Analysis
-
max time kernel
144s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09-04-2024 16:18
General
-
Target
2024-04-08_3322a9b5d365c0036849016c7b525ef5_goldeneye.exe
-
Size
216KB
-
MD5
3322a9b5d365c0036849016c7b525ef5
-
SHA1
23b756e276ccbad1d9a47a82743bd0c93787da71
-
SHA256
f70224bf1613badf11cce9f03fda6e86f176da36dc6c4dcf164008ce4138dfb7
-
SHA512
3510db687915b53dd86294510b9996b1af843e2eb9fcc1eb74634357bac526dd88ed8748b3e5c2fe814185c3568f9d14025d268ea12771500bb6ae0e7f8a7e48
-
SSDEEP
3072:jEGh0oCl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGolEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_3322a9b5d365c0036849016c7b525ef5_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_3322a9b5d365c0036849016c7b525ef5_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{71BAE844-056B-4537-AF23-0244BF1861C9}.exeC:\Windows\{71BAE844-056B-4537-AF23-0244BF1861C9}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C81A4BF-61CD-45ce-83A9-3188655600F0}.exeC:\Windows\{2C81A4BF-61CD-45ce-83A9-3188655600F0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DB95F53A-ACEE-411c-B2A8-52AF552E0DAF}.exeC:\Windows\{DB95F53A-ACEE-411c-B2A8-52AF552E0DAF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A0C82A7-717B-4aff-ADE5-9DC11A004A8C}.exeC:\Windows\{2A0C82A7-717B-4aff-ADE5-9DC11A004A8C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1E27C767-9BB0-4163-B9B3-761940058BD8}.exeC:\Windows\{1E27C767-9BB0-4163-B9B3-761940058BD8}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AC964124-004C-4ebb-AD81-2E3DF8E73E9B}.exeC:\Windows\{AC964124-004C-4ebb-AD81-2E3DF8E73E9B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6679B785-CF86-44b7-B286-9A41110C84A8}.exeC:\Windows\{6679B785-CF86-44b7-B286-9A41110C84A8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E2946778-2BD0-4c71-A8F3-C03A7D1F6049}.exeC:\Windows\{E2946778-2BD0-4c71-A8F3-C03A7D1F6049}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A18E0B67-5E75-4b08-97DD-68A62D123941}.exeC:\Windows\{A18E0B67-5E75-4b08-97DD-68A62D123941}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2462F0ED-1B4C-426b-85D1-E84F6F2B06CB}.exeC:\Windows\{2462F0ED-1B4C-426b-85D1-E84F6F2B06CB}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1CB5ACDC-1557-4857-BE93-F7B72D09C2A3}.exeC:\Windows\{1CB5ACDC-1557-4857-BE93-F7B72D09C2A3}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2462F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A18E0~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E2946~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6679B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AC964~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1E27C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A0C8~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DB95F~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C81A~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71BAE~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5d057b2589a23156ec8c5aae1df7b4794
SHA13cdc94492704873425e04e5387d56df570bf42d2
SHA256fa8e948fb55c1c4f4f65d65628697664e0722e73ab9d917f13307931ccfbaa8a
