Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06-03-2024 15:46
General
-
Target
2024-03-06_b6fe91cbbcf2a52896febe876ff76772_goldeneye.exe
-
Size
197KB
-
MD5
b6fe91cbbcf2a52896febe876ff76772
-
SHA1
159f809be35e6f65a958eae1d295e18d90d92544
-
SHA256
a86f6d05696b2b10340ca0c32fded7372746705446cd45f9ffdab26c9e930bfb
-
SHA512
c4a26988c2cdb8731d4ee543c35e526239250b66e259b72bc09dd50f83fdb79cf1f311957a6b1df74723746d3a58f5d890c878325a25257b7d6c0d9a4a25e080
-
SSDEEP
3072:jEGh0oIl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG6lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-06_b6fe91cbbcf2a52896febe876ff76772_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-06_b6fe91cbbcf2a52896febe876ff76772_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DE4B23A8-C51C-4323-B554-CA94C6A52E0D}.exeC:\Windows\{DE4B23A8-C51C-4323-B554-CA94C6A52E0D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{029277C6-E0DE-4bb2-80C6-B3BDC09D20B9}.exeC:\Windows\{029277C6-E0DE-4bb2-80C6-B3BDC09D20B9}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31EA9C7E-2E05-4eb4-BEE9-6A2998341FAB}.exeC:\Windows\{31EA9C7E-2E05-4eb4-BEE9-6A2998341FAB}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{50831535-8F2F-4711-9A5F-37BBED36DB32}.exeC:\Windows\{50831535-8F2F-4711-9A5F-37BBED36DB32}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7B06FD6F-22F5-493a-8D6E-00220EDC03CC}.exeC:\Windows\{7B06FD6F-22F5-493a-8D6E-00220EDC03CC}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{854C8C7C-BDDB-4fc7-84C1-31ED3B4B5FAC}.exeC:\Windows\{854C8C7C-BDDB-4fc7-84C1-31ED3B4B5FAC}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2D69A496-EB80-4f7b-8B21-8B69E82FC9D8}.exeC:\Windows\{2D69A496-EB80-4f7b-8B21-8B69E82FC9D8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E2A93B1C-18D1-4f56-BD82-2829AF8B831F}.exeC:\Windows\{E2A93B1C-18D1-4f56-BD82-2829AF8B831F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6EB41B34-8345-4fc2-A179-494DB64E523B}.exeC:\Windows\{6EB41B34-8345-4fc2-A179-494DB64E523B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BBAEF8CE-786C-44d6-9487-5495AD959905}.exeC:\Windows\{BBAEF8CE-786C-44d6-9487-5495AD959905}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4F80FAD6-3B13-4a8f-8D32-89BA95779515}.exeC:\Windows\{4F80FAD6-3B13-4a8f-8D32-89BA95779515}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BBAEF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6EB41~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E2A93~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D69A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{854C8~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7B06F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{50831~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31EA9~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{02927~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DE4B2~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD53b06065f9d224bf276f2d0b4e1c2d833
SHA149d0359cdbfb0fe6f014a7dea285b312d30e5d91
SHA2569da32d1df47d4a9be013061463fcf124045ea70e6cb5c160fad41278a7f50d38
SHA512f9558c2ea129917c7227245355c9ce8145b71800dc9093b92b468ec3b8a325ff03d9e56f4cac147ad6efaa6b92f597ae34dc2172b22e329739dd13cee41a87db
-
Filesize
197KB
MD595fb3265c7ccf2a83aa329764e89da06
