Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/04/2024, 13:28
General
-
Target
2024-04-09_23fee02cea008ff828bcb75854cf4e73_goldeneye.exe
-
Size
344KB
-
MD5
23fee02cea008ff828bcb75854cf4e73
-
SHA1
31df05150de8adad5366c6e4138b860238eede8e
-
SHA256
e8029b194babd0106583948b6e58e32883f41e810fcb0ba6b3ea618a5d71fe1c
-
SHA512
1dac5b53077ee93501a6ba03b922359df82063274049af0daea0768542768962bfbe722d2df15080728303fc1f6b033853a59567bceb908de8568d22bbbd6d35
-
SSDEEP
3072:mEGh0omlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGolqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-09_23fee02cea008ff828bcb75854cf4e73_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-09_23fee02cea008ff828bcb75854cf4e73_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{06E2121E-776A-4c49-9B8E-D87BCF2B4BEF}.exeC:\Windows\{06E2121E-776A-4c49-9B8E-D87BCF2B4BEF}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94463EC2-6E2A-469e-901C-C4EAF0FA9F03}.exeC:\Windows\{94463EC2-6E2A-469e-901C-C4EAF0FA9F03}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BA906831-5017-4344-AC83-37AF7C4F1C0C}.exeC:\Windows\{BA906831-5017-4344-AC83-37AF7C4F1C0C}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8815EF97-83A0-4363-B7F4-FF418844A65F}.exeC:\Windows\{8815EF97-83A0-4363-B7F4-FF418844A65F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DAB5B193-77DB-4b9c-8114-16BB2156160B}.exeC:\Windows\{DAB5B193-77DB-4b9c-8114-16BB2156160B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{10DD9DA0-3218-488d-BA31-8EF90320A001}.exeC:\Windows\{10DD9DA0-3218-488d-BA31-8EF90320A001}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{33DB41CC-64AF-4479-B715-6F8292EA11A4}.exeC:\Windows\{33DB41CC-64AF-4479-B715-6F8292EA11A4}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6A917C61-DDDF-4db1-8843-80088E2CF2AA}.exeC:\Windows\{6A917C61-DDDF-4db1-8843-80088E2CF2AA}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{97961CF5-37D0-4f58-81E7-0C488A823B41}.exeC:\Windows\{97961CF5-37D0-4f58-81E7-0C488A823B41}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{92A3BC20-353F-4df5-96F9-98F6251D64AD}.exeC:\Windows\{92A3BC20-353F-4df5-96F9-98F6251D64AD}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FEE8BE9A-4C1E-4a27-807B-070801A24D24}.exeC:\Windows\{FEE8BE9A-4C1E-4a27-807B-070801A24D24}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92A3B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97961~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6A917~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33DB4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10DD9~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DAB5B~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8815E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BA906~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94463~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{06E21~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD55a7bae03976adfac7446f3dc81f27963
SHA1ced33142cd0e96cf0505d4d0760d14dcde3d5f01
SHA2569cb9374256ec108f77f6094c2761f120df5bb39be2cbc958780535e6bdf4d394
