Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
29/03/2024, 03:23
General
-
Target
2024-03-29_a5a2640dfcae1ba217461f199538a8ba_goldeneye.exe
-
Size
216KB
-
MD5
a5a2640dfcae1ba217461f199538a8ba
-
SHA1
140a8505969909418609a99873d04eb682d5b618
-
SHA256
838dc351e86cbe4b2bd3746b533ce6f20d5273462c8921b55d091206d7e321eb
-
SHA512
1cf8d20803b54ad75d17fbcf9ba4bffce408b639bf22240629c5ff1b706a24d636e90776dd947da0dd8eee71039f5408c1fe89ac33146f19f7465a612948edfd
-
SSDEEP
3072:jEGh0oVl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGTlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_a5a2640dfcae1ba217461f199538a8ba_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_a5a2640dfcae1ba217461f199538a8ba_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E28C12E9-5AF4-458e-B87D-B423918D6CE4}.exeC:\Windows\{E28C12E9-5AF4-458e-B87D-B423918D6CE4}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7A57FAA8-E695-460f-99CD-490246A253C8}.exeC:\Windows\{7A57FAA8-E695-460f-99CD-490246A253C8}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{150061A0-C2BD-4b67-AD07-AE88810CBF89}.exeC:\Windows\{150061A0-C2BD-4b67-AD07-AE88810CBF89}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59124100-DACC-4702-B26B-FCC76859669B}.exeC:\Windows\{59124100-DACC-4702-B26B-FCC76859669B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8272C50C-5282-4903-98AB-160491740ED5}.exeC:\Windows\{8272C50C-5282-4903-98AB-160491740ED5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ECF6167E-4DBA-494a-A418-65E3D26CF616}.exeC:\Windows\{ECF6167E-4DBA-494a-A418-65E3D26CF616}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AE2D656C-C845-4f96-8BD9-F0A26844092B}.exeC:\Windows\{AE2D656C-C845-4f96-8BD9-F0A26844092B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9D28641A-4EB4-47ca-9699-7EF2389B8DB1}.exeC:\Windows\{9D28641A-4EB4-47ca-9699-7EF2389B8DB1}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{159F9736-ED9E-4ac8-B452-3C946EB29C94}.exeC:\Windows\{159F9736-ED9E-4ac8-B452-3C946EB29C94}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{786A8765-57FF-4762-A864-F8B8F7063953}.exeC:\Windows\{786A8765-57FF-4762-A864-F8B8F7063953}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E1F30DDA-1151-4948-9752-A21885D67EBE}.exeC:\Windows\{E1F30DDA-1151-4948-9752-A21885D67EBE}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{786A8~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{159F9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D286~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AE2D6~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ECF61~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8272C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59124~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{15006~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7A57F~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E28C1~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5f9bde56d2a3e9ad3f17844954eccd71c
SHA1fc69011944ac0d10f53d8c43b53fbb33b5ba2c05
SHA25613fd5b9189d3d40e3d12bd2013c40fd85f092d2688ce7ccaa95fd00323b23baa