SHA1094be02b497926eb0276a95821957d2d695996e2
SHA2565ac1a0dd283ba7a830e23f2f267d875533a39faed0b9e2abc5f74dd8509bc73c
SHA51207bb0913013be928422c3b7afe212bfc33ced3d64deda7c0f2ef1037cde138802a8ebdd0edfebd2e187a823041d558eb7815c1f72f0f679c4fc47aba84abea33
-
Filesize
197KB
MD56bb60607721e2317fc92563dffa194c2
SHA144fd8868e2503a961c3786c580fd6ac395bd5563
SHA2568c141e6fda1a4ca754e5b0a8ffda4925a1bcd5952efa01775ed6f32a76d54264
SHA51227259e8f9b90baf79e0c12f4c53efd67bc348732ccb12c7c3c36fbedca6f3a206f2a5d2878d1f520566cd64abd5b4d32e2f513b109a54e02883967e9a2516393
-
Filesize
197KB
MD5bfee13780b157d2cdfd11b0d9520d5e2
SHA1cf6a9ea00cfee5b6a53c088aa62fc0cf58589014
SHA25627de1227868b3e3db6ffcfc60b5d7f424d64d74460f14de3fe71b28ab9991a3a
SHA51232adc235b50a65489b616a97913a523d031b339ce1d1f8ebb615ccf001d18229d187232e7bb1319580f96434fa79f35045204360776830f49283d9cfc3664269
-
Filesize
190KB
MD54124b837b603964863f3b8d92fa2bffe
SHA11ae950fd8b1e8a3874415fbebed70cef933ac4f9
SHA2569289989c0590890cf5c44c1b6643c00504bb278e770215cb725e67313f5c77b3
SHA5121ef8d8c247bcc27f6861092586e5c2e7ffa1b183ad4ad475394577eaee9e4446b443597c18fe6cc68e12313676abaf9902ed11b390bfca7a0d91356aa6fc56d6
-
Filesize
197KB
MD5d7b9328f5951316226ef03f6aa29f855
SHA1f0f8c9cfaf2279d5663182681c153bd5c326b53f
SHA256e1a1aad5b026b9e98f47bbf9d40fe6181894c4b5e211f1833a97ad2ccc3e5cbc
SHA5122e5cdbc467ac217303fabf1cbe51a7b0befc275bfee8ca9dbbe453621d284956b9c9932e5d9d09541f7d29671d3500603b82edc306f3f7d46007a460c0857756
-
Filesize
197KB
MD5935e4ae3e42ee91779f40028cc288329
SHA15648aa4db932b3876c85254cf058b388067e314b
SHA2564312edfd463dbe497d2eb4484a252249a77a3685c6396b1c61acebf900106784
SHA512c5cba43fa97702ce7de93e1778854223171b4290a9a80e74301c620abaa8c795632155b78bac041dc8d71dc235f94a115db15f5c652a3014074bdfcb9fc11800
-
Filesize
197KB
MD5ab1112f2db8dd72279d2f3a556219d13
SHA1496a3ef2a121b884dbcf704e6150bbc7e01c7c8b
SHA256818250ca17c6b92722aac1a298859576c99fe8aea5ad77aafe9a169e36fb1855
SHA51260e60e8f5d53c9dfa9ec283507903cbcb1a2dccb3094cf6673c7e7f16154bcc85f1fe478094e5899d028e6d27e80ec536afd5349db2bf692c3797c8a8faabb31
-
Filesize
197KB
MD52699e619c0c6b3c102555a9f8b7ca490
SHA18dd2187683fb62168d9e00a19ecd7fca64669671
SHA256e68de01adcc8df03b562acafb14311628fc08049d128ef05ea27e37d9fb4dc0d
SHA51285196f4f1e66c1005a944e08e9b50902d629351b108b68182ce490f5f6aa6dea2fc9fc36169afe0a784009c27c57a6337f09199f45448d3b38cb01ed7c0e2ce9
-
Filesize
197KB
MD5fd611f09bf72aa79a0f21b8a18263828
SHA1bffa740d2f66e07ffc02b2fbc1fbae68f9bea2d0
SHA256ce9a42b058c48ea06c323cf33f1823ed96d551d2e3d5fd4999d49e37ecdd452d
SHA5122681c647f45fb55e8c39b516c2aa5243d90fe0da6484c9eefa83652cbf63bb0d8434d481cbaa4ec6b9800ac5795084d42b3a8410ff53790e9468b3b6685c4230
-
Filesize
197KB
MD585f429d02660c2242fdb96fdbd94dfab
SHA1939d2ec5e4e473f359f6264f3f6051be33fd5467
SHA256f4fc73c2924cfc3c7e1088e124de5381055d8fef915e745039f83c3f8edfd082
SHA512ca8cbed5112a14eee7bb106fa77a54893d7d81c3fe1c5959d70cf3d6aa2e18092e0bfa86137203b9b8c7eb723461d74d795a002cb98800cce4620f08f327ba33
-
Filesize
197KB
MD539a565de3d52a093ad55a85233034cc4
SHA103747d3a73361e2329ceef88d99a00f8025418a6
SHA256f907e1e1ec3512fbbf108d0df09f2e2fa52d5c5106de663f69c1ca24439244b2
SHA512e66d7f6795ff8fad0b3fcf7cb6d9283167ee62bd4bf652b5ab952b31ab7202822ced11e1c28467dc8d29d3d01712798a9196ba739b15943682c25d2a2eee2a78