Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
26-03-2024 07:40
General
-
Target
2024-03-26_c493b2d66a57cf630acc524ef58504e7_goldeneye.exe
-
Size
408KB
-
MD5
c493b2d66a57cf630acc524ef58504e7
-
SHA1
2da5a23222d989e9e77fd3efa8a564824376455d
-
SHA256
073a8465df039c957a56d768259b65fe584c9308b22b4105ae8950cf3c99f8b0
-
SHA512
a2218aa2890789bf1c6c9dff138a33ce1665a224185005e8d0b2c89d0cb6406aec543ff2fdea4e3c55d9953937022df6f40f07f4fe4588867e1f30b7d346bff5
-
SSDEEP
3072:CEGh0otl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGjldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_c493b2d66a57cf630acc524ef58504e7_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_c493b2d66a57cf630acc524ef58504e7_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E4894619-3971-4089-A466-E830F9BAC08D}.exeC:\Windows\{E4894619-3971-4089-A466-E830F9BAC08D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8311D298-E30E-4477-B9B0-2898833739CE}.exeC:\Windows\{8311D298-E30E-4477-B9B0-2898833739CE}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4A795F85-7332-4637-8881-9C0538C2BA21}.exeC:\Windows\{4A795F85-7332-4637-8881-9C0538C2BA21}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{456D94E2-A823-4fe8-9392-645A6C409E2B}.exeC:\Windows\{456D94E2-A823-4fe8-9392-645A6C409E2B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{204EA88B-78D5-47de-8044-55807B7B3C8F}.exeC:\Windows\{204EA88B-78D5-47de-8044-55807B7B3C8F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7296BD34-FC01-4fed-B325-4F2291F391F3}.exeC:\Windows\{7296BD34-FC01-4fed-B325-4F2291F391F3}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5A6BE80C-467F-406c-A48B-A58EE18446DA}.exeC:\Windows\{5A6BE80C-467F-406c-A48B-A58EE18446DA}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{893405C6-2DEE-49f0-A512-FFC803E9662A}.exeC:\Windows\{893405C6-2DEE-49f0-A512-FFC803E9662A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{893FD5CC-852C-4a26-9612-2823EA628C1D}.exeC:\Windows\{893FD5CC-852C-4a26-9612-2823EA628C1D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{44CA0325-92BE-45b9-AB92-0FE777B9528E}.exeC:\Windows\{44CA0325-92BE-45b9-AB92-0FE777B9528E}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{10AB045E-4CF3-457c-905D-9847A8E2841D}.exeC:\Windows\{10AB045E-4CF3-457c-905D-9847A8E2841D}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{44CA0~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{893FD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{89340~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5A6BE~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7296B~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{204EA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{456D9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4A795~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8311D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E4894~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD558be7ca6ae93c583205166ad50c1a798
SHA1bf26c811762501e581d923fbe7c9d068e66df4d0
SHA25659225c756297e701922a401d66a1a9096c06d0f23c7f89094c2a0a78d9c5c29f
