Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23/02/2024, 19:45
General
-
Target
2024-02-23_428ddc3e6785990246a0fe67aac3210e_goldeneye.exe
-
Size
380KB
-
MD5
428ddc3e6785990246a0fe67aac3210e
-
SHA1
0410435b812cef2f05b73a86ca093627941416d5
-
SHA256
e90d277dfdcfb33abe1a9f6df0eb6039605bdb522ecca2b943dbcc8ea18a5bf2
-
SHA512
4a493786776f0fd282cb1a4a0875253ccca4e7f038bd68efcadc806ee4d967049fdb9cea88efbc9f8a22839f489a5c0440fd885a086c424cd6152267fccd4886
-
SSDEEP
3072:mEGh0o7lPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGhl7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-23_428ddc3e6785990246a0fe67aac3210e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-23_428ddc3e6785990246a0fe67aac3210e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9E84BE00-A59C-471b-9A2A-0084C882E825}.exeC:\Windows\{9E84BE00-A59C-471b-9A2A-0084C882E825}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9E84B~1.EXE > nul3⤵
-
-
C:\Windows\{2A0B0061-9409-4b98-A68B-3F73C29EB690}.exeC:\Windows\{2A0B0061-9409-4b98-A68B-3F73C29EB690}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{28174DF3-11AB-42e9-8E53-54705A5C570A}.exeC:\Windows\{28174DF3-11AB-42e9-8E53-54705A5C570A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1C342A11-3852-4d56-8B12-B2EDE13F5B11}.exeC:\Windows\{1C342A11-3852-4d56-8B12-B2EDE13F5B11}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{40A8F21C-0A2D-484b-BF9B-3DC27D4A34B5}.exeC:\Windows\{40A8F21C-0A2D-484b-BF9B-3DC27D4A34B5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2F42CF47-B570-4a1a-90B0-575A25565DC9}.exeC:\Windows\{2F42CF47-B570-4a1a-90B0-575A25565DC9}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8659DC7C-2097-4167-9AFE-09E36A14D79A}.exeC:\Windows\{8659DC7C-2097-4167-9AFE-09E36A14D79A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8659D~1.EXE > nul9⤵
-
-
C:\Windows\{8951A440-E3D0-42c9-8F53-34534A3AF0F0}.exeC:\Windows\{8951A440-E3D0-42c9-8F53-34534A3AF0F0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8951A~1.EXE > nul10⤵
-
-
C:\Windows\{78234088-3C69-45eb-B762-E34D6D9E0826}.exeC:\Windows\{78234088-3C69-45eb-B762-E34D6D9E0826}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{76AA4372-9D43-49ae-B37D-447C2422AAC9}.exeC:\Windows\{76AA4372-9D43-49ae-B37D-447C2422AAC9}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8B9200CF-D571-436c-AFA6-FC2E54B969BC}.exeC:\Windows\{8B9200CF-D571-436c-AFA6-FC2E54B969BC}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{76AA4~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{78234~1.EXE > nul11⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2F42C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{40A8F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C342~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{28174~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A0B0~1.EXE > nul4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD5a61a915028a483edf494179a8d69c3fc
SHA1c83b71ce5f7543e4f5001608b932255883602291
SHA256844816de165342f604f69e0f0cd9d2a199578e7b9f7ea6aacaea51f63108bbec
