Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
07-03-2024 02:41
General
-
Target
2024-03-07_a63a8bfec9d49ff9481cad240bf487f9_goldeneye.exe
-
Size
197KB
-
MD5
a63a8bfec9d49ff9481cad240bf487f9
-
SHA1
15c2b663f73446ace4af88f5280592f382dcd99f
-
SHA256
0f2f6e51b59cd244b8816f29ff23bf19b58f5874772090f0ffc9cb73630be3c0
-
SHA512
fc45895a38eeb732d6c8d9ee4a8dc801ecd3edc0cdc3afea7be0e7d0d762a2cfb566db3b0a71842f7e884de415fc07bd919d37207ad44dd7a36a929a17d04756
-
SSDEEP
3072:jEGh0oFl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGLlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-07_a63a8bfec9d49ff9481cad240bf487f9_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-07_a63a8bfec9d49ff9481cad240bf487f9_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2335303F-F383-424f-A1B8-B27BD843050B}.exeC:\Windows\{2335303F-F383-424f-A1B8-B27BD843050B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7B850C22-83DA-4240-A771-834D33F3FFED}.exeC:\Windows\{7B850C22-83DA-4240-A771-834D33F3FFED}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{13318886-837F-4669-9DE3-F634A83D1414}.exeC:\Windows\{13318886-837F-4669-9DE3-F634A83D1414}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C3E18F2D-4471-4d4b-87C9-7A2830DE212C}.exeC:\Windows\{C3E18F2D-4471-4d4b-87C9-7A2830DE212C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1B041A93-A821-4772-93BE-398747966ED8}.exeC:\Windows\{1B041A93-A821-4772-93BE-398747966ED8}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5804B4D6-B083-4713-B4D5-5704A8D91733}.exeC:\Windows\{5804B4D6-B083-4713-B4D5-5704A8D91733}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2AD39100-946B-40a5-BE30-F3DA9B4783EA}.exeC:\Windows\{2AD39100-946B-40a5-BE30-F3DA9B4783EA}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{62A18A1D-5C9B-48aa-AB98-BA411272972D}.exeC:\Windows\{62A18A1D-5C9B-48aa-AB98-BA411272972D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4DF2E4F7-F1F3-4f3a-8FED-88062C7CC1DA}.exeC:\Windows\{4DF2E4F7-F1F3-4f3a-8FED-88062C7CC1DA}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5D999D31-A809-4bb9-AC21-34143FE520F5}.exeC:\Windows\{5D999D31-A809-4bb9-AC21-34143FE520F5}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{60ED5E5E-F81C-4547-B681-21D93A86FD08}.exeC:\Windows\{60ED5E5E-F81C-4547-B681-21D93A86FD08}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5D999~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4DF2E~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{62A18~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2AD39~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5804B~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1B041~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3E18~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13318~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7B850~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{23353~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD54bd0a3ee4b18d00290d757b52f5c1500
SHA1c119734ee3fceb73abafe48e83304b647b0784a8
SHA25630d44a6216bd893698eb3ac92c1723c4ce2f6b72918ca6921761435ed1dcfa9a
