Analysis
-
max time kernel
151s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24-02-2024 18:02
General
-
Target
2024-02-24_a74a48c48c1f360964643e7eb34b7871_goldeneye.exe
-
Size
372KB
-
MD5
a74a48c48c1f360964643e7eb34b7871
-
SHA1
1550903768fd3433628aa8c67eeaf1a40dd3f18f
-
SHA256
b4b6df39910bf0f5832e5534eeaef3116bbaea15314f9f594d274ffc28093164
-
SHA512
72f79e3f0c63c0b8d864dfef136a6c551f95c782bb597e52384f7d86c32932433e5a0558592b8579f5f26ed6c21644d74c286a639c08ddf81632fa05842207e9
-
SSDEEP
3072:CEGh0oomlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGTl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_a74a48c48c1f360964643e7eb34b7871_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_a74a48c48c1f360964643e7eb34b7871_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{839BA38D-9AE4-461d-9603-77843324DB96}.exeC:\Windows\{839BA38D-9AE4-461d-9603-77843324DB96}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1379785E-9C3C-496b-9DF0-9F7D22AF61B3}.exeC:\Windows\{1379785E-9C3C-496b-9DF0-9F7D22AF61B3}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0938273C-0A58-4b1e-88C6-DB5E7F8B8022}.exeC:\Windows\{0938273C-0A58-4b1e-88C6-DB5E7F8B8022}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{845D948B-A175-4085-8FA3-7B70D670D0F8}.exeC:\Windows\{845D948B-A175-4085-8FA3-7B70D670D0F8}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DFE1A7C0-5A36-4293-99A2-84BD5BB76EA9}.exeC:\Windows\{DFE1A7C0-5A36-4293-99A2-84BD5BB76EA9}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3AF85E75-6B6A-425d-8EC9-5FDA9908B195}.exeC:\Windows\{3AF85E75-6B6A-425d-8EC9-5FDA9908B195}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3AF85~1.EXE > nul8⤵
-
-
C:\Windows\{BA287038-5B89-4f2d-B774-987291ADBD61}.exeC:\Windows\{BA287038-5B89-4f2d-B774-987291ADBD61}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA364EA4-5B38-4137-B60B-A68B4763D419}.exeC:\Windows\{FA364EA4-5B38-4137-B60B-A68B4763D419}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{10CDBFAF-107F-4d7c-BC32-227F00F377E6}.exeC:\Windows\{10CDBFAF-107F-4d7c-BC32-227F00F377E6}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FB60B3C7-5D49-4950-961D-CA57A3BE5131}.exeC:\Windows\{FB60B3C7-5D49-4950-961D-CA57A3BE5131}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{883495AE-F7E6-40a9-A388-0412C5523D4A}.exeC:\Windows\{883495AE-F7E6-40a9-A388-0412C5523D4A}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D8F9CCC6-B320-42b8-B934-2C960A4D8324}.exeC:\Windows\{D8F9CCC6-B320-42b8-B934-2C960A4D8324}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{88349~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB60B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10CDB~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA364~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BA287~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DFE1A~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{845D9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{09382~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13797~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{839BA~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD56761618a027c371452cd28b003e9cd72
SHA154a47cd2976977b1776756a01481bc3d4007858f
SHA256d70b1926594e1b8859048052005a99be20b8b42cad8d534f113adf5f867d01ed
SHA512eb60a32c6651e859e2095b010d4ef3ec0a427407f8567bfec76107aba0c7c2ca9606163281fb0a5a4ba8d4281dc425a3568c82a259a5eeac2529c7a26035fbbd
