Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/03/2024, 20:25
General
-
Target
2024-03-14_1ec6548b8b88f9bc545688562bc29d9f_goldeneye.exe
-
Size
197KB
-
MD5
1ec6548b8b88f9bc545688562bc29d9f
-
SHA1
726fac709309e23e7f6c05e6816f28cf910ee997
-
SHA256
9e13a4cec6b747f63d7f32a27e952e8deade7bc89d6bd7eeb11a97e5ff5a416a
-
SHA512
8902ee04eb3aa028d105be01aaea9084f3de5781b7241ff3febc97bed646a71229b6e26f0bc10f3e3085f881d900f6d611c52b1b76d7e2d20205e34ed014cc87
-
SSDEEP
3072:jEGh0oYl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGWlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-14_1ec6548b8b88f9bc545688562bc29d9f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-14_1ec6548b8b88f9bc545688562bc29d9f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A28A59C7-EC21-4639-96F4-A77EB80F127B}.exeC:\Windows\{A28A59C7-EC21-4639-96F4-A77EB80F127B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1C3AB47D-7946-4ad6-A939-73D4EE67A2EC}.exeC:\Windows\{1C3AB47D-7946-4ad6-A939-73D4EE67A2EC}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E92FB87F-5AC9-4ad8-B2A2-C4E8B5CD60FD}.exeC:\Windows\{E92FB87F-5AC9-4ad8-B2A2-C4E8B5CD60FD}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4EA47F10-6292-40a9-A83E-A9E208BAD6D3}.exeC:\Windows\{4EA47F10-6292-40a9-A83E-A9E208BAD6D3}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9C3C6D0C-8DB2-4606-8A03-ED8449DB7664}.exeC:\Windows\{9C3C6D0C-8DB2-4606-8A03-ED8449DB7664}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{410CE88F-FB8A-42a5-B5A2-052565E50BA7}.exeC:\Windows\{410CE88F-FB8A-42a5-B5A2-052565E50BA7}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{876A1521-8E7C-4cbe-B06D-3A6EF2F857F8}.exeC:\Windows\{876A1521-8E7C-4cbe-B06D-3A6EF2F857F8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{02BB8FF4-F516-44c5-8936-2CDA4982ED7A}.exeC:\Windows\{02BB8FF4-F516-44c5-8936-2CDA4982ED7A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{762A8514-1CB6-49ca-9BF2-EF4386F1D3C5}.exeC:\Windows\{762A8514-1CB6-49ca-9BF2-EF4386F1D3C5}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8B076445-88DC-46c0-8492-5BC6DDA97D2D}.exeC:\Windows\{8B076445-88DC-46c0-8492-5BC6DDA97D2D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9BAC3B7F-4559-430e-B7F3-8E28C2C71F86}.exeC:\Windows\{9BAC3B7F-4559-430e-B7F3-8E28C2C71F86}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8B076~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{762A8~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{02BB8~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{876A1~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{410CE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9C3C6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4EA47~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E92FB~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C3AB~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A28A5~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD560b6b138caddc121c473a74e91d0dc04
SHA1e8883477a36aca79c9510e43042e83e59ca56f46
SHA2566bb008815a47c6be95222f29e703ba15b08a2e136bee1fb568bfc957f754c1d2
