Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/03/2024, 03:33
General
-
Target
2024-03-06_34122dba6b37e3e9b4e4ab147d159bc9_goldeneye.exe
-
Size
168KB
-
MD5
34122dba6b37e3e9b4e4ab147d159bc9
-
SHA1
3ef895ba80f5f1301b25867e29e892f587a96737
-
SHA256
a02df1ba8a74e6ef920022662d4d1fc6a1799949f26a824a97cadb52bb93aab4
-
SHA512
ab7e2b4ea8f62bfbd541446875712651db8e08b4a203584a42e66fc0ecd75f38b2a1de1886b06bac7638493aefb4b27783f8b2e9538e5598f4f49075b59d0379
-
SSDEEP
1536:1EGh0oRlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oRlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-06_34122dba6b37e3e9b4e4ab147d159bc9_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-06_34122dba6b37e3e9b4e4ab147d159bc9_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{36A0C696-2F75-4c9d-8BFE-B1020E3FDEA7}.exeC:\Windows\{36A0C696-2F75-4c9d-8BFE-B1020E3FDEA7}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ED03D010-C416-439f-9B1A-60C76F751901}.exeC:\Windows\{ED03D010-C416-439f-9B1A-60C76F751901}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{791D953B-568E-43d7-9C9A-066CFA749DF6}.exeC:\Windows\{791D953B-568E-43d7-9C9A-066CFA749DF6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{12F61F7D-333E-4b05-B49E-1801FDC85BAF}.exeC:\Windows\{12F61F7D-333E-4b05-B49E-1801FDC85BAF}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CB7E4C4C-E927-4f61-A3F5-462ED74660A7}.exeC:\Windows\{CB7E4C4C-E927-4f61-A3F5-462ED74660A7}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{36C45905-E646-4054-B3B3-72CB96CE9B2D}.exeC:\Windows\{36C45905-E646-4054-B3B3-72CB96CE9B2D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F575C566-4714-43f8-BEB0-6B2EE73FC5C5}.exeC:\Windows\{F575C566-4714-43f8-BEB0-6B2EE73FC5C5}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA6593C7-B4B4-4eb2-96F6-44651F5BA9D1}.exeC:\Windows\{CA6593C7-B4B4-4eb2-96F6-44651F5BA9D1}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B191DC0C-7FAC-4397-8719-C6AF9BB578D8}.exeC:\Windows\{B191DC0C-7FAC-4397-8719-C6AF9BB578D8}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{865144E4-05DE-42bd-8F34-8DFC43D960F2}.exeC:\Windows\{865144E4-05DE-42bd-8F34-8DFC43D960F2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F6011C23-3111-4cd7-9F55-1EE9BC813779}.exeC:\Windows\{F6011C23-3111-4cd7-9F55-1EE9BC813779}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{86514~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B191D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA659~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F575C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{36C45~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CB7E4~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{12F61~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{791D9~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ED03D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{36A0C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD50f7ab206589d23fc74af44eeee5a9738
SHA10cbc30709b56b46504566b8ec2e5ff36629ec4fa
SHA2569d39e150ac7abfeae6a9ded43a6e223028a7793276966f25268d5887a8ee08b3
