Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/02/2024, 00:45
General
-
Target
2024-02-24_b87175affe74cb1305f2d8383826728f_goldeneye.exe
-
Size
180KB
-
MD5
b87175affe74cb1305f2d8383826728f
-
SHA1
6cf29189c1611543ec59113be3c91f7fc29f6536
-
SHA256
1e6039605396bbee327425190158bce3df091a407e571bb66c415acde668ec0d
-
SHA512
34558dc0b9bd3d35515eb69eb0263249f1c732698e38fec19998e2433398bbff09c3eb4151d58cceb8d6a51d50f2fa819d4db873c0a407814b673d22f6261233
-
SSDEEP
3072:jEGh0oSlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGkl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_b87175affe74cb1305f2d8383826728f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_b87175affe74cb1305f2d8383826728f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3A62A6A1-E93E-4130-96BF-645F2DFF1E9F}.exeC:\Windows\{3A62A6A1-E93E-4130-96BF-645F2DFF1E9F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EF7580A0-F305-4078-9FF5-35A8C15DACDB}.exeC:\Windows\{EF7580A0-F305-4078-9FF5-35A8C15DACDB}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EF758~1.EXE > nul4⤵
-
-
C:\Windows\{C23BCD0D-81C2-463d-ABF0-7EE74176A9BB}.exeC:\Windows\{C23BCD0D-81C2-463d-ABF0-7EE74176A9BB}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94A7ED64-E88E-4ae2-A129-8FE9225A9745}.exeC:\Windows\{94A7ED64-E88E-4ae2-A129-8FE9225A9745}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{37674D7B-2E39-4c82-965A-7F95DD9E622B}.exeC:\Windows\{37674D7B-2E39-4c82-965A-7F95DD9E622B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{78B526A7-4665-4f13-AF5D-D6AFFDE469F0}.exeC:\Windows\{78B526A7-4665-4f13-AF5D-D6AFFDE469F0}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{82635CCE-7B31-4755-BC35-4D76E519982C}.exeC:\Windows\{82635CCE-7B31-4755-BC35-4D76E519982C}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{82635~1.EXE > nul9⤵
-
-
C:\Windows\{49D6D783-84DA-46e3-8D54-DF9C1C15E073}.exeC:\Windows\{49D6D783-84DA-46e3-8D54-DF9C1C15E073}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B4F0D1AF-A04A-4fc5-9C60-1EDB4056F6C7}.exeC:\Windows\{B4F0D1AF-A04A-4fc5-9C60-1EDB4056F6C7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{59DC912B-34EF-47e7-8B1A-F110DDB3A77A}.exeC:\Windows\{59DC912B-34EF-47e7-8B1A-F110DDB3A77A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59DC9~1.EXE > nul12⤵
-
-
C:\Windows\{D463CC04-DDFC-4bd1-A68C-B686DCF16D39}.exeC:\Windows\{D463CC04-DDFC-4bd1-A68C-B686DCF16D39}.exe12⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B4F0D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{49D6D~1.EXE > nul10⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{78B52~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{37674~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94A7E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C23BC~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3A62A~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5a5c0d9119869265d9e1ddd0ba38043e5
SHA1aef26813f5b1d46c9740cf3d9d24ecf3dd65dbdd
SHA256f30dff29aef394e2c1376f69dbf12f9fbdf80a44698b3286f996cbe3298c46a0
SHA512af9ab66f0d2bc5fa07eb81c2a870a4b2bb7b8f1f910c15363dfdcec813b129cbc1c4a74838a2a521713f289cbfa5b804650de2972f22804fb484778b9f166de0