SHA512ab035a213f42f1f19de9103768e264499539db79f3fe50ca480d873778e1d10286754486bbe01a0b9b846fd84ddfda21ed5efb8ecd3f114220ec3a7890e3e893
-
Filesize
344KB
MD5cc2fb3b4b29447cb0860830f0a16b679
SHA1d5d56726ff4ff80a287eaff48878d57a8ea76bc3
SHA256aa9a702d830d6083d63413f28ef0d1e04ac5a048f27e88bc5f9a9305495d1178
SHA5127306d2e038705165f7382591b201cc93042fe241d2546258d3240a93729a4f1ec65444f275657cd48c376434a8dc3c42f6455f01a9b34adecb5a51f8c819257a
-
Filesize
344KB
MD57bc7a318e7268dfb09063e68431512c5
SHA19aa5f99d502962df06885631990dc0fc2195b37e
SHA2568f25606799f75e0f6c73a256763b42e1611e13e567cf8a1dcdc7239eea9015be
SHA5126106a5ce170f1b70e25ecc5525ddb8204d4b5400d0568a50f7adf99924ea6fa11344ca6543bb3e81f6add9feea494545686ec164a44851c7c64b7ef54a73d37d
-
Filesize
344KB
MD5f74078365cb9028dd7d2bfd5cbc0e9ff
SHA1ccdb0c012ca84ec58f55fe8278d69c8f125a2f09
SHA25663ae921b94efa1d8c4092fd87fe24739d99a6ae551f0d3398dc2c46403f4991f
SHA51267f8bf21cd148e603f752722740dfd2087ecf91a86bd0b02466ded7ce82e9a29873e2d549cfe34670336231a0497a955acba9adf052e1c5bff8b8cd0a5feeb40
-
Filesize
344KB
MD5189da4d5b0a2891e80172f8d6a866429
SHA14d76719000af87d6d31c7bec6bfbec63110ead59
SHA2569c2f7cece125deefa56533275df3e0f75f2e4619ca0597cbeeab3f84ef824d96
SHA512c0dfd7ddc0143e272e1276586f5c947a4eba980c572a2da7a443009bafe5c8219b6f2b675ccab97b9b5394dfe45b7a3f58cfdc18afcd21c30b8b261de4f39b22
-
Filesize
344KB
MD515dff759aae730dfd09b3182dbd10e6d
SHA10e3315036cccaed2e9d3d93c382de8bbf1d9708a
SHA256af20558bcf91333e99e22184c0a52635ecdc99fd4044562324a35d4d70f86559
SHA51220a1bdd270931c513c9f1203c3d4755c8faf87d2e11cbf86087efe2c00de5071a4bd4cca6c162c688df79a3e94bc108fed5d37c0078d91411ac73ece00e6654c
-
Filesize
344KB
MD5ec7775719783a0ae5ab3d4d07a6d827c
SHA1abea744cce18296313125acf0676bee89607349e
SHA256c573f9db9e607ff0ab00779223af0badb80767ce2da0333cadcc842c35774b69
SHA51286866a9c971e9f74105444c217f7ce0f24385062d453471eb32edd37f241a8d85faff0bf154af51ecb72225b6c981fcc63491197acdcca1f4bc7bec614ec2bbf
-
Filesize
344KB
MD5272974a2f930a11cff8735e3b16af5a8
SHA1673802efd3001603bfdbfff249857ea58265fb53
SHA2565a1caab7d2be99742f1fe8ffe4ccac78b37c22c27ce44f2ac3409ced9ed720fc
SHA5124fb26daaddbc117f435a3d0219aa6d3e826282e1e154e6dce9820447a8b77d312c16b918aa709e2fc6c81fe48566c770821f906a2f825bb0daa78cb1ff361753
-
Filesize
344KB
MD5d64458a058692ba17a57d8b99522152b
SHA1483d3aa68c0ddb81ac54297f17cf9eb362fca31a
SHA256c06b0e7689ca8e7b87680bdbe633cfcf060d8066e92048dee3a850b81c97f8cf
SHA5127430150ca7b6d39ac0721bba7670666eedc0ef37ad046abe52050ffb74de379ae47d9ec7dc3b50d61e78a56a2f494d40dfe4841007f86f828d8e381951a44b56
-
Filesize
344KB
MD57f0d7c361e2d680ebc93714715aa35e6
SHA17959ed8be4e3de25152a0343339d592b3e6385c8
SHA256562c490b6dc8a698af5143c28c7de78c4cbc27514d929753c21d19961f818a4d
SHA512ec1777227137a2b0fc07ec1832228da3f8bfd8aa10db4013079a35c6b2ca71ae20a33ffc59656f23471bb0e830d5bf6e5fcc8a51dc88c770c1da2c42956e0297
-
Filesize
344KB
MD5fc83c3b6bf2847edda1a9ade7d55346e
SHA1cef28ef0567e8bfe3e64acdeea6379761e6bdf4f
SHA25616fcfc50d8b1d87f71179a6f886580a7c6836d5419d7a36a3578919ca156ca58
SHA512470b3bc75cbc47b2c4be24c1541385ba9c1a4d209a15069edbae83f2bbb24e8a96f96b4a83f4c9286272be998bfc68b5f01a0c556d8eb3bb94c9209e70bb56ff