Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
08/04/2024, 10:39
General
-
Target
2024-04-08_b135da0b77f928474d2ab56658d077bc_goldeneye.exe
-
Size
344KB
-
MD5
b135da0b77f928474d2ab56658d077bc
-
SHA1
44eeb9afd8d5e0adfe6740ca1685de1ae72656bb
-
SHA256
3fc1c822ba7ffef39e13fd1a3e487fd94814b6eb28ecd7cde3ec8bd15847f07d
-
SHA512
b8b3426ee532858e647204e283bd124d6712d6e8cfb3065d3f5882c400965d2c5c3509f50b5258770610645d361e3ab7ce45fa4aade1f60ad7a6346997501976
-
SSDEEP
3072:mEGh0oGlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGwlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_b135da0b77f928474d2ab56658d077bc_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_b135da0b77f928474d2ab56658d077bc_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2AB36736-6752-4135-821B-CEE6EFE109EB}.exeC:\Windows\{2AB36736-6752-4135-821B-CEE6EFE109EB}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{48761C6B-CF12-4bb9-BD89-F5A1DE2B26B4}.exeC:\Windows\{48761C6B-CF12-4bb9-BD89-F5A1DE2B26B4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CBE56526-15B5-414e-871C-E4F80E855AC1}.exeC:\Windows\{CBE56526-15B5-414e-871C-E4F80E855AC1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A6A9424E-552C-4970-9046-D5854B396529}.exeC:\Windows\{A6A9424E-552C-4970-9046-D5854B396529}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8BBD018C-BB2B-4d30-B3C3-2FC6EFAC4730}.exeC:\Windows\{8BBD018C-BB2B-4d30-B3C3-2FC6EFAC4730}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{84D4C71A-95ED-485d-9FA0-E449967EC06B}.exeC:\Windows\{84D4C71A-95ED-485d-9FA0-E449967EC06B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3E4F4613-FA29-43e7-B4AD-19C39A509DCA}.exeC:\Windows\{3E4F4613-FA29-43e7-B4AD-19C39A509DCA}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{48B6C59F-604A-4884-BF7A-165891426955}.exeC:\Windows\{48B6C59F-604A-4884-BF7A-165891426955}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{13B7D7CD-C9CF-4992-8A94-3E3EB38F2972}.exeC:\Windows\{13B7D7CD-C9CF-4992-8A94-3E3EB38F2972}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3A876D9C-BF93-43be-B4D8-01EEE36F88D9}.exeC:\Windows\{3A876D9C-BF93-43be-B4D8-01EEE36F88D9}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{004F33CA-D828-4369-9A55-D57FDAFC2247}.exeC:\Windows\{004F33CA-D828-4369-9A55-D57FDAFC2247}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3A876~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13B7D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48B6C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3E4F4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{84D4C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8BBD0~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A6A94~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CBE56~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48761~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2AB36~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD5668f13eb4ec4e32c226e054bb87bc79b
SHA1f229ea12eb2cd10cdce5e9015121d41cadf8bb95
SHA2561d9d5dc001f3c089b023d0fe6aa88664e69b7dac8914d4c834ae7a4270897c27
