Analysis
-
max time kernel
144s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/03/2024, 13:38
General
-
Target
2024-03-06_8045184ac3be40b1d64b628d49dfbcc9_goldeneye.exe
-
Size
168KB
-
MD5
8045184ac3be40b1d64b628d49dfbcc9
-
SHA1
991bbe769ce24e7f2bd09c7c30667f7311eadf0b
-
SHA256
04caf0572196f2df5735546a2d5fb4c2bd6cce0e697a02b4852d55c2997de12a
-
SHA512
3121b8f5db039fae0e648148303169144adf25aaa147b642e1c04ce709b5a6aadfd5695691e173ffdaad0e4360a31b33c6ae63a6d5ade2ec5eb917ba0e02de98
-
SSDEEP
1536:1EGh0obli5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0obliOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-06_8045184ac3be40b1d64b628d49dfbcc9_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-06_8045184ac3be40b1d64b628d49dfbcc9_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A024B3E6-1175-4d2e-B183-298974F63162}.exeC:\Windows\{A024B3E6-1175-4d2e-B183-298974F63162}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BD2C4C69-95FF-433d-ACC6-97C438F51A67}.exeC:\Windows\{BD2C4C69-95FF-433d-ACC6-97C438F51A67}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{285294DE-FD65-46d5-86E5-E4F8ED805C6F}.exeC:\Windows\{285294DE-FD65-46d5-86E5-E4F8ED805C6F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AE0BD2BA-88C0-421a-9760-4412B90A5C57}.exeC:\Windows\{AE0BD2BA-88C0-421a-9760-4412B90A5C57}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{10B5007E-4E0A-4674-9792-72B8586A116C}.exeC:\Windows\{10B5007E-4E0A-4674-9792-72B8586A116C}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7C1F37F0-4878-4e68-9E12-66F3786728BD}.exeC:\Windows\{7C1F37F0-4878-4e68-9E12-66F3786728BD}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6CEB2DB2-69BD-4fbd-9095-FE802D822296}.exeC:\Windows\{6CEB2DB2-69BD-4fbd-9095-FE802D822296}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{312D135C-E1A4-4a11-AA2C-30EA37F10B0A}.exeC:\Windows\{312D135C-E1A4-4a11-AA2C-30EA37F10B0A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B0B179B0-1748-4211-9A8F-D279D033A6FE}.exeC:\Windows\{B0B179B0-1748-4211-9A8F-D279D033A6FE}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{707281F7-CA07-4ebe-BBA6-2070BEC4FE62}.exeC:\Windows\{707281F7-CA07-4ebe-BBA6-2070BEC4FE62}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{559BAE60-EE27-44c1-8BFC-E6B6F33A1E8D}.exeC:\Windows\{559BAE60-EE27-44c1-8BFC-E6B6F33A1E8D}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70728~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B0B17~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{312D1~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CEB2~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7C1F3~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10B50~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AE0BD~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{28529~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BD2C4~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A024B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5a131cac78c974666a7906b2ad652d1c9
SHA177315cf2ccda0024c61d28bb3a423a21251a233b
SHA25689c1a434b73fe68605194c07011be4bf9cbf9fad9282e5f45e2900a30254af57
SHA512db1e29ea28a5f3a53cc939e682f69c40ca9ab71cc1b8c2c3603c93bc395acb916dfce1044b74d5930d92832b66012592183c366a049292dbf960150d07c70130
-
Filesize
168KB
MD5d241aa7a3c5ec8d1feb13926ce30cf0c
