Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/04/2024, 20:54
General
-
Target
2024-04-05_e78b242572e44fa3a78241de4bcf4637_goldeneye.exe
-
Size
180KB
-
MD5
e78b242572e44fa3a78241de4bcf4637
-
SHA1
d3fb2372d3178262b38a7a84194b6414db8c931d
-
SHA256
6f28d4ff665d3fdc8cc7f94f9ddb4043000fb64b0840b1fe55c5801f955830f1
-
SHA512
6154f2fb9ad617c2fe3aac92de257d82e4a69e149f62e590a5b55ec2dd711ad0dbdb2e05cabcbb65b20d52d90bf4ad892f64fad34867118fbdc572120db254a4
-
SSDEEP
3072:jEGh0oJlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGjl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_e78b242572e44fa3a78241de4bcf4637_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_e78b242572e44fa3a78241de4bcf4637_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4BD0CDE0-D829-475e-BF3C-39D0041A3AD9}.exeC:\Windows\{4BD0CDE0-D829-475e-BF3C-39D0041A3AD9}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D42F49FE-DB73-4e7b-AF61-25F82AEA3C66}.exeC:\Windows\{D42F49FE-DB73-4e7b-AF61-25F82AEA3C66}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E7C7AC88-68EF-4d9f-8B89-944C9AD13670}.exeC:\Windows\{E7C7AC88-68EF-4d9f-8B89-944C9AD13670}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{000C52BC-F4A7-458e-92DD-35B4EBE5D042}.exeC:\Windows\{000C52BC-F4A7-458e-92DD-35B4EBE5D042}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DBEA2765-856B-4850-97E3-60A82CCE0E21}.exeC:\Windows\{DBEA2765-856B-4850-97E3-60A82CCE0E21}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4F269B79-48D3-40e8-962D-CF9D9131DEA0}.exeC:\Windows\{4F269B79-48D3-40e8-962D-CF9D9131DEA0}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3E24B88E-A916-4b98-B028-1FC26AFA99F0}.exeC:\Windows\{3E24B88E-A916-4b98-B028-1FC26AFA99F0}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{16B3DF4E-A22A-42e9-9B7F-055617A6F061}.exeC:\Windows\{16B3DF4E-A22A-42e9-9B7F-055617A6F061}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3810EF2F-B40E-4653-827F-5A243ACAC89B}.exeC:\Windows\{3810EF2F-B40E-4653-827F-5A243ACAC89B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9D2E6EC6-F730-4418-B4E1-592D3FE4496D}.exeC:\Windows\{9D2E6EC6-F730-4418-B4E1-592D3FE4496D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D1392D73-EA1C-4a7b-919C-555793056DFD}.exeC:\Windows\{D1392D73-EA1C-4a7b-919C-555793056DFD}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D2E6~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3810E~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{16B3D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3E24B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4F269~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DBEA2~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{000C5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E7C7A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D42F4~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4BD0C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD50919e786b3e0d3c07ffc114b3746554d
SHA1a84c7d941dc2687a7299ad307635fd6a3ee06f91
SHA2561f49d9d9e0938e14ca5c06eed6455dbc2405fe865d118d030e4ef942ad00f133
