93d10c5069a3e8b6588058ec1cd8
SHA25604bb8db9a226bb52288e39f961b585e508d79e1a0ecf9ba722e4ab06cb81f676
SHA512b4f0aef864dafbd67e358843d185e98bb944c70b39309ad35f415736681b0d5cda643e7f523d5e837951774ec5edf3e0daae9150e0be0e4c4444661d7740a5de
-
Filesize
168KB
MD5577ee549bd26258f44fd2776f262007f
SHA111673f2ed3b2b013554bd07ad84c43485976b00a
SHA256381d03d8dbef0407de3b20caa6a12cf4650478b52537ae89dd89a25a8b01f26a
SHA51232d740238729a5dabc85fce71e59fd2e0dd96a0dffd51573bc5dbccc5be0ad6f54ef67f25cb141dac7338d73dd40918f45dcd254c785b8ab68438e853fb97f43
-
Filesize
168KB
MD510d8e46ef18490acb770937fa48ec2a0
SHA15e399b634ad81272ff9abe5902c409619383d6bd
SHA256cdb205579ced7f7ac8b4e199d5364950bb579e222235a42bc251e3633e826ad6
SHA51242fb426c17c313003c53c3cc4ba7f4eb3d58f6af1841622a780f3f90d8018591664bf1f66427cecb1d2fc056fef6bf9bda2b28f7a1d12a9938a4ad3ff551c216
-
Filesize
168KB
MD58bb57cc632b81e301b3d0a27650939bf
SHA1ae4fafd68551db369eac2026725bd42cc637c713
SHA256b90098628d0a35282b91f230a7ee7b9e4905cd7d76e47ec0a810d0b039d0377c
SHA512e3799838402d9100d1ceb4b4d7345dc9097ad936e4161fab5832716dea7dc3c775786deaba9166bf4ad04c74bec86270a47f1d0ada95bcc5c98aa9cf70babdff
-
Filesize
168KB
MD54f319a8e7c95407cedca7f960012fabc
SHA1efcd5c344eb405b94f626ac4faff3d798c288340
SHA2565cff29382ea337e5b02563e622b03b73cbce155e957e6618bab4d73daeb03add
SHA512d8015a389545c6f632a3544c38b35715ba9e8de460c44ee8caedf4a2fb55a3dd458b8155d7452699d54e73ebf6d806c8ffe5acf7f6ac279874f53c373648b185
-
Filesize
168KB
MD565afaa24eaf7d437898514e306104cce
SHA18bdf32c8e14f53abb777a7eb2b6fc2acd0206256
SHA256a879c5e8095b717311962d7218c039e6f5a89d2abd031924152306d698b535b2
SHA5125003728cc8edce101d5d8636b28c6cb83962fed6bcbe6c0a2e07b70d134a7cabe8f6b2a4ce74e666d405261647fb4aa56c90a7ad210e5e192e86c8bc20491361
-
Filesize
168KB
MD51a0adb2106d6a248c0b0b1268e557af5
SHA1f312d2d18ae6fe38a390477269a9a36b5c7c6265
SHA2567a74bb75d33856907d2c49e36d3dbd9a33d987cccda2bde6e984c4e92d09d9a3
SHA51292733adc060dd471bf0ce2ff70bd44e1939415ec3256642569eb6e1d5cbc207bdc65a3a77f557b361150db5e07d3a2388a2f33d3d499fd38f6b51c4d725d6d4e