Analysis
-
max time kernel
144s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/03/2024, 04:44
General
-
Target
2024-03-16_6c1a6ed33785a1700d85fa0f682e6f36_goldeneye.exe
-
Size
216KB
-
MD5
6c1a6ed33785a1700d85fa0f682e6f36
-
SHA1
e5ac21c4c10e2f6486f666f6f63cb3503d9f2e77
-
SHA256
228ecdbf8f8b327f6b27cf8dba3b1a2d580438cd205550417bfbb3dc6a9d53f4
-
SHA512
8c8094cd37d194e69fcad58121f6055b7d2884e2449bc19ad82a9cdf7200871690f4f4e3c9cfc253e5bb4a2defc6c03543efe7adc6c0c4e80f8ba9523aa65344
-
SSDEEP
3072:jEGh0ofl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGNlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-16_6c1a6ed33785a1700d85fa0f682e6f36_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-16_6c1a6ed33785a1700d85fa0f682e6f36_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0180B349-01FD-41f3-9D87-236946B5F465}.exeC:\Windows\{0180B349-01FD-41f3-9D87-236946B5F465}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9CB87582-B08A-4b77-A132-50743E248B66}.exeC:\Windows\{9CB87582-B08A-4b77-A132-50743E248B66}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{27A05022-EA2E-4264-BD80-ED9316196782}.exeC:\Windows\{27A05022-EA2E-4264-BD80-ED9316196782}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C7E4FF97-9FC0-4f6a-BF1F-62B3B88E929F}.exeC:\Windows\{C7E4FF97-9FC0-4f6a-BF1F-62B3B88E929F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EB4FCF26-A990-4b8e-B486-7D2A144B71E2}.exeC:\Windows\{EB4FCF26-A990-4b8e-B486-7D2A144B71E2}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1CC21B32-1F1A-428e-8D6A-80E070640086}.exeC:\Windows\{1CC21B32-1F1A-428e-8D6A-80E070640086}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{79B68CA1-8A93-40a0-B3A8-793CD28E084F}.exeC:\Windows\{79B68CA1-8A93-40a0-B3A8-793CD28E084F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9AD74584-196B-469a-B4DB-31728AD355B8}.exeC:\Windows\{9AD74584-196B-469a-B4DB-31728AD355B8}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{AE6F6C16-15A7-4721-8916-199FD815D4A9}.exeC:\Windows\{AE6F6C16-15A7-4721-8916-199FD815D4A9}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DE84E261-CC22-4c84-A6CC-149E607DABBB}.exeC:\Windows\{DE84E261-CC22-4c84-A6CC-149E607DABBB}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A4A4574C-1179-44a0-8244-D50E44B81407}.exeC:\Windows\{A4A4574C-1179-44a0-8244-D50E44B81407}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DE84E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AE6F6~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9AD74~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79B68~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1CC21~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EB4FC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7E4F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{27A05~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9CB87~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0180B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5d5a894fc541faf4bec12583204042114
SHA1a219744c5943cfe70d6c2db1e3208e38df34b90f
SHA256f8159b4a4b6469b45b36cb78322cfed7b2c5ff1281abaf21fd3b6c5aa74b8995
