Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
24-02-2024 13:23
General
-
Target
2024-02-24_00ab29d8d05cbf256e67f37b3fa822dc_goldeneye.exe
-
Size
204KB
-
MD5
00ab29d8d05cbf256e67f37b3fa822dc
-
SHA1
d94aaa931d86c801557682ae025025b26fe27df7
-
SHA256
cada12268686abad041381b6ae5b6f5afb5245f57bf9781e5053ecdbdcf11174
-
SHA512
bf20a2b17ea551b8ffb29c0f027f1e9e3d2096bad490bd8f44164bc087abbe4eaae45f3bb7fc93ec8236be3a051e5337faae0ba9a418691a2fdb8a196408180d
-
SSDEEP
1536:1EGh0oMl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oMl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_00ab29d8d05cbf256e67f37b3fa822dc_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_00ab29d8d05cbf256e67f37b3fa822dc_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{283DB530-958C-443a-BF5F-382D2CCA86C2}.exeC:\Windows\{283DB530-958C-443a-BF5F-382D2CCA86C2}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5E36CD58-1A8C-4872-9A80-180430422A9B}.exeC:\Windows\{5E36CD58-1A8C-4872-9A80-180430422A9B}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4CB84783-D837-4e1b-B078-C1C710B77669}.exeC:\Windows\{4CB84783-D837-4e1b-B078-C1C710B77669}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{43230D19-F4F6-4006-90F9-740D4740A493}.exeC:\Windows\{43230D19-F4F6-4006-90F9-740D4740A493}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F9749041-BD17-422f-AB22-B8CC173B8BF9}.exeC:\Windows\{F9749041-BD17-422f-AB22-B8CC173B8BF9}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9749~1.EXE > nul7⤵
-
-
C:\Windows\{3C54FE7F-2ABA-41fe-B6ED-F236A37239D9}.exeC:\Windows\{3C54FE7F-2ABA-41fe-B6ED-F236A37239D9}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3C54F~1.EXE > nul8⤵
-
-
C:\Windows\{25F8D999-8E3C-4d93-A6D1-2659623E59C8}.exeC:\Windows\{25F8D999-8E3C-4d93-A6D1-2659623E59C8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6A3642C0-CFA3-4cf0-AC61-4B89B4B7B03C}.exeC:\Windows\{6A3642C0-CFA3-4cf0-AC61-4B89B4B7B03C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{58E1CA7B-8AF6-462b-9111-44AFF78C443A}.exeC:\Windows\{58E1CA7B-8AF6-462b-9111-44AFF78C443A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FC02EC45-7E03-4ae7-B1D4-BBEA6518F84A}.exeC:\Windows\{FC02EC45-7E03-4ae7-B1D4-BBEA6518F84A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0F07A615-2314-4595-BF0D-E22EE1C08B43}.exeC:\Windows\{0F07A615-2314-4595-BF0D-E22EE1C08B43}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FC02E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58E1C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6A364~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25F8D~1.EXE > nul9⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{43230~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4CB84~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E36C~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{283DB~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD51c0d2e22b2493c2361fc8387b3f9cb82
SHA15bd8070aa9f9e23665255ecc3395f52c28b078ca
SHA25609e419fc283ea12d76d76fdeedce9a2fa736314a4e6a2b424d359ad5a6f99b17
SHA512cb0f04d51b9d645fce06afe1d223585dccd9f9263b107fd84c374916bfd3b999716880c414f429108baae046ceb03d6c09c5c10d25cffe9e929c659b3adb5e60
-
Filesize
204KB
MD5826c01b9ad0fc95af50fe3edb337dcec
SHA15aeb8b768d9c617adf4540da32a3a4a48a2d7689
SHA2565905c6cba11512f00ab3272ad3a7af490820bdc089c262a94c5d45661459d1bc