-
Filesize
372KB
MD542f2fe90167058364257d633ca15adf0
SHA1fc29ec528db9b487376ce768c339623e78474071
SHA256a9c7f7c3a7ad8846eaa23e466a78eff8639e0ba50935b27830105f1f4a04d8a6
SHA51214b5a239e97f1d7d8589c8b55e35767f6646ac06a05f8aa33b176fa11f72bf5c70f0c68462b9666ff62c23d24bdbaba87d6bba5f97acdd9af05def9ad7641270
-
Filesize
372KB
MD5cce3820d23b0b2d93408100a8c20907a
SHA1a62c1888fc4fc0697b29c89038c6fc7c3c231210
SHA2564562e7a15425cef87100af1d89adf89ad768ac5c1f4bfa71a0fd3b10b13ed710
SHA5123edece268c8cdccf3c686703ffb398f29dc963da9089955e117777b7bf8bc2ed06fb3fe30297cad3f3b4c6d4c47357017879a643fb5dad3d1131186d1f28b417
-
Filesize
372KB
MD53602e48d0d49965a0a1c1e12e9151d5b
SHA12db064dd4146cbced75c21b0f3dc8023b943748e
SHA256e5642fa054195870b8208fa9779332cfd38e7bf8f69d08ac6dab27df4e5bd454
SHA512d79678a73e66841e650d3620b708254b2f73103f655810a51d1e4bd35e3c816c31b8c59ae9dc66313f32dfed31478e0873d2d97de9886eefc7de0a4400550cef
-
Filesize
372KB
MD5a3066bb5c8f4bd14a368f7249f4ea7b2
SHA1f25006f45f0b0914f35b729c76f3752a30d1914c
SHA256e879f6a0b192c9950f4e0e9ff2aae243e02d3a31baf79a33d16962fa2860899c
SHA512c938ecb18781a757e38b51d47a05778177227a62c6465b79c72300b2cfc3d235f670ef74bc317e3454c2ecff43017978bc4174d5278c338e1dfc5c7e4ba6e86a
-
Filesize
372KB
MD55426811f0dde0558da49ae957b2f25b9
SHA173e49384d52251dcb9c8d2a7ca88857b49508173
SHA25676f0266f96e53955c759f472572af13c29d09a2d919e020bfccb5ce4c6e2690b
SHA5127fdfdece6026a49ee8656cbe95ea23a95e3d7f18606690c816b90534b7bb99e49d655067ad544eff85c69385cc1173d1e3fa98d6b9cefdbba7ee2a65f57b8607
-
Filesize
372KB
MD541d4bce417e86d573d4910000bb071da
SHA1b3a7c64b4ebe04fe3627f409e13c20a8099318bc
SHA2566547cfa65ecc5d9f2842b5ce81e9cc12dc41c4f5db4784ba7ac864acef16b52d
SHA512b546c84463dfe41c5d6087143848195a0c9e76589ae189f5f3b08d3911f931f28fe2f88f43092137034d470afb96e68e7369d6640d54773b6bb8a42aa6e12535
-
Filesize
372KB
MD5604772379ff62560dba473df7d17b105
SHA1b581a1ae0079bdb394c866a3ba8299cf44c114d8
SHA2565f4f15a325c589de62d077e2658072a276ede96ee56192a20094f36e3a124229
SHA512fe859fd38c37b53cfc6204e658d48b7212d245e9117f81bc2b50ff1bd8a063149a958bc1279c6547296f823b82b611683daaf1d7ad92b9a7730371ce27393f99
-
Filesize
372KB
MD53c56165939d6b0cc4ca1585febdd5577
SHA18b907c0cce50e8fa03144d972019ff95a311b4cb
SHA25609b7a826f87235abfe98d7839e2c033e25ca550c14cc3c40c0950ff6a323dc17
SHA512e0a3339a0876c88240fcc4a487de34f165f60db2cd07ea5f1f19d273acada78c37d6266886fd980599c3298e0bade470d6d24d869fac189837670c939df14312
-
Filesize
372KB
MD528fb2df84d9d3c0aafc3e4eb88215bc5
SHA1fd4c58d2c7ee0097624e91ec28b206374112be2c
SHA25625b2a29b60bbbc41b628c753326d70d79173535062c0152d95d71ff27887ef82
SHA512d40131ba5b10ca825c402557a58ee803fde3ef4f806bfd0192ac56077e9bdebfb8feed3f2cecc56bb7a10655e8d05b0fcf08ed3023b2e87bfff51aef0aefc8c5
-
Filesize
372KB
MD57880e1d457752cec15871bb55ffb5569
SHA18599bf81486ecebd2690bb8099ed09249f529748
SHA256fec0f369c662729d16a391a7ecf230c9844b6d94bf15e844fea8559229739457
SHA5122ceeaabf4c1a9108619ac12f3d7c3c3f56674c427f4db44d295e03fcdc7f1449181743e378ab31ee44ce48d74e2ffbd36c317fa4cfefa183a61babb75d8ec306
-
Filesize
372KB
MD5708e09e867d7ff2ed1ac9c3580e3b35b
SHA170337c468af1daa245f7924f1c2f915ea06869e1
SHA256a54002b53fae21f4dc0884696ceb33f862e276b1eb2a6cf6e399f4d0aaac0278
SHA5123503ba06abd3b21babaa54b80df0d8c192a887b34849014afdb050dd6aad55a6b738738560f40078d07664eb9fdc46cec2fb1fd81fb6f9dc427451c63226da89