Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-03-2024 11:44
General
-
Target
2024-03-29_7e3f6179f25cd650baaf5e291ec9fcfc_goldeneye.exe
-
Size
216KB
-
MD5
7e3f6179f25cd650baaf5e291ec9fcfc
-
SHA1
e0f367cca860e96d525a9a4321496b50eac70a03
-
SHA256
5b4da516600e2177af80cb0efca3f000d5ff9f14c394f3e7fa503249260f476e
-
SHA512
c71499bf3509e161134db9b682442a3700158239f1d1a597c26f423d687177e539dfb92f33f49f13a07ff0223035769fd041ba044bb1779b832e824cc2e5548e
-
SSDEEP
3072:jEGh0o9l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGvlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_7e3f6179f25cd650baaf5e291ec9fcfc_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_7e3f6179f25cd650baaf5e291ec9fcfc_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E4B96C76-722B-4f9c-8ED3-D770614A9E83}.exeC:\Windows\{E4B96C76-722B-4f9c-8ED3-D770614A9E83}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{32C5266D-359C-4123-ACA6-CF47F12E08DF}.exeC:\Windows\{32C5266D-359C-4123-ACA6-CF47F12E08DF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FEC23B99-4B0E-4639-B4C3-65279952A739}.exeC:\Windows\{FEC23B99-4B0E-4639-B4C3-65279952A739}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EF28F245-0202-4f51-BDD5-70D93AE48CFD}.exeC:\Windows\{EF28F245-0202-4f51-BDD5-70D93AE48CFD}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{47FEB9E4-290F-4240-B837-FEB2AE2C5481}.exeC:\Windows\{47FEB9E4-290F-4240-B837-FEB2AE2C5481}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{85B460BA-C289-450f-87EA-01E5BE35BD90}.exeC:\Windows\{85B460BA-C289-450f-87EA-01E5BE35BD90}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{25390697-7799-4a92-B55D-80A336DBD8EE}.exeC:\Windows\{25390697-7799-4a92-B55D-80A336DBD8EE}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BD00A846-4FCD-4fc5-BA6E-575BB7D9A6E6}.exeC:\Windows\{BD00A846-4FCD-4fc5-BA6E-575BB7D9A6E6}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4CBD534C-8A5B-449f-A1CC-B9932D388A45}.exeC:\Windows\{4CBD534C-8A5B-449f-A1CC-B9932D388A45}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{04E7EE6B-40C8-48ce-9295-6D97287697B1}.exeC:\Windows\{04E7EE6B-40C8-48ce-9295-6D97287697B1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B17849F9-980C-4bcc-A2E1-A5921B25A5F6}.exeC:\Windows\{B17849F9-980C-4bcc-A2E1-A5921B25A5F6}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{04E7E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4CBD5~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BD00A~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25390~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{85B46~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{47FEB~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EF28F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FEC23~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32C52~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E4B96~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5c31668b0158dbee199f82f439818dc21
SHA107089a37c119fe74e13d6dfef137e200a3ae55de
SHA2566aab81bc4a40911e93040bffb9b991f52c765dd760283e6d48f08f98a94f6769