SHA5125049bdfa27979e7276c1a876784dfcd23b142dfa57f86d3331cca16831952c463be32fbc7f0208f47362f93fbf498332cce702562af8c75080791eb41adf1d37
-
Filesize
168KB
MD5164f5fd1e2948b7497f1938ea4fd7f77
SHA116a2d895b2ca6ec648d081e752eef60ee85bd1bb
SHA256772942cac0e24815cde85076b8d6261a77738bf1a0de79dfd132d93538d2caeb
SHA512e18c960ace4f00458433341a1ea0e03a868d07bcc7a3393940df0fcbb9d3570ae07becaa65565a5eaf91d9dcaf84dbc8e2997367ff63e97782715f090aacadf5
-
Filesize
168KB
MD5362f71fa4c464e42e011ce71292a1f2f
SHA1829f222a85b4abadd318ae836355071382db4149
SHA25640b1ef913fe7c72c9a01105082c011d28d931ae66d265569889229c02ffa7ee1
SHA512fa0ab7f34d18b38cf2bf0d0d168a4952c61034469ad62120b7f57b2a07e3170053633fe28562bec9d64de4253eb9a6adab2b0e957a5ea8c2355a78a169937c15
-
Filesize
168KB
MD53beaeb09cad79d30dcd76659a6e574b2
SHA10241d5e7bdb40177dfedf0e51c0163bd018034ca
SHA256960ce76205911ddf1d567dfba8dd1e975e4634e697ae77f21c19d3c8ffc49fee
SHA51251e9f01495ae5cd2e26e2855d240661cc9f10d04a04c8d89d54920b7f2465e64fce97324d377c6f07d67699eeb569a68db2f7c1d076f8043ed9a8fc3ed3dd2ed
-
Filesize
168KB
MD5c3cd1bd4550d11ea83fdf5648fe17a0d
SHA16d3420107a97bd11b8401deea7f7c137224afd17
SHA25674d4a890317a87df233cfd4d731199fb3ea5d1dd984c1cb85070f9127c03b748
SHA512be137705e0814c6ce737dd61712a75625d96f6ab8fb3b16687060f164e4016e07d08dfe3225714faed6f35182e4fcf5c6e8660ad4af003c3e0e79bbf5435f399
-
Filesize
168KB
MD57f2a20aa74f3afb36cd505162505b9ed
SHA1f1c98d1f14f46e04f1182861ec30bb5c6d6576fd
SHA256e683e7c42239914118392f8f5da335bcb8b68ace4a77cb6e02a5d339f9b3c02e
SHA512209687eb5d5b84cc64ddf9c064c28b46eb7057ed733ceffb6c897f05725a56a8b8b24e30acbb1b54d5ba2c70ef1cd12ddc26edba92d7402ac4c4dbad047a18df
-
Filesize
168KB
MD53f0050fa021f79f23923d822d53f8bc5
SHA1a8473a9383378e4a8b165222d38859c4567913c9
SHA256971dab8d89e3926e75f8cf43bafc456ba4052cf9b122dafe9b64d82c709d2516
SHA512de97b6efff8ad17650fe209b562501841188b975329d442ffe472f7bf4bdefd056df6cc2674d712a0cdbdb461e88a073c32a4e88ad32d597e79cc6f2f4edf552
-
Filesize
168KB
MD5b80b1cd7bab3d0dcffba0a37d99a304b
SHA108abfc0ecb22e3ac00a4618a334c8dddbb1ba829
SHA256ebf1a3ec12c3c651a5133ba4eec52b39011d6a9a4c2b92e62d980cb4d059e201
SHA512b5c2189c1f6dc86beeb25d477e3e088105f7894efa71afd777dc59968e65a556a770b8abf8037a4404777d44cc9cbf4d454d682e1bb50f3120f9b7334618645e
-
Filesize
168KB
MD5749aa825f410bbdcbb419963b7cf376f
SHA1e7dc4c9e16a8be2b23f174c115e39b0f53b2ca65
SHA25601bf74c7859f8c1b87b02ef9f08f73dbcb9920b07ffa9faf96c8e94c007460b0
SHA5126ee60694e33eb32ba1669f25bf94a4bb9914eb2300ce9f58731a7f80183782421f014f8b6045110200414342d24f9c7d3d2b905cb3881b0880ca8777940096b6
-
Filesize
168KB
MD5b26da5a5703af1e9063439d4a6af5400
SHA10736416f5ec951de9eb98b3b60d5df39499b8c22
SHA256d1e1ebb5d46bfd4020bcde0cdd893c40507bdbb9552a8450daf97e95d7d8eac4
SHA512f713eb1483a780cbc94de02bd9eca9a038a646a05ccb2b2a08a1bcb95ec57c55a23a3af3cd12c77fc7e616431783bcd997df1085d9f9e5fe93fa1a82c857b926
-
Filesize
168KB
MD51985567d5e18d0547d4debb6504e304b
SHA122b70947600527510fdb86d2d7447c9cc964383c
SHA2562c6950c5ba8025ad12b92e58f15a464c851fe23933125f86f5a9de66247a15d6
SHA5126d98050cb325092334d54e3e79dee649ca30aadaf5059128d256069ea04cf6a972d7c65935d8d3a4abf7934a483675c31616ca265a1a08c1e2e3b7d4efede8b6