Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
06-04-2024 10:56
General
-
Target
2024-04-06_b967aa2f7b6f78bc3ff9d9d2065003fb_goldeneye.exe
-
Size
197KB
-
MD5
b967aa2f7b6f78bc3ff9d9d2065003fb
-
SHA1
bb3d606784053d409ec481b7cb90201f41ef2b91
-
SHA256
3839648394ce16200e15008f78114a5a52d2a8b2724387fdc6bfac63a7607779
-
SHA512
396e8a8b81a9ea96d068485957237be51500e2bb8cf027f3395939a1009a059df5e13de4463e3a1c0ec305921e70e04f6dd440ee2ce1737a4cb24938b8ad2cc2
-
SSDEEP
3072:jEGh0obZl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGnlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_b967aa2f7b6f78bc3ff9d9d2065003fb_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_b967aa2f7b6f78bc3ff9d9d2065003fb_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{95266FC1-48F1-43ea-9CF7-C38A7EC91C1B}.exeC:\Windows\{95266FC1-48F1-43ea-9CF7-C38A7EC91C1B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A55B2E93-D449-4d6a-9227-632B9DF39412}.exeC:\Windows\{A55B2E93-D449-4d6a-9227-632B9DF39412}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{53D0A30D-9207-4cab-AFCF-AA4E72CA1BF2}.exeC:\Windows\{53D0A30D-9207-4cab-AFCF-AA4E72CA1BF2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7065E151-D58E-4b6e-AB9E-2BA3C79B919B}.exeC:\Windows\{7065E151-D58E-4b6e-AB9E-2BA3C79B919B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E11828D5-6843-45cf-908E-588C11A23AC9}.exeC:\Windows\{E11828D5-6843-45cf-908E-588C11A23AC9}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E7A84110-4932-4657-BD21-DB2EB8532346}.exeC:\Windows\{E7A84110-4932-4657-BD21-DB2EB8532346}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9EB4EBC8-2F3E-4336-9773-7227171CC4D8}.exeC:\Windows\{9EB4EBC8-2F3E-4336-9773-7227171CC4D8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E2C428C0-C26B-4adc-8CB3-E590F17553CC}.exeC:\Windows\{E2C428C0-C26B-4adc-8CB3-E590F17553CC}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{AF005F9D-9740-4749-B1EA-820F7BA8931B}.exeC:\Windows\{AF005F9D-9740-4749-B1EA-820F7BA8931B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7FBFB048-450D-4011-B474-1556CD0E0D20}.exeC:\Windows\{7FBFB048-450D-4011-B474-1556CD0E0D20}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2B209960-BF16-44eb-879A-A0196CCBF157}.exeC:\Windows\{2B209960-BF16-44eb-879A-A0196CCBF157}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7FBFB~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AF005~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E2C42~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9EB4E~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E7A84~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E1182~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7065E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{53D0A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A55B2~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{95266~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD59750856dfecb04556e3d6f604a97557c
SHA1353725f779b46e21ec7eba4098676708c0b4111f
SHA25679f6b8c1e0972974d1afd7fb42ea5d2d48707f77cac2f3cbfdced9cbf554a7a7