SHA512f58a519d424b1d9f40092e8000f6491134af8bf141d29f64520b25201c8ee417575fe6eae87c2500dbe063f294f75206484732f0d5f7543cb2d12ee2663e1fcb
-
Filesize
204KB
MD5440f004b5e21867e48300b90431ae009
SHA1ee4fd89392f39cf9ba4fceaa44fbcc80864d45a4
SHA25680027b13397a4d8328b16d61398cf9fa7b18c5630f8c9a3557d51f16ea64e757
SHA5124a238d67bac59fcc42bd27d19dcea56381033de832ae3e27b181f105b228be991bacbf5598d9f035f8f4be41eee92f54efe04674aec5b4e772e55b460b292229
-
Filesize
204KB
MD57fea4af92f11fdc932efe96625a5f648
SHA1e90080ee78707d9c6ceb9776a7ca61e3556adee5
SHA2560ab5f29fde39ec73f9ebf175cd2b28837bb3536d398857b3a144ae11f92402e8
SHA51240245d6337d709481242f8100f9ae88aed28b05c14bacb67f17202e66612dfb372047663a720ba479bb31b0e5f085807fb9005c1814e2732d2e3e4effccf24ee
-
Filesize
204KB
MD558cf82fe7205a23a26876247bc4581da
SHA1d222def9bc679d33d0610da8a3c5eac53ee158be
SHA256380c84b699655892514fac29542de3b91473c1ddc7b5494c71ad0efbd1aa227e
SHA51242cd173d87c4caa320a78ed80e245e976fa9f8f49c88f99409d1871e71036093de5105e1b6e1589d1aaafe0256cdf95d408e4b6157a1667c1f66e0e487acd8e7
-
Filesize
204KB
MD5fb1ac227c97e421d47aed1c28e243e45
SHA14871a3ee9c3c7af4e36d0edcbb15e32458d4aa25
SHA2560379e5fe8a79d7b5b36e7c01c30d7e83a4e0465bfc1ad4a29b4410de0b777080
SHA512a8ab83de1a1549ff2f0cccac6e6af9cccc910ec9fae4f30e3ad1d3a14739452dffa6be1d9d2cdf363d0ee5cb1a00269661f11c86275a580b79fe0f0f33ce4bd2
-
Filesize
204KB
MD5233f3b36d4db7ea89f42fd6a50751569
SHA1ed6e0a1e500c4962c59b0201cd1e6a4ad6e73754
SHA256fa26ee4f44a28e297f8e97fc8ce0d1d3ce0b9656389f19ba4b9a0de9e7802aa4
SHA5129875ef0e43539e0f04323085a15137715408e6db32b66788a30a0c4d410afe3234ce75a138700d37e0c5274162981b1ddd7e42f4cf253a63624187a7a6ae31bd
-
Filesize
136KB
MD5a04a94c801aa7e39b15a60037bdf1278
SHA1eae353be4604c579d4c729dee2260f7cbf4d8136
SHA256aca7b8385a158db3019cb33b1bbc294743ea5249fc0ba60b499972e10a2badb2
SHA5123390ce3fa4b7975b3b868082da3c71a2b672b58876604a9f0781317e17151bde120f707fd9f18faf02e75d8f4a717095a4f954ea975f57f99f3fa6d2e5aea861
-
Filesize
204KB
MD53929e43d4c251f2337995e448e5a2f18
SHA11ea61f8561f2cdf69fa594cb77b8c91324049044
SHA256c2393f22bf3b81402e0c4e1eaba72dc23f987b66e1b988eca97e7ec9621b001e
SHA512845ce84f85a4482b07a0abcfc03d046a77e2168879f0cfe4fac262520753c07b7ff393e01c544ee40819f0f361ace2cf9977c04c8cfb8f4dab9b436088192a33
-
Filesize
204KB
MD5cb0293e9870e581c8527373a5ae7f555
SHA182ab89f9f7af6f5e0e19198713b2e97b4fd37695
SHA25626721daf4e474eeae9a740be115b283dd625d2c6ab288d3d8b6c9a7767268101
SHA512cc31bd9f15382a1fe4de5da16690e9b6c52761369c97eaca42d2a9a112d957629b1d975d9c97db929e8dbbedd24aad28f88a0ec517e0c8ce12eddbc47877053d
-
Filesize
204KB
MD5a338f23513e414ae6ea0c3764aa419bb
SHA1163450757ada4fe7239045c5d2cfb0cbc54467f0
SHA2562a9567ccf22c0471160a400db10f29fe62da69c08d978507fed377c2344b429d
SHA5126c8654df1058bafe607149022279c674251c6afab4563911882e4f0fea9a4486762f11cccfa262c2971c2a61d011fac553dc15743f8ff5ce77066da56383aaa4
-
Filesize
64KB
MD530bb2506620b6c31cf5ed69d92a49140
SHA130b2487bb67c6996ddb599d1c3cb89a6466ea04c
SHA256afc1c10f1b3cf581642c2457bc85094d2430a8da5cee47f89f8cfc3eebe6d36e
SHA512315f4aec43654bc859d804a04a7c7a9958fc34ea6ddeb9294f317faf1823485eb74dacad2c3461bf30de111c8fa732180422959a9a6789040daf90342e018579
-
Filesize
204KB
MD5f09b0c51c2f8fb22517bd2a4a7e3adb0
SHA113e9fd065521bab1821a357a0f1b3bb669efe380
SHA2569eea79efe10d5a6ee9fc3c5d5f8cf872638f3c83490fee2a5ac18c874a3d26b7
SHA512b5eaffefe0d17fe6506e0f2979dd836c700e91d91ce1f0fcd90d01e9de3a74ae5b510627e93408981502859dc189cada00f54791123fb39afef0112805f87dae