Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25-02-2024 13:23
General
-
Target
2024-02-25_0a93c3d3d46da76bb27d154cbdd1c0e3_goldeneye.exe
-
Size
180KB
-
MD5
0a93c3d3d46da76bb27d154cbdd1c0e3
-
SHA1
404f907a4e86c6c7ad9cc525b391a9e47249bc4d
-
SHA256
3585114fe3fd2ae7cbb5a8e3219b189e1f7780c55eaa3f6e44e0133bd98281a8
-
SHA512
0c18c297715c9ed3f872ee0547002fb4562e4388e0062ae345839e51ef7343a773837d37a8f1c68f7181bf568e4a20e7383f6c8e46f7c7a0e42d07464b1c9257
-
SSDEEP
3072:jEGh0o2hlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGel5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-25_0a93c3d3d46da76bb27d154cbdd1c0e3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-25_0a93c3d3d46da76bb27d154cbdd1c0e3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D2E4B293-1521-4fd9-9A91-6EA2274D9EC0}.exeC:\Windows\{D2E4B293-1521-4fd9-9A91-6EA2274D9EC0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5D2D47D3-2582-4a16-9152-827930BD51F6}.exeC:\Windows\{5D2D47D3-2582-4a16-9152-827930BD51F6}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{800DFAD9-594E-4fb3-8F1D-D9F1FCC33B41}.exeC:\Windows\{800DFAD9-594E-4fb3-8F1D-D9F1FCC33B41}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C6DB5498-0E79-4fa8-B2E6-85A5CD0C1D67}.exeC:\Windows\{C6DB5498-0E79-4fa8-B2E6-85A5CD0C1D67}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B292A9C2-EF2E-4674-89A2-F5E953B96939}.exeC:\Windows\{B292A9C2-EF2E-4674-89A2-F5E953B96939}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7490EEE0-DCEF-4359-91FE-1319EDE79287}.exeC:\Windows\{7490EEE0-DCEF-4359-91FE-1319EDE79287}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{48AC7B86-FF15-4d6b-ACC9-FCCC840ADECB}.exeC:\Windows\{48AC7B86-FF15-4d6b-ACC9-FCCC840ADECB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{01A54DF6-8E78-4ea4-BB1F-A939B88B9D4F}.exeC:\Windows\{01A54DF6-8E78-4ea4-BB1F-A939B88B9D4F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A11FC80A-A249-4813-A784-5F1B03F15BFE}.exeC:\Windows\{A11FC80A-A249-4813-A784-5F1B03F15BFE}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7F0675B1-7481-42d3-89DE-62D612B570B2}.exeC:\Windows\{7F0675B1-7481-42d3-89DE-62D612B570B2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{11C6D581-34A4-4d50-ACC2-1F18D7838E37}.exeC:\Windows\{11C6D581-34A4-4d50-ACC2-1F18D7838E37}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7F067~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A11FC~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{01A54~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48AC7~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7490E~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B292A~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6DB5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{800DF~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5D2D4~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D2E4B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5542fe3f44a800498079f82299071ac59
SHA1014beca3d8e8f6e5c8817b58c3bba3061af955d5
SHA256caaf3f5deda53dbda638c83aa082a44d83198f188533308566df7d57c5b822ca