SHA5126b3854b34bc6ca5645b348732258e42f33b355a2d7d8fb231112d89ebfdb2703a63032787cbc7f649f0efbea7bc8aeda69a8c25be3f508717c81e4e3116b5d5f
-
Filesize
197KB
MD51d8657a4f4c0d32dc83599925c5f71a6
SHA1a1d8d2cbd606798918e78c04fd2c2fef499cdc8d
SHA2567f54e4b6b68c56807907a271fe4f73df706e52b6317441ca5df91ecda444f92d
SHA512f68db8bf6ff97d7c9e17abb60102a339b2e6ca955a58359ddea28b7873092a83dcf4ff879ae4c82b6535bac8d7085ea3bb4fe667c146ab38867684f5310c0198
-
Filesize
197KB
MD56f08bee6c18e3afdab1785ea1210cc30
SHA1aaf04d967be2f16d276eb1012b79c2112ca70cb9
SHA25637c32a88d2254d1e4c522fd991c685233414ce5c4e60965c65fe81a3d67d0117
SHA51230cb2cb46f41aa9b9283fe68aafadd07ad7f35aee5cbf55e5c659da50dc128955cfa9d99a4e1644b026ee47cc9da8d22745a5050d0b71098a53357889b21fad1
-
Filesize
197KB
MD54979a18ce1275b17988ee5f7894d8cb1
SHA1c78662f65375c5e81f541c43992462b64c9a9cbb
SHA256226181a24cc8f7a07a617c05a3f12a3693abe083bbed71c0a8df73d5a602fb13
SHA5124c61a8eca1b99a12449d5374a8acb9a16ad99f305c9f6b6e495d60977416264188f30a2a04552554630d92166ce93a6798bd3ea53f5ae0ebf8671bf855678181
-
Filesize
197KB
MD5fb33e489983ca50a6006365d0bce2f1c
SHA124b28809280995be4e4eb321b0b72564c065d821
SHA256828d03b8ffdc4a6ea6608ca7e791fc19ca5501edcb3d3f9e6139971fb4d4c0a3
SHA512067ba7669ae255a1ad36e286a3a035f7fa35d0cc1ea5c8c72da19a57e34f5b91b54f0d0d3e36220f41e6c10ffc40c32070890c40fc97a73b952c260e80c8428b
-
Filesize
197KB
MD5cb383f0cab334fa616be2f6fdb0b8096
SHA121074e500cc199cb6e232defc05666dcff7a17eb
SHA256bd881139f685e23606e08c95d2d3674989ca94d709289a3fc989a29f783a8ed4
SHA512e6a18f1218069c3f02f4c30a2080eb0acc0497441b2483b7b3712aaa6d46d55964d78feb190e56d3480789976e4d3ce756ab79a9e3cce025d82454806cced0c5
-
Filesize
197KB
MD5d6c107d66790223d2fd1aaf7320e0316
SHA1b4847b7faa1aee5e33a543de3c790df2f1db434f
SHA2568f12dc68a5458199c22100e7917098fdf8628f96023c477858dc94807967c499
SHA512b09038ba4a358cc4cd6d6ae3800b532bced8386aea74a0cd0d91eee6262ae9faf7441c4552305391c4c220ff3777edf792aa161ccfbc98e9a371f66d07dbb6f6
-
Filesize
197KB
MD5722d6bbf8d40c479a0ef5b9c965a1532
SHA10857ab7d15fc92f73e201432875fcb1659cf32ce
SHA256b63c9532fe897f8af8f14bbf114fbf0435800fdd9cd926cf258df3ea86a28d5c
SHA5124cb22160283e3c598cc84a83abeafd6d190cfc1c4ad00f9700291851b62dffc6ca0ecef8e8000c876510b508a531f358de92059b0a6fa8b043c2bab483abfd79
-
Filesize
197KB
MD5f5dddbf938d4593b06dd770ee3aeeca2
SHA1c87551f773bf0a06cf373bad20126b97c7df6246
SHA256c6088845782c6f599e7fda0fe3d241cea4c070dc38c146ab6208a5ce1de34460
SHA512cb5ba82b59e5553f636aa0013347f2f21cdc2977d1cd39d68fac1a531676ae424ada623a0b90fa6dca446b5abcc3dab6b53f526586b04f9981a764346f79f207
-
Filesize
197KB
MD591cd7365d5a33a742d000672ee0eb1a3
SHA10903c4e0b68e0878549bf0b5a35c639e2fb65ed0
SHA256b0e3d5c0341b4cc8039d8cc042aab345256f8068282dbb37af2e4ba1821f6f1d
SHA51292cc4d5b5250e80986ab37f13d046730d7ce23d83500cbe257815c7e915c6761e3dcc15d698f2be5fab02fd9154493bfcd1737ae15ba3ea4ae8b17fa1f475543
-
Filesize
197KB
MD582601e4d49411b0c551be50ea0433394
SHA12c9515773bda39d173facc64a585d7df21bec540
SHA256f954793c0b9247a5dcae0791fb31a4754f2055918e257148f138079dacb244e4
SHA51214b045da3a75c026bc56bae0642b61a19af1c7aeaa7bd749ff4477f2aac4ac719fa4a181748cf605f8c0d2c729d81bf5c51e4679554dffb0db139ff92cf91713