Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-03-2024 00:50
General
-
Target
2024-03-15_b5184c7ba399d0405ade877be567720b_goldeneye.exe
-
Size
168KB
-
MD5
b5184c7ba399d0405ade877be567720b
-
SHA1
36021094763a6414bc93f9d3c812b14f9ba18d84
-
SHA256
0d9a78edf72938285785e9886912183afa6cf251878f7b6770e1baca85952a6d
-
SHA512
794df55331c228c03f768e19d61e0ca0d327adfea3ce04878ad792703c7dc7463b7de50ca352ba818bc829d4d3a39cefc7b3fc5476e70c9a7d3ba6f996a67999
-
SSDEEP
1536:1EGh0omlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0omlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-15_b5184c7ba399d0405ade877be567720b_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-15_b5184c7ba399d0405ade877be567720b_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3CF90E37-6AE0-4a9f-8E31-100F0D50C288}.exeC:\Windows\{3CF90E37-6AE0-4a9f-8E31-100F0D50C288}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6CFC266F-9ABA-48d9-9D79-31070EAC858D}.exeC:\Windows\{6CFC266F-9ABA-48d9-9D79-31070EAC858D}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C6F7C41A-4E89-432d-BD88-2F10D49C27B0}.exeC:\Windows\{C6F7C41A-4E89-432d-BD88-2F10D49C27B0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1FA91102-28BF-4e27-8D0E-26CE0E99FFF4}.exeC:\Windows\{1FA91102-28BF-4e27-8D0E-26CE0E99FFF4}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BCB1806B-07A0-4dcb-9F20-E15A205F7825}.exeC:\Windows\{BCB1806B-07A0-4dcb-9F20-E15A205F7825}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7DCA5272-3434-492f-82D0-2669D41B14D2}.exeC:\Windows\{7DCA5272-3434-492f-82D0-2669D41B14D2}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A316B39-C596-4533-8C3A-5CFE185F1B94}.exeC:\Windows\{0A316B39-C596-4533-8C3A-5CFE185F1B94}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CCD433AF-BCDD-4e6a-8958-2172D4D77533}.exeC:\Windows\{CCD433AF-BCDD-4e6a-8958-2172D4D77533}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C43F3703-6851-43ed-810D-15817876F754}.exeC:\Windows\{C43F3703-6851-43ed-810D-15817876F754}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6CFD1148-2967-48ea-A746-E57622379E82}.exeC:\Windows\{6CFD1148-2967-48ea-A746-E57622379E82}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{30DE4905-3429-4882-80B8-F828003F5E0D}.exeC:\Windows\{30DE4905-3429-4882-80B8-F828003F5E0D}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CFD1~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C43F3~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CCD43~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A316~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7DCA5~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BCB18~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1FA91~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6F7C~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CFC2~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3CF90~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5f155292e0cc001befeaa4311247dd1ad
SHA1666bb13a0a1150f7110bf2347c3d7f9bd38309fc
SHA256b14f146e03aba8d34faef53b0f06c8e4232f4f9f0cd5fa84ebb052d10de6b18a