SHA5124bc6ec29ae7e1b7a903a503e92c0eea388d8658375684e8f843315179c45ddf33ac10bd80a7279b3b4bc075390b2097b021587c857ae06b18e38885496f43c60
-
Filesize
197KB
MD5c85bad88da798708ef905411a3b460c3
SHA104eebb213d2419ad746aa0c443f399788d84ed7d
SHA256bed13412a82927249ae81c0bcb0a8bc9997dd85aba81cefb32ae3ef7f03aa8db
SHA512dfc8cf5239ca44a09b84beb89b5ddffa1846a6de7ebc7edf4f7b2a3e17b0faa27ae784a1ed5b4f5b697a1d62e9990ae239c9feced121893100bcbbb58e38efe7
-
Filesize
197KB
MD5fdc29abd95a29f4a89ddd351f4c76339
SHA1ed3210d841ae206cf5be191de9a05c21b6b5deea
SHA256050afc23724e6b11342569d51843146cc53ebffe41a41e4ebe34a240882145a9
SHA5120de9a571261276daad7eca8e1c26d34e24945874fed322bb914d06471e087113da7345d6c41c7011cab8065aba0706f8d18b49897cf17ce412c2e3dc15f5311b
-
Filesize
197KB
MD5dfbbeda14e007941adae5511652bfb91
SHA1690ca08d5290b2a9a579ac0f0407c5c59b4fdbe7
SHA25663243dd4b644ba2301d4fb8979598db0acf1b1ac111799dc2b672cf144bdc863
SHA5120712cb9de1fa37ccd8907d055d61fb01177e70266a53ea3726798693c0123cffabf1dbd2fe0c7b4317652140b749897d78cf2f7c964b734e0cddf2c46dffcdb3
-
Filesize
197KB
MD5574e4df28ddbab4dd3ae730e531a4b43
SHA19a816c0010c46fa1325b3cd8756ced7dd6256556
SHA2567b15be7171f833375fbe6a9ee412c2063db121b623002283b1eb95380aa36242
SHA51241c4d0c2009d794ccabba70ec8f4c6deeabe28f319ef9ee398c0726e552ab0c0eaa8ef73d8a1fc2c9f47e944e1dfa5ca0a4138731db5d50798cc8c34faad64db
-
Filesize
197KB
MD5390596f9e31d41b072fe9315167ec11f
SHA1475b84e5796d600032e562d60ccfc17821023d56
SHA256830e7ad23c8e26392ff49e2a51bcdd4d84c6b2f6b962a71645516a796727af13
SHA512a1adf612440eedff7e7085db21bfe16483017aaebf1b9b4d619efeda822596f359601d07b5f7dc883b1e720b51cf072f4d5f4669f170a88a76e54cde9c827956
-
Filesize
197KB
MD579e6793d95cf60ed3937ab2068530b9d
SHA1736da23f790c7cc6699e7bedfe2208b7223e0dea
SHA25636fb9909455563450ca707748619e977de070a804a5b67add08896e623b87fad
SHA512f10ab2c64c480ead5d647d603d3bb2c40e7f90f0de046c57365df80f60bdb244caf19cb451f692d817a50b894fc58a007ac928c538894fe68ed80abd2b072a5e
-
Filesize
197KB
MD554ba2a0ef6c053fc3177d69cc8276df8
SHA1d6aa94fad3691d8050b02b5f69a45bcfc03dc108
SHA2564251fd66025753ba41bf4708a1099bdb4a3325b745ab1797af6286a5cf246c5f
SHA512d1bfca38ebe0ff2cd55de77cb36ab348df1489479eb40b88612c9c1aeed4b30820a88f0752c4121d9f411350f62d97d6cea7f5baf3c9b6962678a5d4fd6714d2
-
Filesize
197KB
MD5d9a27e47180b30a03e7ab098f7be2349
SHA17fde920ef414c766ddd79a1973cbde74e53cf7fc
SHA256df6fa9e659cc90f92ba8d5dcacf4fbdc844adf82f272795b9ee67c0867f31d40
SHA512d6d6bf1501c3c306316217b6cb224583baa9be9b61640434e5db3e095e3105f722cd1573aa64c29d34154bce2fd6c7df73714a2250a36e4d9d364d87c4f7265f
-
Filesize
197KB
MD58e0f136395c5b99b355ab789d4c1e736
SHA10c196e19c713cd25c5d3c18f90b8a23a4bf6d733
SHA2560fc06fc05a73136167896ec9e9c90d9da9002bbf1070dd18d210b95f86f21b90
SHA5122391d9d0e6f3f714e41b01e466c2e6591892b1418118a473d6b2911aa1a3606473e5452290c30901c18a3ae08de08ffd4f10651405803d7857b93b39829e74ab
-
Filesize
197KB
MD5e1d304874255930e08e1c1fb237dabbb
SHA17942ffc4d589f9e343a5ba4377547bd1b80a9d2e
SHA25620f237dee2e3ac08096ae799296a5038edb5b022b3ab8f9c3f48b3671bd85809
SHA51238c00a104e8dc69a6f8388eb896bbf2bfd38d98f12e3faa918e74dfba2cb3f0dec2948d6bc501b137c294d81c3d5f50205de54ef9c606f6438f5823e672734ea