Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26-03-2024 19:51
General
-
Target
2024-03-26_6f9f5e208dfe22443b65c767fb43d0d3_goldeneye.exe
-
Size
372KB
-
MD5
6f9f5e208dfe22443b65c767fb43d0d3
-
SHA1
c7ea8004cf48461d7c44be775776c4bd0c720a56
-
SHA256
aebf5805369fca9f8dd91f47ccd00c44fe8a27aa853acf4fefd5ec3304bfbbdb
-
SHA512
78e0032cb78789000a9642a8215218a3a50cce62baa92c5b1d03b142c9a5609336ff3e2b47395e496f47747cc3c16ab73f91913c1baeeff92b927aa1465b3412
-
SSDEEP
3072:CEGh0oclMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGmlkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_6f9f5e208dfe22443b65c767fb43d0d3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_6f9f5e208dfe22443b65c767fb43d0d3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D6E14E97-B098-4ceb-8407-D545408BCC73}.exeC:\Windows\{D6E14E97-B098-4ceb-8407-D545408BCC73}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{014ABC1E-BFB2-4efb-9E7D-AA9D7696AA20}.exeC:\Windows\{014ABC1E-BFB2-4efb-9E7D-AA9D7696AA20}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E8B01324-221B-4a6b-9C2F-AB72CB560ACA}.exeC:\Windows\{E8B01324-221B-4a6b-9C2F-AB72CB560ACA}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BC067ECE-F912-411b-810E-23700D05461F}.exeC:\Windows\{BC067ECE-F912-411b-810E-23700D05461F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{61BCA525-26AE-4153-A378-AD60EB39208F}.exeC:\Windows\{61BCA525-26AE-4153-A378-AD60EB39208F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F3068869-9810-4f49-8140-F452C979C0C8}.exeC:\Windows\{F3068869-9810-4f49-8140-F452C979C0C8}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8A69A1BB-80A4-4dc3-81DA-86DCDE667249}.exeC:\Windows\{8A69A1BB-80A4-4dc3-81DA-86DCDE667249}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BC0BADB4-8123-48c9-ABCD-A259CA29AA3F}.exeC:\Windows\{BC0BADB4-8123-48c9-ABCD-A259CA29AA3F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{88B4C9E5-E234-459c-90D0-76CCC90B7432}.exeC:\Windows\{88B4C9E5-E234-459c-90D0-76CCC90B7432}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F6215179-98FD-49d2-B90D-0EA3783140DE}.exeC:\Windows\{F6215179-98FD-49d2-B90D-0EA3783140DE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5BAA8CD7-E3FB-44f0-8386-F8D069361CCA}.exeC:\Windows\{5BAA8CD7-E3FB-44f0-8386-F8D069361CCA}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F6215~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{88B4C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC0BA~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8A69A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F3068~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{61BCA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC067~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E8B01~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{014AB~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6E14~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD51fd8f940084e116c80a8db29130f92e5
SHA10f706b5b0fbb5dfafb24c488e0265dfbb7a28b44
SHA256a895890edbba02486b1e5771ceeaf2dcbcb2b17b355f9125acc12b0741ddc7a3
SHA512c87839746fb916708451054e6941aba1980d7e4d55fde4eefda30efc1b39291005d0d15852286bf779de3c8a743db4f8851b469e8413b1ed00d9a7a92c747de0
-
Filesize
372KB
MD55b92923b065b3cdfce094c27ecccc285