SHA512624d7e8cae0cd9189e816374c001aebe1293a3203d6f4072b3d1e7332fe63dd5a312a13156496559cb001515d2a24e132ad19a349d2ccf0933dd83521fbecb9d
-
Filesize
180KB
MD533bae09a73a51c8b6e4c3b7b7bbdaa51
SHA16d6872678f2cfbcab4b3bfd67e1eeed7c12c71ce
SHA2562cd598e9cb246523925ea60a0b060d4ebed1e5a3e37b6233eaf47b6c2aa13f43
SHA512f49c6dfe2e770e1efc5fc1ba45e30664c19295df04a3624c524a51266aed434e9943a4a67b3501d8cc8e781119d39cabc30bc5a86c7806b36097b7f67f366846
-
Filesize
180KB
MD51ba557f9df28a351fd81a33bca533c42
SHA1113eb1556aafda175efe5de597aa4aa362ddd088
SHA256f3367fc66e24a937049e8344b7ddf0b02fab97ce79e1b4122a5ab3a7abf95ca3
SHA512de09ad8ffd8a7056da1201749902aab54906b2f308a1479b74cf674c2e5945591472e4d3ca1b5f11c520e04fe16fb460a97b9185476f87118db3edf346532af2
-
Filesize
180KB
MD5cb6744892d0ead3071870ec0ba320c7f
SHA1a32bd0f4b2a6230e74cfb72ea1836d888367cff7
SHA256de0cb86df706cdf22acf1e8af931dcc18bff4de2486e253dc018622dd324e66b
SHA512b1084742a1acb1d5ad8c5bbaddedf9834bc14eaf7632514e3398b4213513b0631be707dde9550ea22eb59242aabeaea0c49d52ec3842993ee340c14954c2c74b
-
Filesize
180KB
MD54d46d2f5f4310d0acdef65d95cc8f160
SHA1b6a5264b7cf4fb1aaa529d734299ec47e3a277f9
SHA25612df58c1ced98ff6b80d069bd5e3087c579d5224f5ac23c04391ef303323ff4d
SHA512b4d55d1723cafb699cd6bc754508d609d601c83c8cafa39ff553ba7538ea74fe0e103e9d82a10bb3b529651b5b8f75e1e0b26840b0de77652af613c3c39fd558
-
Filesize
180KB
MD590c8d15a6378d8b7f22f7a1040562e72
SHA16ba9b1ee0b56faf1c0cda88dcc4e15af13dd74a4
SHA2562f75f781148bb3aff5c53c2016391528fe0bb6f6ce9d0b0d8c7a0bbeb260cf09
SHA5122fec8e0df0190d0141f045cf41496c7817ef465e035e3687f40cf5678915552620b56b881d2c96f892815ca4fecfe523ec4379beb0b753565a5e24b338beb6b5
-
Filesize
180KB
MD56061dcdf3e2ed1baf2bbe83c9c968a0f
SHA19db0fdcf83b38a403fab6802c0bdd5d1ffa7bc19
SHA2563eb99b575e70e06b157716b3b17d1be694577ce1987b71b21ab73568592d39a9
SHA5122ecf9f6e82524396148ffdc0fcaca037bf9e75639857cfca611284fb8a8c104e6f89ce87437bbf82c547873461dc4bfb13daa2584e421a74cb76ef84cb1020d0
-
Filesize
180KB
MD59f48ec2930c0f1630442609846add677
SHA12503f4f4a41ef6bbb6791518845055cd5d2dda1e
SHA2564122148114e8f58958678861577e0fefea6db30db45d7abe0495e82e82480261
SHA51251233272e637ebbbe310ac471ae54c26240cd229d89879258c4c2fd7e54b180b4f056e5a73c8f1da0971ec80309d0de0a2556cec363d4cc63f9948bef42fc11e
-
Filesize
180KB
MD5ec2f00afdc78f54a21c579654d446a3b
SHA1448e4a27b8c577375f833f5a7305d110ea75c52a
SHA256bef481a94f8d19d5354009cd3ea7c93d150d38599402afa7ebc4ddc1d61895ca
SHA51292510f5470a45223ea30318d86a331a98dad268ee01f41100f656a9cd19ae1ea151f3bf1012123d0868ac54be4719adc19f77969919f18bc3cfaa377c9458112
-
Filesize
180KB
MD5390a73af21a172eb61604ee4efb2598d
SHA132acfa9e34b1053969820479cfb5b803f5acb586
SHA2560f4cd7a5cee6f1416b339eb27d6795dc53c819938d233c992301dda5e74635d0
SHA51266eefabf310de1161fb4dbb4fb52f4694535b25df9b8ca5fca1c20122e589833d2718f0729b5b13ae562c95c2f9d3f2cef8cab64c81dc26516b451dc8cd2b1f9
-
Filesize
180KB
MD532b12c92e3dbeb785e493393cf82e7d0
SHA18de9b9aa322c12ca8e4c362603fc3f39f007f698
SHA2565e2289523794a93a46d8c8078b239ef971789203cf378a21378176f7ad808368
SHA5120e36c26cdac3b4dac29f52bf6b6058376db0cfff0616de2d8dca60d584d7c6c30b8edcc6528acdbdd4f54aad31c35fc128c66010189792332830572a27c7bc9c