SHA512212e40bb45c12b6dd3c23c96b4617ae72cb1dc07584a6cfbe9fcdfdfed6c45151dce826c54ad0fc1e02b0461e2fa4b6860e0f936e4b1fb24e2f7553681e569aa
-
Filesize
408KB
MD592987e9bd94a01d15d22225b9295854c
SHA1e538fd2d3a104abe3efb5770661ee99f3b55ab85
SHA256ec235cf240579fc894618ec0911325588a1b07745f5c64f4ccf9272de8fb21ba
SHA512aae0e1aa7b07688af616bb3253e924ec7b71c260ac3f9b8bd79491cfd01c8dfcf42ba555d3c46f29b670ba67323455f30aae2fcf45c31f6647504c9bd67957e0
-
Filesize
408KB
MD53ae9eb0da79f95f211e6e7106779498b
SHA1968ee869a45251070a27069115f7b048d81b5938
SHA256e39ff00708e75cb00ba2ed36aea41b98fa3a37449eea73eb5f4e9fb7a2822243
SHA5129424b9d6670859e1587b9428b640a500fa046132d5ce7e0c58e91435d819d8e5f21903cb885128ecf636a75fa2a64baa29ebee4902d5b9b3a2317d4e9b85226e
-
Filesize
408KB
MD5d0cd30324881ae36286fc2d42ed8fbee
SHA12ed6ac558150f873b11d53f287776e1f99b7e935
SHA256fb003eb0dc573425082f22dfde63c38a54da7f33a1922e6d4de16f5751386e37
SHA51265217c29d1eeb04e70bf27e2d46d65af4b01d0f494ef6f330103638aed46d3925ff29ac039fd886d70ec70289200bb2546db3a8a24841c685c8b583a0114ca29
-
Filesize
408KB
MD5ffd05fa744e766bd477ca0d21add5d10
SHA1b4c2374959537fc20c66d261d2312ca5e0b85bb2
SHA256a771e28c1116d594548b762daedbcadfc9eb1414280c082132dce8114447cc1d
SHA51274a4591eb76bb31a699b0699be96d49335ef80c19e2493c296f20152c4e429b07b048fd96de290e93e09840414d9db79963c87df5ecdc29dbcda2393e57b648a
-
Filesize
408KB
MD570036be22ace60653b5e7bd108ce0d7c
SHA13aa95083547e0c502b4663acde872b905a19dc05
SHA25629ee3e5c1f58b310f905f14d8005d9de8899bf69c89d35cbeaf840a14cbe7f0c
SHA5122c5aa89ec72754da3a00a0e4c97035c112285f6da1452e3bfa5527abc0843e3fb03e17e3c9566924b58b35ee31d7e850d864cefe22aad50f9c6af96f7b9de2eb
-
Filesize
408KB
MD5b78a2d1a566c1d8eb0558a5d46e25b23
SHA19bebd6a29e5673bf2160fe89233236e0ecf73fde
SHA256a47a147d9c45846b6f3fd3dac4bde936f5d9b1f4ebad2b891fcb2e1076d2a9f1
SHA5123e17c7e9599157d569e77cf7a48aabc7f90d731330243f07e3b196a6e1ee1f9b1d74100a6a5847c2127f4ce2e4fc2c8cb6829d9b6efbf61c63ef5f45ec92b572
-
Filesize
408KB
MD5247540af846156c57317303086e6fb0c
SHA19aa8ec29b20032980f9693c86300ae36f468ee27
SHA2568b77f0f41c2faeebda681afda7dfab117fe96b254194543f11ca31576775cca4
SHA512520452b3906484e64a5bed0b195447bbba4865d326bbe7dd240f77a03155a3cecdd0710fa50c313443befd33f1575cdb59383b545511438b582ef970fa5d32f6
-
Filesize
408KB
MD5b8816270ecf5b8d41d049ca3c3634de1
SHA173d5b9e0fcfc3583f86a98eb99201c8b1af4e440
SHA256231d5d807b94f0f34c8f9d51c73d090d165e90701e16ddba6e7194391ae352a9
SHA512a8538825a05a9b2d5b972130f954bb4c3ea832f547b4539593c26de5a795948a9a76b3ce4ae0bdbfb14b64c2b63a6437540092d942285d896c7e03a3cb82f4b3
-
Filesize
408KB
MD50418d64374143cbb1f75c6e74a25030a
SHA1bb3cbc78ef47c79c7cbcd3f8b66ebbab597ea3e0
SHA256ab969735d2e85884d7baf7b450067ad1d96983afd17b3e1ce5db5d58f7bb134a
SHA5128c913ea03bc4f8c6056587989ec30973eb28741bb27c841f0d631428f60cf0bfeb289367dfa3eed0007a0adde0bb68146a8d724cbf1df88163ffce73900bbd23
-
Filesize
408KB
MD50f4c00af7c6fab3f9dfd8efe3a25f7bb
SHA160610d167cf397fbdd09614b4c0b1feefa6f3b60
SHA2569f6c334be0e64def0fb182c96f603831ee471f827d485594edda87fe58c60538
SHA51249e9d763b2b5fd32fa85cd65ed2e7bffbd2643be68dc5b03a8c0976b755fa55793f9775579ac5e33157b61b3f235a79e1f6a9c74a58107ba9ec31ce408a8e679