SHA17003b142dcbaef2eb628a9c99dee9d282765c885
SHA256599eb1dc51bbba1b8d7e66a59393ce5934b1c07a33290cdf0b6c1c800621934f
SHA512b2b11273ea831e25366a6d8539ff3873ca655e74f909b9397657982412d147d10c257103b0f030fc049c862aba710752590167cc478c9d9c9af836435802e569
-
Filesize
372KB
MD509fe5a9bb152ef0545954237cfb4bc9a
SHA1da2b7ceaf82e400df9cf4f5daeff8dcd0a19af88
SHA256272aa0db9036f480f1898c969283dd9f11e820c69ef084411df20bb84e57560c
SHA51280b64636771fcefcfe8549afe4660265ff9f5e6ccee9dde6a32bdf883779009dbda6f54d0cd3ca8d6dac60b3a9293b2ebe874b9b2d772bbbc0c9aa70b225e393
-
Filesize
372KB
MD5968876da1feef493c4a077049c26e28a
SHA12417add94c9ecc28c4a8497f82ef54438d5a67cc
SHA2562fedda1ccc8d6085dc5fda6f1412b278c9a1b05619464c85880889f9965c36bd
SHA512cc05f7e81cd2dd18f945804ae81b3f569105c30646ed5cc2051d3c792eda32b77e177723eef4498d5991965df17ae6b68d2c8dbe24ceea99f000725efdd0e137
-
Filesize
372KB
MD5bbc94bf9c5f308cfdbbe0f82876a977a
SHA169c066a5cac58055eb00c574c77b8966a5740294
SHA25647fdacf54160c17f81dab948d8e00eba077b468ab69a3d120019d7474927ad12
SHA512587806a7157b27ecf64146ef5b9b15ef14be92bcf54a9d207018c89d7cc97954072f4909763eda5261beaccf832df18debf9265e96c08d35e88e0a6904c57a87
-
Filesize
372KB
MD5f57f3b943c86d4a68ab988d0c9b83718
SHA1c0220f2326ab758f0716b67442d1888818a84ec8
SHA2560a325f343c6dc4f92cb5afe487bbab82d32dab19c7c17ef9014a21fb5bada872
SHA512e60f1cc36377ad123858b45e5de9a803ab3e53fbfac998cce53e2b7f51062e0d5509754dfe5815ce2919bfaacdea04756c9e6cec7c40adf94021c63040391e23
-
Filesize
372KB
MD56f6ca2bedc969e32747790eeefd81511
SHA1ab65bdea007b18052ec33429705e6e1245f7fd36
SHA256a0ea44f14b230f0ff8063d3a80eea3e4de28c29e7bffa0f67b03294cca248e41
SHA51225ea683abcaf658291b9c9c22c9ab491728a98ce0f23d6db9315efeff08de0c59f782b0fe2f4b4acdaeaaca74348e76001d6b99ca31e381d08cc64627b79ce12
-
Filesize
372KB
MD59b7f28f3fb04cdfe5cc91b6abccbb62f
SHA13ac72c7ee4158ff6523cd54dcc9ae27ae6704144
SHA25677b284274248671632d2b8c727189aa26a363710b01e9a3cf637ff57d412412a
SHA512fc5ce4dca5caf68a6a48d7b50f06036766384593d89301aaab4151b525565480c7e5aca618974ebfb79276041d677e9ce0d7fa98c5cdce86f672ca220fc67c4f
-
Filesize
372KB
MD5392bb4f44291b754cbc1e41e9197bca7
SHA178353adf8a1de88eca66554fbf92506bbde48112
SHA25646f446b1bf205b391f219d5bfc7c7e721ec1426f661392c7d56412edee326849
SHA5124ebd70a8132d447785e96444ac0f46b1449b153cd31eb928aaec2ba2baac02dc32657c504c46c1ddcf951c88c46f42007838c3922e7f134137443e30ed208b18
-
Filesize
372KB
MD50a1d47c532b7a6e1974ba4e5c72f8f50
SHA1095799748d9e5526f1198887fc78881f59f2afcc
SHA25658e9ce444b6db0d5c062577f425ed06d6b6b8ac2c83ea92eb9d5995207ca92f7
SHA512f246d19612c078aaf0734abfe360a4b7b7551ca1c60390bc532cd1def2bbd1bcf6762c6533cef2655ba3d4b223d31fbc91663cb1895f4fa28473e25119704ccb
-
Filesize
231KB
MD5f6180b7c5fd33dc33f843b4716236279
SHA1337d5f2f9b816ac23c7e120ffdc5fb847d219c38
SHA256ff2324f39a26805a6dc9c4c5b15ac8006ad5b2218747abbe6707c9d46234a425
SHA5128a3b3537bd7f919e779adaa4c66fc3aa0c0f4ad110faabdd0564de43a8474e77f13d6bb4c33b095ba597fd820154a5de2916b4befaf9da14b247c5acdd2cfc66
-
Filesize
372KB
MD536034daf82218f5091c7525455f1de81
SHA18e596c9fcaa70cb02c36be9371221b2419e234b3
SHA256318b4529547f689435c28ce314496c0e8b6a638e4927939743933050e85cef3e
SHA5124796bff252564ceeafe6b8666e648d2ed5adc7b7ac6995690c78e6b31dee07d7483526cd7bc4f2833912d6597e5c7b142a6b055445ace28a75aba314f1fa4afd