SHA512e6e8d96779d797d8653ac994a9b6843b0ac9c96f01573b828e162982466bdd2c0fdfba7e8edb18840a97778cc138f423bfe6d1d8f5c5d6fb2c3910c64c004f57
-
Filesize
180KB
MD5693ef2bcf0d7a92c92646ec453e96fa1
SHA175a13c19baa8a8f0a927f6e632f5bff714ee52d1
SHA256636658fc20c72ed050fff933b601e5c4c748b5fa4351635aa7a838574be93c88
SHA5127a45c6bc1097414f49b71840b47ab1593814fb4844224748e9c465881902860b30d3244c51e01d12f18cf19ae14b44e16911ec59279b907245cc410108a240f2
-
Filesize
180KB
MD55eab5f900a265c6e16cacf00baab7024
SHA12f2f42fb7fd7db7bba319d0535d126930c5ea9d0
SHA25671cc99f01f32060068813a5159bab108f65f4a9b85943dd01c85fceab97a56dc
SHA5129dc9cf0a6148a73db47e7e81598d833b91eec9ca0cab33786b60b8161f42418cdff5d54a7ce6af0fdfbcbba86a795e5cdea5a0394fdfaa266df3c6b4830f471a
-
Filesize
180KB
MD56aebd58da764a7edaa4e250f45aed3ce
SHA150cb2b558f74444a5f2d0d945d5c108a9e5f721b
SHA2564617b8f54057beeb6bc139a84308c151c7bca6330d9f040b09d007a5744fa094
SHA512a341e33b6b9268cfe68a0578f6bb934533dca9c7de425d92a8450e8c9a06cbc745930e1bafe1e4d258adfe40bc720f755e3bb45ac2713135fda2b92d34e1793e
-
Filesize
180KB
MD537477a3313e6df15b14d6bae51e76cb1
SHA1b9760d4dd9ea87121a2490924de328e14b096a59
SHA256c1a15706ceb2d1d88e20d3baf797baaf3f6f8693a2b8471db2c0d83c8232fd48
SHA512629d8ac778c62cf5414a7eea816fccf6f1075716f48e31a3e63d59608f42bc5866ff1af2011756d43c9347f294f8c32271cebae3ba47406adf52eca4e7bf4abb
-
Filesize
180KB
MD57e73dae70a367eb42e06ffe0532729a6
SHA1df3f4f21fa9e0f4cf759cfe0bbf189a8c71f3d2b
SHA2561415e72456c7b19ebe50ae712d52e67236beb8b84f088bfda3de902a734fd619
SHA512f99db787a11b8a71c4be85fd50611cc337715c59172f039072b02757275207df5a6682d72cc61ec6ae68fa5c18f8bd5aff81f71ef7f294b9d5e317b66c484da0
-
Filesize
180KB
MD58c4344299951f4dd5c306aac1bd892a3
SHA13b2ddf6ccddca7f5f8799181c375c0b23a124c53
SHA2563307e43918ef79b3f165b7f676e4b85c4b7cc2d5943f9626dc8984e35b424a8e
SHA512d6fc8862863cb71b22314b93cf037a9607c95951f3a75236db860c60a96566ee583183d88b8b0fe738c0cd00762382eb36f974a28585afa4e014b4125c0d9a04
-
Filesize
180KB
MD56f705f173b14caf8c66dbfa7ad08b983
SHA13a4dd1ed7bca60f35a51de4f4d308eced7ba799d
SHA256dea6d1e58d6ee1ca58c42cf632fda312b612abbd374caf2ca9d60b168bd7c7df
SHA512db6ff730d22588743501b28b76e49b1a6c3424ee030c96526db25c736526fb2100fa5856f517ae10421f01e0ca763f694731dbcdf6f3af5d0985048c2c6a17e2
-
Filesize
180KB
MD551c4a2793e030f266857a9232557f6d5
SHA16f806ea38b268986354f9e9cb14513aab0e99391
SHA2563ee7d4fc3e7a9cb624a7981e37eba8ae48e347afca289f641e6afc72328ef40a
SHA51276a03a83bbefeb0fb8672e805662b067757d202e287a4c4ede446151c6f32cbefd45be71611185312b44bca1b8f4d12ff50d3c84b8e5c5b101da7208c9bb15e4
-
Filesize
180KB
MD554d93e316fb9e84f4e7f480f59c1c968
SHA1c7dd1b844ad4b38e84be7f1cfd9dd83b91943648
SHA256e65f2aacf852f0a8e2111344ad651579efe0ef54f3e9d95a78f5e767f92bed03
SHA5129ee4a5107a80c3e5634d53ed2d81405cc3046cd84f3f6bfdc2565a3d9d51fb329cda0a869e4c96da454d6c6b7ad61bab427edde858ca5b600e360d8e6b75cbc4
-
Filesize
180KB
MD5a03abde0668707603db891dd7163bb88
SHA122e178fa45c1fb6d235e4cb5155d49e7827af9ce
SHA25614718586caa8035c1c31be4de4accfabf765fd9ee8bb36a87adbc2aedec979c0
SHA512c6f0024fad9c7ecdb987cb6e196ee8fb0e48e4768cfba193dca734bb68096572f6103754eb544fad2b58478c4ded10f1b4b2564a676665631f8a7aba9f117eb0