SHA512b92b37c038135d1e6ba770260ce7650c51fb81ab1573b227a26506a1b72b5fb4f6c0b6aa8405e22d7c2ae6005803de02f8430b2d51d5e153667958a3e97d6493
-
Filesize
168KB
MD5d56a53495db5053542a33522e52b1f56
SHA147b8c1b8d3dc0290657fa92c3482c96b71ff0cd0
SHA256d05a352b0d672031b9e7be9c1a56524696402d64fdd6c0136689a9443a423935
SHA5122f3f987668945f45db98cdef1c72130d77f32157f29c2637f9a95ee194958b75a3604568b78952c94ca7bdeb16792d03a0d3befe24383dfa8e8b26550c4c4708
-
Filesize
168KB
MD539bd6b4e42a642fd1d98e05c17f03837
SHA14e124eee7f40ba77de44ff0b4ebb7e811d1639fc
SHA256d2f297fa93ad726b13249668d0ff1593b80e8cbadd9bd025ab304d832ae9d41a
SHA5128f5192f52bbd1067bfd5cfdb03d0384bdddaab795b47b1be9b5e1523db0942566702e732d1e15a6bc1c81409358b43cd88af09f4b7d0a6e48d5f2100ad9033dd
-
Filesize
168KB
MD5cc2a705f9fccf525ad46089f26f647e3
SHA1f35f0499fa1d2d5279a4d831799f0af6cef09f7a
SHA256c8e33e8f19d27e4f90b02426f57b11f7f13edcbae1e5310cf1261227410abc47
SHA512048687c00f738abfe6a99a09878e1d1a968b1867eeb97d7eac398ca11af3a69dc36dfcb0fd96ec8f3c4d0b5d7990826d367a1fd299c2f04f0574416ff0598eff
-
Filesize
168KB
MD53025f6b0a271ef00813fef7d43d8c3ac
SHA1454641b267dcd07ebcf6f8518b6eb7f9b86624fd
SHA256c6962b9a5491598126887ee18e53174906442c64f293038d66a3150e041e4901
SHA5124436814350d104d7ff4163903c408ea34a0094e79ff5365b65cb4aa70486a466bbc0a376d69eb20c247fbf38620ef0d258b70c0596e6807e52394c9365e2fba5
-
Filesize
168KB
MD5c78fc6e097db75c4ca223dfbac92b388
SHA12391bfce0c7007969f3f881a0fc5deee47295e65
SHA2563c5881509c706a80b130e0ff076d99e34a8af5ecd1779219b3bc7c55c4958030
SHA512d113b9d76e5b63ef0b01eb13431a95a9753f16d6b59263a20b82d3b2de2549f2bac61d88548c60ae9af7e7d07c977b8eaf8685c1770b93cd8600b4d285deb3ad
-
Filesize
168KB
MD574ca58a458646016c3e0d91372096754
SHA1f3f97e15172ba190cd2f61b2f1cd1e4c38271299
SHA256f5e9b2a7b7466ac234e5bc3438660e281430eba9604dbbe412cf2abc54e63a40
SHA51241b4ebf555285ef0301ba59a726a4c2dca2522d0c78df600114e1885e5d1b6dabe649979a3e6f10a38a74dbdb4da2a5ab974f7db3005739eb54b2e90fe325690
-
Filesize
168KB
MD5b524fedae4879486cf0602a74ae14481
SHA1e55813d6a0479832bddd63cdd051e36d79884f9a
SHA25643652a17436b94cfbfd093b88544d2236a7435e66ede55ade07bbfdcf3b81f61
SHA51254b54bf2a547b413f8a736ac2bb58ad5963429878914459f9144cb758233e3054b5bb7dcc1b5f136cd8bf2ba35bc99a510bd3aabf8e6f58441c32d05e4e57822
-
Filesize
168KB
MD58ac09370061676f40c09df47d4c45bd8
SHA1c28acba11e12080f204c3cd921f3fc5eb1eb92d6
SHA2569d26076c2111ecdfef1f1c36d57440dcaa0aa232a08fed0ae8af64bb33730811
SHA512526326914f9cd46e42d047e0d39c43d2e49a3a2a0c6b023a1899e3791a4dece927a0929cc93c6bbafc70b12ee1c60af967815f5a7278200c5d05ea7e0a2d890c
-
Filesize
168KB
MD59353faccb6e6323aee2c0655eaa67c48
SHA1fbf83767b6cbeec699f2af276ecb34e5914337bb
SHA256f9815123cb116f25d9eeeab7baf465a1e4c4e333a1ce9c6fe5f903fcffca54dc
SHA512f0e7b2a2b1d1531f6c67001c3a4d264a11856e3ed21638490287d5612053930cf394caec01241fe15441839108b1a714d904d92f23927ccde76e1c7cd081bae7
-
Filesize
168KB
MD5f68a996be00a292c3c9d7987b4beaab5
SHA16aa64451ba99be3159ea2d74141cf36b7d3fe7ba
SHA256485e84bb1ba2f4f58cf66dc9e4a974f7df74db6ca12b36ecfba48edbf88b1688
SHA51210226e43b1c47a5492c47981855d7cce2030bd98b226574e6a40c4a3ceebd1ef0da0bbd42528e29e7435da387bf4148a8a9f62de4be3096c560ac45b1ff3b876