SHA1f4d20e5781454162025d165c4f21ee147ccc0f71
SHA25614efe899b3103a7ac7003b4776dbbe745f79c29da00b176962238c649bb1adff
SHA51258769ced581d1d9524b3c3813b73dbf103fbbc9838de2ff76f63628986ec67ee556d3223da4f3bcb89e3561132a32669b02acbf20ea0768037f2110320b48d50
-
Filesize
168KB
MD5267e12081284223d5cdef52548968ef1
SHA1360c15ebb03bff15825a0e3f627926d1ba198adf
SHA25602d3c8f10ecbc3e7f5be8c54dff1c2a2429ebe1c8850baca90f2aadc9ec46318
SHA512888ba50171d0db2dcde32b49514c31590c28dda9820b6a06386c05fe739597074b8844490cd7622fce794842369e99717bf38808e65bde95eb90831b189f68c2
-
Filesize
168KB
MD51417becc582a63649ac39b504a898222
SHA173abe8b88c559f081a1a9447f6df2c0a171bc310
SHA256d3a542e6e6e6c39c5457ba9a1bb94bd6df8370f30fd47f984946a4a97cc94330
SHA512d228eae293181d9378d3ab70ef2bd9704929d5786536c2e9e527d6bd896022ea0cbf5e4262cc97fcb603f1c2473e021c39814cd3ca6131257078079281b6f0ba
-
Filesize
168KB
MD5649884da5d50adf70870208c04c4e260
SHA188fd89f8bd0f8c521f24e0ad1e76fffc7d90da2f
SHA256b60e97cea53d048f890ebec52fe32829e4aff8f37a2902779dd0283044650794
SHA512b019ff526c0168ade1bd979416a13e5ba102681ad97e3fb615f5d2f2021a4e0d63055eb357496b65e293f88d91972c179147992d91b67e8ca817542180f3a47e
-
Filesize
168KB
MD54bffad3038cb701f7d6e36406912f40a
SHA18dbdc04111dba0f7d55f1f3eeccfbcfdebccda1a
SHA256adbc9f9c76bcf259581ec79935ba24262bc3943e10e1ccab0b16ae653c91ccda
SHA5128981a64448eb921ec84cda2f66ed431fb93da79bacdceefd14f64d722a1c76006450507257bed6eee3a2d44477fa4fb58224335fe35fa3fd6d1e4a287397db76
-
Filesize
168KB
MD5f6dacf45b97c3d0d98bfc74596da07c4
SHA12e56e8e45ccb79fad574d61a13d6b0a354d823d1
SHA256765cc302734e2a1098d3f796b0af04a4bafcb4c8352f49cce9207b43834c85d3
SHA512bce91d54b7a4724baf7de92c646140f266ddc4d53b050f1b514464e0ddb8f8422d67dfc6461a29b1c478b56042d06b9ba87bf8ed0d03db148b5f3fd72ea63c47
-
Filesize
15KB
MD5785191d6cdebd2c7be14602bd5a3ac6a
SHA1afa1bc2161b563adbc8465cdfee2c834ec97494e
SHA256f9fba624745aa66db1aee06feffb27dcfcd971ce6f43ce58bbc531489ceda702
SHA512d37eac49dd84082c7ad8eabe97adc99cd463280c75b5ae79ceec704cb122c843710fad494fa1918d9f667af76a46bd4614453b122646a19648d43fa8133a6d37
-
Filesize
168KB
MD5ba868c170eacfaed7f26b14269ad6495
SHA156cfd2fc5825af0f6994978ca204a2e0898a8e7e
SHA2567330aeb8e19c25721292a0293cd4cdaa8e4f48eaa3b4773eae2701d254825193
SHA5125f0752ee242f8c864c4f69814a612873b4eff0c10edb65fab5372118e61b2813c30cef6c61bed6791e71585003acdf71dc5c762d92b68f504f5873d5ea16ea97
-
Filesize
168KB
MD5627b41d7216fe1877f0b671e11425054
SHA1f2adf1379390d8e931fb51db73274edf392c5a41
SHA25678f585dc96c36f7d608b6074e83945185b7d1748d7fd87b9f97b7f698d2469bf
SHA51258eb59c47e0b27e9460466cc4bfbd021e1817d8f7fb5f6fd3d794eb9abd17a2e52afcaa553d014581c3ae6b4887cae53342f7972418c8d81be26bbad0171a2ce
-
Filesize
168KB
MD5a2e50d47e56f97d32fdd8f1a66fc2f2d
SHA119c3e58eaae53809958995ab2241211b0a2c0e3a
SHA256b917a26c62c5bbc2b4c0f744d35a60b307fbbd7879f52ccd33c4ada0e796730c
SHA512b80b3a505289715d065b2bbc98a59479964fac0645485999b69faad09a5a72df1dc1d68eec8972587d05ce0beeb0e8cce19f10ceec9b50d884a9e0a6ad7ff399
-
Filesize
168KB
MD5aa40d6f4e180f25404d9ef54850f527d
SHA11fb5f05982e155fb0bced349f590fb7e00917eb9
SHA25604055c1d8b23a2ec49da8b2aba1787c51a4bb83db64fb328aaf3b1ca32182c78
SHA5128f0ad21fef937fbc0e7a392d2790fd7899166daa7532621cf27b9d15c5ce02cb1b43f8841540ff548ac170084d002d772bd444049b1150022d468348f813e7fb