SHA512fefa2d003ca84754bf495352352992f36cd0855d51da2f766c3f81dab21108ed43b4c280f9a06a63860d0e2fc64d311cb3888f6cd2d985fd84aea9e718431a33
-
Filesize
380KB
MD54d69c553ad6724426d10a571d8518bd0
SHA174bd568f491b20340256184700645974226191cc
SHA2567c3d761430ea7ea0a1d67a1fd6effc53d02c05d101f826f74c566eba0aec9a23
SHA512cf3dfd4d9f808ff102e660928e5570133f11e95d2334409147d874bf2a16dec0b6385e0e4ed2f890f4187f6484528f9e378c7e492fd303a8f6c3b88f39881c47
-
Filesize
380KB
MD57b1dfbd65934470aa3d74870a28a510f
SHA19f80127f870f70a44906f00b1049e4602df848a0
SHA256d1228102ec19bb8a1cee3652095a30174340f3e325a51447d20efbe96ac462dc
SHA51211dd9ee649ba56bdd17b594de87e82bd1f9b4c8470db92b3a304ddd688d3d40c78576b0dd03b15233307d15795bfa74de396f0ef0c369cd0c36fbcab168d2a2b
-
Filesize
380KB
MD530a8d726e91b2de83e13069d5826d1c7
SHA1122741fd15f642d0340da96111bed801033eecbf
SHA2564f241151f8195e30974c552815f10e3f27c29d2714e3d74b77e5c5699953652f
SHA5122139c87dda4e8c739c12195d739155f995b82c47e4f0ec865c828dd6a20b6849a45338a2c6280b7b60d38182cf3a92036d9d20609e0c347cd59b3785d4dd4d7c
-
Filesize
380KB
MD5fdf7aef6d65a140c3ecc6ebd8e033e86
SHA172d247a707e3bdb07743c1166c5e68b598e13955
SHA256c0b276e7162acc91945ab93ceeb2f14b4cdd8e0a80649883347f0ca7fe009ba3
SHA5121d0dbdfa13bea1fb856dae1e94bbf354dcab5fa2d64a8bde6afaadde3c90fc73dc7ef3216f8bc66049852d77dcbff9c9058871b9b91ace9a7581704d89c4e10b
-
Filesize
380KB
MD53903ec089535e782bcfcc90a5cd57677
SHA1d9fb263e608501a2e7b58a020299ee601dd5b662
SHA2564d1bc000208497e853e3b6254cfcf4542caf75ab41903ce52d645ed07b3065d8
SHA5121bd815f2b3625806d963c54241933fd25ac97ce574dada8ae642528476420e29c2448e6e076ba38b89da593226a431f630f0706cbd83a5ed64966fee75cb1bd7
-
Filesize
380KB
MD587b151220fda3b267fd75a1031987c67
SHA173d2dc0c2cc59429480ca3f24d3b1852e99e5ae1
SHA2566488551aea960297379a5fe30c27443bbdd2aa69c368a5d33955987bbccbcb1b
SHA5128d0cec735ebaa3e1bac2ec163f6b207160038654025fcb577e501310e19e2363076d89870f88955df9d9971885c1c977c7654d34a6961a59ff3bc88643c9fe50
-
Filesize
380KB
MD52bcc574ce0a676b60f77d5a48104899e
SHA1b89daa5ec705138ff87960885601d59295f7ec14
SHA2560ed9203749ebb29675ac0c07c3c384d934488946dce753bfb7cf033f6272b11e
SHA512a9f3e4c1a7a800b34ee2758b8874d816ec5f62155394a327b6ec194aa0b363e07203236c32502d2a796797553bdc861c2dc10c91f5c3c8a742c621e207935597
-
Filesize
380KB
MD5b0f971be6ebd599849e2f0f22023aa53
SHA19ae5b3f9d2555752083b86022182e62dd2f5c18c
SHA25664225dd7b7777868ec9dbf8a0ebb476ac88e0ffc220c8ca1ccc62ed8deac24e3
SHA5124361e502328929b9e0472b85b5534f24278c736120d1fb73010a92eaafa70e78ad891a938594359db81d63addeed8f398862c0438a24f14f830ba41254e5f366
-
Filesize
380KB
MD5886927d5322c6a3e5afa3753ecf6f79b
SHA16b9ade2df3a967b8459284019d92111917566f49
SHA256ac93319feebf22b564bb12d1b42e56611bf5c6e0f7ebd9da22e48bd4c20f1d23
SHA5127f1e81159be1f6b04e2642b4f625aa5722e5151b37ca41c97924eabaa06b5a688e0169b0a018c188248b0742e80b168f2705692443d4785c35b7a99b0f8e90c9
-
Filesize
380KB
MD59e8553f84b88fa402c515eda258fbb87
SHA16d8d236013c4572fa3623e1763d3af61dae6c934
SHA2564f15b458f7a2a67214dc60fc8e7211f6a37e799809866417487fd0a25022c354
SHA512dac6b84320290a5e88a4d6890c956c6384d82202f73bceec7789a6a226c3aa8c1a235f4fce7d27b35c72ee542f6913781a083fdde73bd44e2631d18a1d5f939f