SHA512b7843c5e9bc0c1711624500ed816092c6f0749ad0fcbc4bb1f6c432f58b69f3301e828e8938e201623c058d23360489caf990345e60735fa9b1dad528a0f1f12
-
Filesize
216KB
MD54fe753730284a8eeebb07c0b7010786d
SHA16e061ab8e4349f2b4795f58cf5def44712c19ab6
SHA25651358ae4cac6e1126a9c192715d4011f61067a307270cf08edd0a1056c434b30
SHA512ec65c70146fbb91789d4a3f29ad8bff9dea629ed66ee4d957b4fd93cc1e70a081674bf51a033a1aa4112cb6a998f958129b52435f254df253fff1e4be2c17916
-
Filesize
216KB
MD54e35612c1b55949f0c53937d3c8afcb2
SHA119db8e1e30d4c7c3669449000ec11ec39ded592e
SHA2569f4dcabbda1230ae619b338bb43c40c3f412e38d276f60cfc6340ffcaed443d2
SHA512819717315a9b761ec20decafcfae43149ec7c8cb47174c52aecd5f8d82df7acfb4c8520b6b8c6dd523219f1c95ade68b57247d290456cb410c0526b19b92aa6e
-
Filesize
216KB
MD5075e46400a3229a98078711931f1fea4
SHA13e4316c763c889c3ec8abd6c059602cc0a5d041c
SHA256ba17261adcee7897647fd32bb73568e25752de77b935358a1abf0e370ac08408
SHA5127796d23550f5489c95edbf3bd943b135b0f1b0e639f47204985dbdcad5a079c40590156ca13ca3858b6e24ac0c47e7eea96d84b024126b75b7a3ea6257e684b0
-
Filesize
216KB
MD57c7a51fe5751b5578ff7c45dfe0d9cf8
SHA18a1257d4dcbb39774e776354e27423ce48fbd712
SHA2564307fae279aeed8d5647c50a49ec8d0a496577f8076030fc086318c6621c8a99
SHA512a846b2ce20e8cf4a02a0eed4e8e3efb094ee9b6fd30d7f47d3143783a141ff2dc48707355423fb893a2aaca8a056607e99c9a0f86097e33bdcdf5ecc9c2eb78a
-
Filesize
216KB
MD591f11f09b2d4f22d98e50ca2c6d384ef
SHA1903fc17c6bab1f976fe752e23e733e9e4f3c257f
SHA25656a54ee83fbb7e960a458aa9df4d646e360c12aacf30e6d88ebb2b852b2f08f9
SHA512355b02fe4334e187e892ec785b8c9c62e7ee4af00d799599927234b4523e4cd072d44346e6c814f47ac785cba09d0ce6996a93b9e9ff8c0592ab0d0ecbcedf7f
-
Filesize
216KB
MD53e5ef94553593b098ef2450eafa651ba
SHA12b3152ae7a83fac0081caed917f8034e84fc4016
SHA256df84a6e20d1f6515091ffe90178a386c91ae72b44028d6dfec57153326fd6e0b
SHA512c408629c9064f19599970b8fed878a3cd1ac5a281e81ad86bb51b13e7faffc840a9190287a0d4837cb827c3a3613831a52be5a62eb27c22c60fa53be410dbaf4
-
Filesize
216KB
MD56192f57f46e6e6148c44a517f9a19700
SHA156c2a305e0ed56e42bebcfda1cc9f0421bb06033
SHA256dd0c10cdb8bfb0970ded96faab56a0bec45e4f42cede0c25819415d68f909925
SHA512a21933ec169fb6e3612b63907676261e607aa6c046acf819c52e29d3c34436629f9f96fad816871d9e2914b631e1d1dab1e6a3bd8addd534cbeb017e74c84ae6
-
Filesize
216KB
MD55040704051408a48422ea1dedd8f265f
SHA1ebe3733e9605154ebaaf20e77294e36c75b07c61
SHA25671204112b7f7369290a42cfa92883589edbda00046218cb0a903e1ee3da6ccc7
SHA512666c20cd710a17aee00f28bef6b2fabf352e0b440d0450ea0922261ecbe7dac49baa07861933457e3f1afd66b28812ed3bd2e7f81d62644af6b7635a7d9fa23f
-
Filesize
216KB
MD58707c5db6cdc8cc43db8bf4d5ba62b7f
SHA120ce6fa6b33c2d938800603bfede6346f053d5a7
SHA25665dc6abe9324a409b41326a7b21114a11bab2583e005bdc6e4e85574052ec513
SHA512963dbe6da4b3a4a0f5d849d9db2a1ec4ed07888746a2d9407407c53a17e32f75b8eb576637ceac101cb46e824565d9ba87b05aaf3765d11a74c8d9a665c17319
-
Filesize
216KB
MD5929d6c2dd3d907941b5d738e8a01baac
SHA19df039d046182052bc385fc4c9b0bec68fac2bf6
SHA2561c751f9f380656c705c9661a443e5b4c945628dc73bae8042bb7a2740b441a6d
SHA512f33155dc6ac898ed0d6d241a9371bbe4db5e198ebf3089d98a8d5caea64f860dff197917831fa9ca4dc540648cbb5fca10654841f03e6bd92823e97a3b9955d9