SHA512dfa47d034361f6e8143dbbc6d11d400b20db6b98d51162e401b4e1c5e6cf57ea9c19245e4984e2aac83d427c1f6c9cf0011b3a2cdcb57dc2cac33f6c1ddee939
-
Filesize
216KB
MD53ab20fee9982b8eb1e67172204c49a71
SHA1f2f5cda4683f37674e2f770e64c33afda6dd9709
SHA25695130a1c1d0d130d65dd39ae3f539d49df08bb6e3222b65b2bff6ece6d0e5bea
SHA51254fbcf6dc34aea53978128bafcc3a04f63c48735426fe7fc7501e34e570c8a57c1954d58cc7b2a9bb623c07675ae05a8c60e6cb40c5626f2d3302fa43382c3b7
-
Filesize
216KB
MD59bd97cdac10cbe183f684e355c7c94e5
SHA1925a28577e01c1dd155ed5156be8240fb871f958
SHA256a6f54757f5abced4d126830313fbcee50899c14b7c73f625ef7fcb10413096f5
SHA512dbdd236a3628aec322c423fa0933ee22f69e4672c88d41a04db1a9f249d76557fd1151a50ee7f56ed0551f6bf62ee533d6108e053b92cb4c3ed34c48e6fb91d8
-
Filesize
216KB
MD53fa6a6b6d1f69f9d122951e58e01f10a
SHA1d7fa9f88e1568c02f56c50f632a3232f84625923
SHA25619c44d06408d823d00eefbfa6234fcdf9517501a1f5028c7e2d0b3ede4a8fb9b
SHA512c70daa7ee89ea4225657c9d6b2b53dfccbbddf1f4c389b761ae181b6c332d48edd1bfd310eb63a9c69ff1472091d3ae543f74e8640cdb17940e80fe85ef1298f
-
Filesize
216KB
MD5b20cffed634a5abbedb839f977f75e37
SHA1f9d2a4f3289e6339c8c4bc6b0087c5de646133a5
SHA256b9cd24560791f4c0c31e944fca1213fe2d96f6d6cecb045a50e57bb25ec5f35b
SHA512b31d8ccb55d02237229947b684144149472c4930f232a915e8c94e12de2cc39c045d7ccc224aeab0b728144653cdc966e21595e21369eab4660485d6a850bd66
-
Filesize
216KB
MD5164338bf8b63bd915d0db1d08d1df4b6
SHA1af6ac981d526f328bb289cc6be0b0a47b0dcad40
SHA25684212cc42cb4bbad69c6f595cbbaf29e1836ec81580c211469beed167aced6f1
SHA51214e2afa0cbbcc37a46cf939204683bfeba78b23df1e8c1666b4dbca4cb49c25a0fb497fa2c15ebc48963fe0197302e12adad09af467ac59b49a66a536133d301
-
Filesize
216KB
MD5511f392315e2da54112561abbeb50304
SHA1e3e81c1d40f1d624068433cce7f164ca03dd7116
SHA25612a35ec7fb617332d37a808c2d3b74be17728f4d5252045fc9e6da16cd3b93a9
SHA5123baef9d97bc6fa9c560f8c7f1b3fe50090b47e04c816c129025c26b7677c7812d9d65ec5ba42469b473a7cd5e1c6e09c667574f4394de66cffe545f455a1f7db
-
Filesize
216KB
MD57fee2fe7a39cb81baa872d366138ba56
SHA13e95c40b03a96b39a7a141c48359bec5ecbb2dd9
SHA256baefbcd1106937ad32b6b2797c4687c849098a6f54f9d07a64e12872cc1b9ec9
SHA512fd08a34296bf1dc16a613f24e7606ecd68c119ca28fdf3f466f72aa52c37cf6e905111fe4c244ce209f50c7b4c3a92e685683a8ffdf82408b17945c0c83456c6
-
Filesize
216KB
MD586c27b504dacbf095a5bfaa4cf397856
SHA14b388b0501d6ad089486d70c935a5b9cad67acb5
SHA256c4b5afff8ddceb77cb7dff677ee01b88507955b0abdec320a5459ef04c25e36a
SHA512ea2e8e731e2f24382f5683b9efc15a3711b51c332d05dbc16dd9c18fc1522b8b3f3192ce8fe2064c99925bc7032f8929c884096e2d2b7bce090b87cd17f3e2f4
-
Filesize
216KB
MD534801641f9a02cf5350af0bfdfa3759c
SHA110e87e3af26b5351aa9936daa3b39290d38d0302
SHA2562a175738347b92ae8aa8de3c37a88b609eec8de1ae06e377b85c1052eee72a26
SHA512a69c970c1b2e06b90de073c57c005a58d3a4a2becee93deb84912abf8147de71b2153e83aac9e6d4497a6f015201f807fac4632ae2aa40cfdd5f05c2fc531750
-
Filesize
216KB
MD54571f35dc304a24cb65e42ec7725561b
SHA1dff54e0115642a71bb1eb5e7fcab3f70b525ae73
SHA2560c5dd50dcec03eda940feb06cf392ef2aedbac41779d1ca4eb6b73d9486dc648
SHA512f014a3436ce887597216fb0acc13edf0e4a9bda00ff40baa2cc9d52dac0dadb4349259e8ab00febf114477775c29ab8a8b12113a75dd076ef2d8f015f3ec257f