SHA5126b42bd664dfc179fb8da5a6bb8aa4bac4214d83b3d1fe02c917de778504aafb282cd10645b44e00a3d8e7ba6dd14019081a69ba7bd94c7aa1cfedf48280b607a
-
Filesize
197KB
MD55c5ebf01bce5c8fa4f51b0155380341f
SHA1376cf6afac3e7b16d342086ba1eb9dc7c156b61e
SHA2561acbd1ad003efe5cb56174a2425ad394ebdc2ac4ecd8d227086f8efa8efd59ba
SHA51284090353d6152eeaa8a38626bfdb53333079eb4b4745308473dd1bdd6abe0b6460963e209f823dee4432cbe9dc0bd01fa20c134e052dbc7dafef86653e808c3c
-
Filesize
197KB
MD54d5c30d1d0bb95e9c6c1923499c59ce7
SHA14deb08650a5246a3e0fdd66146978721e984223a
SHA25656836e4c0d7068e36e2eeab87db29ac0f8e280d3cbb37f2c4ed345c6f00b8b57
SHA5122edf4d28a4ffcf949545f6114c3b41df6089251d7fc063c5c537ac71094c95c7d0f2b36abc8428fd5725562490bd8a430c64d080a923deacb96785ccf3272980
-
Filesize
197KB
MD5e483a0b46a548383c1adbbfec25f078f
SHA1675cef982efcd2ba6b0ffc7bec44d5b1274bf182
SHA256da5a7b9754c27a71e0ab4e665814325bcbe7912b2378f2a4950b0c1ac375b9fb
SHA51252c0612abf9561c68b071cc096d19367461169d8ae60fa8dc1b359107b32ab7891361c770494dfcaf5d9a545a1ff7b3d3e5bd1a4bb635b22c92e02c40d6e00b2
-
Filesize
197KB
MD54660f299a4eacb3c631eecbe41150e05
SHA11dfeb67d2f79cc59aa7a255a76e85324142750f8
SHA256f15aaa35a50e31c7f1414bd495bda3b71784553d60c53797dca7884901b1321b
SHA5126f3969a22ff5031155e768c1d431cb416e07ae20008fa8bce2f6a5899c8431c342dfa96dabe8b3f03adf0504001136cc6ac0e46ec78aa60ea41687eab41fabf5
-
Filesize
197KB
MD5168ebff7f0410dd9140a80c35ee242a2
SHA170a76ddd1ca6940a38fb83ca494f0191623884e1
SHA256a34a3afd3465050c704b450614bde090d2e6dc25e0a0aa6821d1e406cb8f1179
SHA512065881137bffad868646f081435e335e1abdfe63bef1abe825530ce7206c2eb0ad6b56d8cb1fbd065df74aee39f930c6b2d2cc7195cfd4e9f3b45827dbd5a204
-
Filesize
197KB
MD52fcd83b0da6d5e61911e8af7b5bfd09d
SHA1ecaeb538cc30c4a462cfff3b2f69a19edfb3061b
SHA25671e7c3b4a710dfb217c4d52854c4fe0424cc4892bee535398f919ea606dac2f9
SHA51236230d09461c6c0eb985a1f01671f3497568f605506585aad7dd27d799d292a78f9520cfe6ac5e9c368433d127c4915b0e98735ac9873a289d0ba4591e6ab35b
-
Filesize
197KB
MD595e7a4f789ea21e657a68056d0dc13a4
SHA151d7d72797ff3e604cc03cb6965b6f88155452f0
SHA2563cfe621dc6647bbc539bf7fc543b48d52038f3f97fda5235284ead63b54448e8
SHA5126c442d92a52583d22f2c5401d993291c3f3bbc320189bfc23f1f6fb403c3dbb7fe3f9b4b1311fee26abb4173ee5651cb767993bf0ea3de65717732a361521d33
-
Filesize
197KB
MD5d9a09c95a2facb9c0bccf606e6dcda2e
SHA1790c9d750163b9c2ad3440a44cebbbe42495f6e5
SHA256b5d6b8174e52f3d0692a1509c1828c6718027d5d6d426831921ac061729fa200
SHA512dc9e87d54fb384034179040b7b53fbf01bce164bf60ae623ee9528c5b5704059961e9ade0f1b0c075cbc485d58c3c0ca636c93f48f3987eae505383e28d2d0cd
-
Filesize
197KB
MD58d54b07c7ed7be253bd1e360ac3d5529
SHA10aac2d6a28d3e6233fcfd8c86a158f37a1f725ab
SHA2564aaee1f31697ce203f1df7111d9006cb42a80fc6ae7d6411c94cca0db277bf7c
SHA512f3f9ab3a92461e519bce621f69a4c7603b4fb78947112abc76cb927dd59fb336da2a123ef1c9ee2156ae52a02b64f0a19bbb8c92ac180c5c1ea09c0aa2346bc4
-
Filesize
197KB
MD59279ccbacffa2131e1e23ac1a9bd6e53
SHA1dc48a770eec3a0c3127dcc5444c3e8098ebdcfb0
SHA2564580baf7f5289be25078831c2626e68c1c1d8335e18bfb856e01190425f374c6
SHA512c883f29b5a2551008f3cec5bb170f399bb6cdb700a3ff0213db0ab88493ad6dc20573bec3d470b2bf2cf9cd328b954b15ac4b12dc94ebac98622f5dec4acba39