-
Filesize
180KB
MD5d3239557724499a86d6fc9489c9359c0
SHA102ad19eab4a4a9339e2cbd6a4136528fdd90ef41
SHA2569e8a6b1df36aa99dc718520e1f7eb0b5ee5313614d01b1ad5533cdb6f8a8f116
SHA51282656b256d82c70b14544928b595e19e47780682b741bef6ac1a0c9df641216f49216ad3c2aaf8a0d908e012fd017905403790de3302f3e647f2f024f632c1b6
-
Filesize
180KB
MD5a7e7b48e57f40f3cc79932b2d94f0c36
SHA1a081cffbc7d7fa996b3996d738d1062fa2b92f1a
SHA2568a4647f611d038f663e305cb0c693f54afda25decea618bce299e510dfffcf5f
SHA512aa2ac888c235e90f3842ab1e39ba8cbb3ce1c17eda8adbea4055fd3ea866ad5a36d0bc17d034b722aaca6e0438da4f43d343888a57abcc0a4e4bb02375ca5c21
-
Filesize
180KB
MD5051fc8c97dda9921a9565a79dfd9a59f
SHA1aee869e9afd8c655b9f719d5b4d5ae9a8f147057
SHA256b75211a18673edd8c9149fe2887d9c492b09549d0b055c3de28a937eb0db7ce8
SHA51292d6aa62dd68cbf4cd5daa3a0bf40c9e193cef27dbe3698c587267a03ae9f2b80acee91b106fe0b219159418cfae9536bbef60ffde4719b4e9dfe6f809e5b2d1
-
Filesize
180KB
MD597760325346f90d7aea2116f44145fa5
SHA142da2e90c77fd05e5a8bdeb2418367f68d2ec87c
SHA2562bce0adcdeab85aef95a8571f021d221967f5b0135d1a81a4c6f848d280cd0c6
SHA5120e7f83c2d8b77e101f1f779a988e248b23c475c478f3e2084fc43a52871fcd991dd9aa4e7fb39ff1a547ced8d4e17ea0d9efde61e3757a342f27a757af3113c1
-
Filesize
180KB
MD5f196f9445787c33e14f8b8fb98f7fa81
SHA18c208d8f88bbab075f3fa3d75778597add475e84
SHA256f896ed835d33580e38a41472623773cef966014b1f1be7efe4226964899a93d7
SHA512f4fb77ae54b187a126c66085e6b61900dd8e15e4023eed8c9214c1313835975e8057dbd73050fc676de72f97c3b1ad557eda70cb595ed8bbcac41796230782e3
-
Filesize
180KB
MD5cc4a1eb10100dddebdfb2d2cd7bef718
SHA1cecc24365e395af2d5c25dc5330a209bafbad30a
SHA2562318e4901b3c4e20a7ed40eb679e0cb7fb17764a1df71f7d589fe277948a5c13
SHA512515f393fe82b4ca1b26773450d535cf048524ab585cf71dcb945e4cbc3df42ade6ff42fc4ca6369255fef04afbd0d0e60f504ed74c5c731875e53e7d2359d305
-
Filesize
180KB
MD5ffe5b8019749bd9b18e66064bde08772
SHA1efd02825eab1c543cc8f602b4cccac554a35a583
SHA256e5b55b37cee33d6c2a02fa377a96c309f51ada066bb75ffda2a0b1744bd787c7
SHA512131974c28b04d71fc814810114a1934b1491fd9b585f3290f1ac9b4a9936f32779dcb06fe69834b912c4401b0a7384f61ab18baebea00ebea6856bc95abd4b59
-
Filesize
180KB
MD5db388c3b29e7e34c55edfa419a92a1f7
SHA1eefaa28d4f22e50cf77c0469d2b293685cfc4278
SHA256a3d730d8f89f428bb59105ecacb26f675058cffa318d3e3ebb3d9164d2e9602d
SHA512c038f5f7afaf1a28773ed9db3f183a38159842713bc81a654e1520de26ff6e547a6c42f174bce6cd44221d3bb3f7400b88493cad050a9eebea4fd02212ed1aa8
-
Filesize
180KB
MD50282b9084e325ed3577789afd005d5cd
SHA15470d051e2f6e27d290973e0776f19f274325eb1
SHA256a02b4750b60e278bfe6382012e20aaa0cbb968a6a08036d11fd33903a7484467
SHA5128794922b6ba50a1dd9b9e9fe085c9225b82022b7f6cfdc48f63fb306e229ba2b1d591ece0fe178b8f5aed7aed84eace599d19974d483de9d21d8f2487390a85d
-
Filesize
180KB
MD554595311cba78fd9878c01a19c50350b
SHA12c3c99b3ec2cc66fc8dd2b1ddef35873a3debe9d
SHA25646bf3a7d12323f33ed10246570f0143cca7e4115fb399552a12bf2055075c64e
SHA512b9504ef0bec420385cd349ce1f639fd5e5b0207f19a605844f8b9ff37ded0948e9ae058648dcdeef6e761e3ae38965865f77240dfab1e66281ff72733937f29b