Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
08/04/2024, 22:41
General
-
Target
2024-04-08_92bbb4d66f3a73d4c4aa0f8fde9febbd_goldeneye.exe
-
Size
180KB
-
MD5
92bbb4d66f3a73d4c4aa0f8fde9febbd
-
SHA1
118be8f193cba0b4bd079522e7f4c147fdf92d01
-
SHA256
ca18d74eada25fe5fa4615a1b669113c808b3a1b7571329e246775c23a8de4b5
-
SHA512
c9cb70886403e3efba0504c6005c1a7198559b7f79167311440c8911ed1139c3a9250cde6a1c079540c0743a27126990163d078f85ed1ae89e86fea791c20fda
-
SSDEEP
3072:jEGh0oslfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEG2l5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_92bbb4d66f3a73d4c4aa0f8fde9febbd_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_92bbb4d66f3a73d4c4aa0f8fde9febbd_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C7763EAF-7534-4654-91A2-DAA3FEBCAE87}.exeC:\Windows\{C7763EAF-7534-4654-91A2-DAA3FEBCAE87}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3438502F-6CAB-44c0-B079-E8AB61874E72}.exeC:\Windows\{3438502F-6CAB-44c0-B079-E8AB61874E72}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{697FF5DE-135C-4e8f-8588-6A0D08A796F0}.exeC:\Windows\{697FF5DE-135C-4e8f-8588-6A0D08A796F0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{151E943A-34F0-47e6-AA02-5CF472061F22}.exeC:\Windows\{151E943A-34F0-47e6-AA02-5CF472061F22}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{14A5F831-64B3-40bb-8F75-87B4E1E22397}.exeC:\Windows\{14A5F831-64B3-40bb-8F75-87B4E1E22397}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B2722971-694C-4a30-B15A-6869B09D28E1}.exeC:\Windows\{B2722971-694C-4a30-B15A-6869B09D28E1}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CB64D9D7-324D-411a-8E22-292493CA9363}.exeC:\Windows\{CB64D9D7-324D-411a-8E22-292493CA9363}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{70F34966-7DDF-4482-B7A5-81871F19109C}.exeC:\Windows\{70F34966-7DDF-4482-B7A5-81871F19109C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5E7489BB-51B9-4c18-870B-1CCB667DBBE2}.exeC:\Windows\{5E7489BB-51B9-4c18-870B-1CCB667DBBE2}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A95CD6F4-CEF4-44d1-93BF-E29356B4E3A3}.exeC:\Windows\{A95CD6F4-CEF4-44d1-93BF-E29356B4E3A3}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0038937B-D619-476f-8264-B6CEB0CCC001}.exeC:\Windows\{0038937B-D619-476f-8264-B6CEB0CCC001}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A95CD~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E748~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70F34~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CB64D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B2722~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{14A5F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{151E9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{697FF~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{34385~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7763~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5839d783005a8309126c81fa0b1da61e6
SHA1ccdb3e2fdd943cc11ebad36ba49f460d61b95279
SHA25654cf2ecb78a5d31d214679e73dbfd226346c0c2b302f3ef96bbefe5a52b2c5bd