SHA512c9fb8dbd71a09af128af0d8bcd69a12f77067fdc701cbf7aa0907b713c0444366258e55cdbef336c82d08d00d0e4b3eee701b455caa6c8a6825c995bb6cae3cf
-
Filesize
216KB
MD53eda274e01e2e3152a32c9c4f3def823
SHA1078f763ff5ce43598a6757e60a13dd32e6826f8a
SHA2566ffbca1a0262344603ee5b3d45662d50634567fae1f9625442bc8dbdca46b08c
SHA5125881d636913db1f40f999d39f8227fbc0ff870ff996bc0d566b6b7469a3855b6e704b75cc88861316155531c37dc020741cac30bf584f6d575ea8862194e91d1
-
Filesize
216KB
MD57f37e1c8e45c1fa231bf4f31846ff10d
SHA147380ad2952ebefcde6ae5d334ee06bc581cff1f
SHA256bbd2ce85cd96bfbc3952a3cd96813a4ab553a8780cd6978836e80b009b4b10a3
SHA512a13114931e2a436757c497090e1327fa6c555891749b6b26b5021cde6291030b539ed93fad5d53ca3334f7585281dd44edec65b95b547401268b7eef4cac5008
-
Filesize
216KB
MD55949b18016a93b1316ccbf0a5d492454
SHA11031314484b0f78b00bf36fe31c4b24eb4347a02
SHA256837d638a0576f2e76cfb83465f97c9326815604962fdb4bcf7ddb1934b5c664f
SHA51280cf864921a8907e2335f945d1a95ee90bdca5f48919236dd5d59e7c69b3676490ddf250185784bbeda8992b293bfa7f7c70acee00312069a3a2f37b2f07a28d
-
Filesize
216KB
MD5d172ae1af3d6915d25bf91f219b5202d
SHA145be536417ee57e744210cf128f3ab91d58c97c3
SHA2567f876fe2fa59054e1b66747f82ace5d82e3b0db16f8dcd7fd4ac3b8b9fd609fd
SHA51224793c24b1274f0ff733e974983356b20f57995f025678da44bc50224ba520cbc1684dd226baff5eea28e772070392b1513f95e0d218d381c3b86b36cb6ad24b
-
Filesize
216KB
MD5e7c815744c19e6297fe9dfe61b7338d9
SHA190305780cd1799873d5b22ba48e8b541bf49b642
SHA256f80a213b8c1deb48c70aee1e7974a17aebe68e60ea9d23a71f5a6b7a4aa581e4
SHA5127ddad430b1491d27d70d1a16f0177e3fa524c4c4605b52089f8065b6fd220b69dca4fe9456ea46eadf5548d3d4033242e29f42fada70a13c4e3fdee206018762
-
Filesize
216KB
MD5c22f42941512ec06c691cc00c1b343d2
SHA1b3bc1c89759a62fb724a9e1f04fbe0ac7f30a31b
SHA2561568362a81fbf349cd70495c4183893ad3fa1e0ae9e8fa9be042289440da44a0
SHA512ff92b0f798684701f8f78ec710164072ca9b4188f1591aeabff1f7875627ca51942f36ebd87034fbaa7209c74390ac39f8216400bd32763f86cb9e862ca708e0
-
Filesize
216KB
MD5b0494414e77011aaf1a7942c1bd78e1e
SHA1836c93995db379ec674defbdaefa973f2b4c2a10
SHA2563c04b1cf621976225f1221194f48470dfabc256965d7fbb6745b8cc9f0624b2e
SHA51284c1b3ecc9fbc0e2765bbf51948d83d38c629f8c81e4906228bd6d9fa2d08fcfda641ee1eca67d9248a2e4410a8989f44484ac0b52b314d959e5ca3231028f4b
-
Filesize
216KB
MD54cb0141859eff45150b124c2adea05ce
SHA153734bc3c77f8efc05bcceabc31cbde6dec0bf97
SHA256d541c5b643693a86865161b16f027fa9ab750db10840bdee5cbea9d71fda813b
SHA51290875d9eb552938016493de94185d6aa30b5cf6999751c43f093ec752e896d14ca33a4318108a937542ca27b46f90385862511b1922299d0c53cbde8dbeee5e5
-
Filesize
216KB
MD5ea24498bbe44f788588976a7bb2f1d4b
SHA1ff375d2de0d9ee89241bbea6f01aa3430f5db60b
SHA256007c55763a7557fa2a0da75a131f6ff5a92fd25767768d34a83ee67e6683d730
SHA5121028c2673f47cf82a486d092f9117cdcef6f3de9ebb9304d70f117eac9cad8da4d27fe0b19711be2a6cc69b4f7814ad0747cf9227930fd5bc8d3f7ec05114690
-
Filesize
216KB
MD507c369d64256e27d17b64b1a79120bff
SHA147721f7f55542525c7889f6e81d549263d642fd8
SHA25681d2059f1eafa20351c76031fe2c2b7be32d14f82d8ebc30398ded03507cc2dc
SHA512eff8f10bfedd90c2b61fa1e99c08198acce9f670d407bb7846fad8969160a7a2b9f7e54761012ad61c412d32cd9b86767f396a6d31f75141fa1076bbd96b7270