SHA5121e22f622d1d8644ef9e82fd6131183bd9caf779acd9d664db54bb2c7122291fad73749a6b627ab261b8de4d9afeb2ace30ae2fb8695e7c5ce943ef3d94d2c404
-
Filesize
344KB
MD57b4d653ce81ba943a063e3b533a21e26
SHA1b28ed7704bee42a40c32e06d071941629cbcee32
SHA25672201f739b2e9e9ffe539d15e0a9450b0e69b7f6d1002d999a8a5ea12d640c8f
SHA512ff2eb817ed1a076a0299bd0313ebd7dac6b06e1b66dc1bc84536e07593ccda62839c3a06ea07162c3a7cbc581664761fab3f66d983a965d6270ebea591a43424
-
Filesize
344KB
MD54395c5346eb967cf15ddf7e4e161a415
SHA157935a0729063d0ce422b31bb25fc4ee475d2f1c
SHA2561304d71173e90ec2300ace1e5c03de35c073a1f0f6d6f0df39cb84f5cecdeaf1
SHA5127aa5895d9da14426d2e21e524842cffccdde238d3c4495c7ed57eed948c193199d87a7968f1dde1cea108e57f33484770983bc5a57f8aaf0f8e0572d024b6d77
-
Filesize
344KB
MD56f303ea12c22ca8ecdc55e60c7920655
SHA1c6066a6adaa4001e4f6cfc2c8dff82efe5531423
SHA256c2eade9939e9df121edc7ec207e9fce7f237a9bea11c8954a75d41dc50331ead
SHA512de5f07de0815821beb92255dafed344445f33a7963d4bde7855745cf6414a04dd1ce88b6d18348c937eb54e69f367ee66e4c8d9277a622e4f8ce8c2ed9051a67
-
Filesize
344KB
MD5d6fb33b9c1141131cfe573012c5142c6
SHA14ada24880aef79876d0f4c85478d314255d9b7de
SHA2567ede7457c00d474468cab63d34a168b08eaf85214e76a40fcc80a6149db6f37f
SHA512abb54e3a1b88ff83aa7aa5f025590758061df6afd715949a2ccd23074ac9185a1130935cc385a1eff9c47d63eac9d34fecd5fa81446f2e77b3dc2fd68d9bef42
-
Filesize
344KB
MD54cab1d9e3f500c6a255e593c9137e8d1
SHA1a149e8ab44e60ec7852ba45f76cd26ea4ab99aa7
SHA256489101f311d9f4e50fcb2af23c6f3db7fe4c67973e90004930a28b27306a1453
SHA512b93ee62ba546337f8cb2895b0895d357ba0cc97ef81d6974e4338186b62012dee913cb33ecbaf6a0c249e5052e17b847fbd6fb7172af64a1993eb6755914a7ca
-
Filesize
344KB
MD51606841259d589531f666c4b4d7a7c63
SHA1a09c5481cfb00e4120adf4e05138a000dd15df11
SHA256c9078708be17404bd6f896cc9d6973ac587a3d870716c1979a0170c0a6382103
SHA51242f00d960b615d3dacd9488735ff7fae3233e9db26e55de302a354b4a627149a8f5e74cd9cf5608d549e84c00253e8778e126eca225b8499b8fbfbcddc4d9eca
-
Filesize
344KB
MD5085306a45dc3eedda21244a2987c1292
SHA196f6f7f34c6a3394174fa1dd46fa50f5080e49f6
SHA25651b3f068a0a3ffca266cddc8f1607c6c1c6c3c10259a3a00b073ef4f3f1c60b9
SHA512c3f1c837ab4d6af2cb0abe4635fac9a5bf899204063a56a2ca51bddf0d43930a7d2a3cb4b3289ad05b4a04b55fbb9cc16c8f78740c771961ac8e9d8d547253a9
-
Filesize
344KB
MD5fda5e6f4866f4173103dd34217fb2e97
SHA1737f7a80a2ca477f57030536e2d336cd6118df89
SHA256407938cd89e83b366e356c06a5f42206b06210b38569ec2e13e922c6a086295a
SHA5129462f641edf34cf5e438dd6366cba6e8bb08ab9320337ea0216e128ded4c256bf547a6136b3b6aff186ee16bac3baa9d9f25861a4cfd00cfd7dce20955ee3b17
-
Filesize
344KB
MD5cce86d700c5fa435605e3518cde488d3
SHA18349f57f6f92353cf7eaa1e15214a8a637555c71
SHA2569812598bad1a9a504cf919a8ac7c0407fbb8e5b1906e4f78d1db5a647df4f970
SHA512f55a8455e85ed579d2e55f142c32894efa8c0a85569101ec56e1b4e41282d77018dc80b9c522b2964fdefa0a3804dc1a280fd72c027ba4221d58d3106c284c64
-
Filesize
344KB
MD55ccc93a48045038bbea0959a42b9542b
SHA1d95ded2acbf07d945e5a8f4f6aead634f5176a71
SHA2563f4c53045d47dd9acf91c0210075cb3bceece8f4b07d9a0c6554c4b632c15327
SHA51264e38f672992abda76e3deacc2c2193b67950eb07ad773bebbdb7249db953400b5dfdc94b99e527c97871c1616aa5c436a17831489f8513b0223f6382c8390a7