SHA5123ce43852458bb303c0da0ccfd553b0d3cb20202d782a6c53581128cfda60f79f6f67addd7c42c5f0c8c503adf0311b6d15f68a0664a49a1a6f038ea8353dfa2a
-
Filesize
180KB
MD5e826e980e335340273a1e37ace33bf8b
SHA137898b162b67ae348bbe35b3d7b9ae727262b660
SHA256e64a9873b61b37a5291ce62137eb9cde2ab6ca2315db8b7abd302a1938f80a9c
SHA5123c7d5542450460b45949c8f428da45bd138b402f9533966bbaea541a9f27e4a8bffae9a3f8775a775e869568ac77f9b27a7c37d414546f38255223e5f65ce3b3
-
Filesize
180KB
MD5ce0f2c528b44395451607e3b46223e46
SHA1e7419cc4bb9c352f82d866e49dbc9154b63cb2f0
SHA2563a54dff35269ad9f4cdf02e343909792e0aceb8e83f05a8164815e9b84775826
SHA512889d65ec147f00b9e1793a9c0d2c941a4e9eb24380cd08897350fe10a0564abfa27c9011a25fecb218bfb0f58dc5ac8aafb1d99e5e017a873be85b2eceb75b66
-
Filesize
180KB
MD530b7fa6dc41b415b829277f150e07337
SHA13e9ddcbc1cfbe5da701a9dea1f70f792846827e8
SHA2565b67dd8d7503a5fec0a4d3e01837d4fa1aa4a9f88dc8405b4d14064dc73ba39f
SHA512110175a1fbed21ccd2fd26f911ea6be9d87fde79678eb353745702c33c1757a37b3ed8dff74aa4f901cff4fcf5c16930c65039eaa9d5d03785c306b13b9e5674
-
Filesize
180KB
MD51d7f95be342d5303febea3fcbcf1808b
SHA1de33f82d7605b0f2204acc2bee3d4a7cea394ee8
SHA256f930f1befe651f22602161e6765e5ccde30b7243bd272287d568243e9fbbf614
SHA5124895a2f5e16a789157b9bc0b6fc8243886a822b16d53559ccd8ec1110eab0216725cd22d93d1343eceefe546c088149b8038381ed9cf0a4dbae789a3a78d28ce
-
Filesize
180KB
MD56a60c3f4bd67d370e79101870fc7c48b
SHA1be24c413e2098a31d1033385883359555c62f03a
SHA2562a34282196c971372d4b9906f0f5f82b466940cae14ee1d2325cd0f6700dc55e
SHA51237b5f90d057b56bfde08c7fa89bdd597e5ef395a674da4045ddc01cb5ac31b8220e038efdf2ea2a489d9dbdc1a43896efc31ec45a96d0472666fc997cdeb886c
-
Filesize
180KB
MD53ece5a9dd73ba81332ec93441d691ac1
SHA124e68796cb1fb6300ca3eb4116a3765ce6b5c8b3
SHA25663b390592a9cb69f91c9e49bc4e3d6ec796ecebd39e52107bcce32292360d672
SHA5121c6d88bbce481fea19afc071c218b7ff93816fa16dd744f4f0d4bd8b7dd66c0207eff242d3699f36c81895f85f3f6f0e1735ba66255ba3249390fbb885360c02
-
Filesize
180KB
MD5ecfbba56dc3a9358faa1da39c477e738
SHA182778dcec9099b1afe65233241cbab71353df294
SHA2562e583926ad639caaaddd89b5743e6647622766f3dd6c21f7f37c7816e743036c
SHA5129652f2ce180daad1a24ee5aa0aeb29373d6593a8bb65f78fe3e01457fbc8b41a23a24f5d8427ac1b9598b10164e2fc6b1a1cca515b031afe7106bf0a790a19df
-
Filesize
180KB
MD527f51aa7f9c99e02ddf07f1805f1c0d9
SHA1683a461d4f8fd4662924204d0da0bcdee237f877
SHA25646b828320ef0ffc0594875cfcdd921b4c16dc31d1c9cef8553732e45569ce633
SHA512edb57398f09b76a388748bf6cf8ff60efe5fd745f0afd802c05da0184d63d75fdf3b7fe31ac6767bdec9f51a2573397686b1b3a353b45b2ad50bee38c004ae93
-
Filesize
180KB
MD58d8fb1f3cac84914513157240e04201a
SHA18a037e6063a49bc25b9c4c716319b8b090ad86f4
SHA2562a78f3579db22d5af548b775ab156fa141652245c6ba342de9550113fa57fb87
SHA512f6d8c0e5b1c102e8b458b6c22e09b46c3a75af8f84d0995efa7f3c132a0029b7670698ebc4e897c3501ec1c63d5272fc3f0729ca3d8838302250dd46b8c00bd6
-
Filesize
180KB
MD5755997d28e23f5dc3d6999b4f2c79e2a
SHA119d57bc77e3010711d827ce1d3de61843d4459d7
SHA2561b5f4beac1a37504fe4b0c841c836d179b1dec0eaaeaf43fed7c193b4c5f5aaa
SHA5121e982ac47a3bf58c83241b631a38563170b6269fa5eee6e208431ba8c871ad8c46d8c582b6a7bf5f976ce4293f808546012686554be9b9d52f8cd1960c8e83a7