SHA51275a57ce8cb1826378a4725da5de8e9da91652c990e4c1650508ed450255e8901ac4cfc245ae4ba4a79a84d6c56ce8f1cb9f5f3b6acbddb5c0d49577459682248
-
Filesize
216KB
MD53951383cbc6efeb99dbe3203f8c57296
SHA156d4a2f3e9c6fb8ad0d09a8e04ad086bd25df325
SHA2565c04392e70532711ab843b5b9a0adfb419eb39152a1a712f1e4f4b60d8b85e75
SHA512687e7dfcbc3574234e37763243acd66516bdda27416435afc080d9e4d38c928c35cedef3faa156086a9d18a2e94546089c6f50b75138b11fa05362eb3dcf91be
-
Filesize
216KB
MD55b6adf7b9ecdaaf7bc4ec08846b253b3
SHA178b8a988e7d037c4ec26d3b31db8c58b11c66f8e
SHA256a7861ecfb8c0b2876c92ed20dc2b1ed31dd65f45b42c2b0d4325dd902d87dba0
SHA512b8a6311a75a720f3c91ba82f1fb0b0f104fef5ff8634bda3dc1900a7befa56ead9d69678feac35fb0cbb15a83cff469969d33f89d340b1b79f390338f6e6786e
-
Filesize
216KB
MD57bd1eb13c7239efb8a17b8580b262d75
SHA110065857d4525d65d53ba4572a54b0b1f0e2e241
SHA25631fec82c04081fcc0dffaa14c3e6a4b4d2ba86081696e8f0ce3e2c2514b6b841
SHA512e113a9be47beb2c44f76f854610bba6fa9ebd7df286b89baea8ec76536a66162386dcd97dc84b905f59c9e98ef52538413a0fd96f4d1a1e3855140c4b1b991b4
-
Filesize
216KB
MD55bd5f1e9d324678f38629c4bb747bb66
SHA1eaa594784e1d26303a42c7b2b363ba56d063f2ff
SHA256688f481cba12df3cfdcdb71080b3e0ba83285506f98b655be0ea42a7a39928e8
SHA5124c9378f1780ef40cad70e4ec6a645e3de66ffc6c5a5d8a7a9621279f64dc51a51621924bc883ee7d1b7d33cb1be84b8bc29390ffe2792861b34546508b3acfb3
-
Filesize
216KB
MD53fa185270564d5a679b1feec417a1e2f
SHA1abb21c1f9fb0e034af2d265a3fdb28e03b848000
SHA2565e99760cfd924b6a5c8cef49f65711f44dc379bbe2cea2f7f40f11b2b71d8d60
SHA5129caca8b5783625586f166a8f53fe61430a753f8a50423c80f7f4fe590a0d508f1f1277eae0bd5c740f2728fe13ac5f802dba3c6ed03aba9ed882a42dbf1743c2
-
Filesize
216KB
MD55b7d14d03c892efef0c11d69c2e51ebc
SHA1d2d3a453bb35a5fbbed1d4a6fa4f3f96b9ba3903
SHA2564e61b86f8c008243c72bd5419de8a217599e324bd0091ea5c46d8541a1ce6021
SHA512be2e85590ca38761ac2d85e5a3398228671934236ce1cbae08ba546c720f8fa95acab56519ae0c575425b971cf24d4e789ff293a66de587072f3e20481e0475e
-
Filesize
216KB
MD57b27b160209621f876b33ba6b0c6f072
SHA1dfebdcbe37620f3a07cd406bef95a965c7491729
SHA2563626ae57450768795e451399c0b1001892f9007a9843c8e6237b2861b830115b
SHA512413b1cfff929dbf922c7925e9fe7cabf32d729bf91648c845e3915139f39bb5ba63afc485133ca1a9fad1323c1fd8c0f33e08855a52e9e6697cfcb94a4c618d5
-
Filesize
216KB
MD53693cb6e3987516cc7d3f5a2fc476286
SHA195842509354327f65d22d3da6aee705b7c7f0608
SHA256ce3ec4c88a75a9547f5a946abbb17ee0d8ebcfcf826c9da2d05aaa59b47c7cf4
SHA512057c388b805a0ba69b67d185a8c3223ee5b7c5fe7be4a43bc8e521428295ff7d39745c27f3d99b17be09bbfeea0c145336079f3cfeeee2b90f74f43245c7787f
-
Filesize
216KB
MD55999c5811d0a0be591139abdd061a0c4
SHA11559acc28fcc4fbf31af860a9c90b7a0b70e4478
SHA2567196080fdf382abdf24db1e7fc8183a5a8760a8d6c3913d427ce2df9debfd83a
SHA512b46dd52605afe09087f72902711f4dbcc4273515b51620b874d39eaa0fcf7139aa2194e736cfa6da47d7c03804739e9e6461aa00064e514f899d0cfe25cdd766
-
Filesize
216KB
MD5e50aab3618597110cd7b44d39f2f4056
SHA1116443599381ad256de55694519f3615c2920b9f
SHA25639851e260ce3e7f2af8854d050760c0221a4cb227d482e17a3dc2a18623a6eb2
SHA51298701b26eaf50f7b2e76e350cf53cb54bb9ece10fa40a8261d08e9248a5b98ee898c720cfe937d24fdb2b559fd2f31f1cc6f61b0655239b3d07603593b6c5f5c