Analysis
-
max time kernel
151s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10/04/2024, 11:42
General
-
Target
2024-04-10_ad61ac6ac105674fcebcd3f2186cc297_goldeneye.exe
-
Size
168KB
-
MD5
ad61ac6ac105674fcebcd3f2186cc297
-
SHA1
ebfbbf8889f3d8631a2e95b281042d7bc5deb5ad
-
SHA256
1b26a8e33f2498b10f37adf0d5728536a617129973951237db58b93c50c1be14
-
SHA512
2159baea9c6db4ca6151f42ff17e4fefa63d3470de28d8a5966a132583e4772a9e4479261b9805268c20655d482ab8115833054d2e9ddecd3df5b8880f8a3aa1
-
SSDEEP
1536:1EGh0obli5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0obliOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-10_ad61ac6ac105674fcebcd3f2186cc297_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-10_ad61ac6ac105674fcebcd3f2186cc297_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C1C56CF5-5609-4773-8FB7-ACFA196C17B9}.exeC:\Windows\{C1C56CF5-5609-4773-8FB7-ACFA196C17B9}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A54E3FE8-C5D2-462f-8ADB-53FAA89C4A1A}.exeC:\Windows\{A54E3FE8-C5D2-462f-8ADB-53FAA89C4A1A}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{68205BCD-91EE-48ec-8BB5-3517F274F3B1}.exeC:\Windows\{68205BCD-91EE-48ec-8BB5-3517F274F3B1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0B3490C6-1A96-4ced-A504-B2A4513F842B}.exeC:\Windows\{0B3490C6-1A96-4ced-A504-B2A4513F842B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7EACE410-E577-4032-BBCF-ABC1B9305807}.exeC:\Windows\{7EACE410-E577-4032-BBCF-ABC1B9305807}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D135CB11-E3B1-4a82-8FB9-78F76CDD85F9}.exeC:\Windows\{D135CB11-E3B1-4a82-8FB9-78F76CDD85F9}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA639AF8-316A-4294-8DCD-4DCAAF3B8623}.exeC:\Windows\{AA639AF8-316A-4294-8DCD-4DCAAF3B8623}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B9C7C833-913A-4d66-A6C7-CA4055555524}.exeC:\Windows\{B9C7C833-913A-4d66-A6C7-CA4055555524}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6C30EA3C-DA93-46a9-8F78-9BB6DB1E37E4}.exeC:\Windows\{6C30EA3C-DA93-46a9-8F78-9BB6DB1E37E4}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{55B3AEB5-3D6F-4ea9-906A-836EF1267EC5}.exeC:\Windows\{55B3AEB5-3D6F-4ea9-906A-836EF1267EC5}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{94F88E00-7874-4867-BDB5-FDEA3ACEBF17}.exeC:\Windows\{94F88E00-7874-4867-BDB5-FDEA3ACEBF17}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C969B267-BA93-48e8-8C3E-0A6302FED79A}.exeC:\Windows\{C969B267-BA93-48e8-8C3E-0A6302FED79A}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94F88~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{55B3A~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C30E~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B9C7C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA639~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D135C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7EACE~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0B349~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68205~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A54E3~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C1C56~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD50a972a03b314fa1ab07d3165fd3bba49
SHA1c4ed5ed3df52aa6548ad280bbec7307bfe91ca61
SHA256ce3994a4d576d37eeec1908f64af74725b7b046310624fa6f3252461728a89fb
SHA512ddff6f58c79f2faba69402b08bc37aa77530e1304dccf1131c8a8cebb4f3b5c9009161141a5b407e67f2ec30f28fb3b726f72ff238049fe22787c42358eba67d
-
Filesize
168KB
MD5b144e1766019b8b27588a79a5f368c33
SHA17fa7c4038204ed86951039611e8689dd66093132
SHA2561bd8e4d8dab320fc8c533ea14d7878087c5136ac575fc80fa46a83423c111307
SHA5124b8570422f4376ed66d4753a58ca0fe0fbe171f48d9618cbfc8c74b9a382a0576cabbe43effa5bb9e4e63aefb65db4996bf702403c7afd9bd3626468be4a6a30
-
Filesize
168KB
MD521c00b63f1203af38ca75b17551b9aae
SHA168d095e32e61346ee9c9c69fd6a9f9e7a7495e64
SHA256c50483f11867afc086e2875f6b843c2694e1950d3d93cba169dad401d093f05c
SHA512c56519b8d167d8d5a42975d6e4e2a485fd266895b5a7521e6eaa4c68ffe06fe180a16271649b60cee7ad7571352d505ea21a05dfb8236a3e79b9e2e78a61fb77
-
Filesize
168KB
MD54cd55c5e630148200909fba00a676d4d
SHA1471debeb40cd721d7da5758971014f3096f69479
SHA2564535fdab396ef1e49be071f78f34b79a189d0aba657f18595c6380000fb54c24
SHA51248b40384e9b0aeb566faaca648c399222698fae0cba9ed3806577d15530116fa92da808ab00e25a5777efcb57405b2b5d767857afb516a5360587a4afeeff5aa
-
Filesize
168KB
MD5bec47c05fc4f85d665ed4709e59057ca
SHA1e4856fab064ed042de8c847aff7f3c20a765ff8f
SHA256aeff264240a9fb1c349ff04844de9225c0c2293347e5baf832b8b9c448f59d92
SHA5124cb22d602f865740f1d3ff261ebcb0616a94ff986244038e559558ec445160c3e7a3c1a8551344a30a235377f9d2455e6810363d79388df4e3791847f0f09a9d
-
Filesize
168KB
MD5c23512c89eb2627bba6eadedc249d5ec
SHA1022d218026048f23bc8e48df780cbcc69d6c48d2
SHA25635d7910b8cf7a2e4f5756669d854d53da18818e2a77179e3f51e61bc9e40a056
SHA51247450ac475d05e036ab9bfb12de9d32ebe1c33a84fac081a6c485450d37c90560ddc4028b0078709f66a5545e698b7de7f4488c7698795c77d0ca40e22aa820a
-
Filesize
168KB
MD59b1c54101cc8e3ab33adf78208c9c462
SHA1050d185d7e5964057e16b4a12ded23d6b0f0099f
SHA256fa7e9844b4cc25d7891d30b4dfc38edeb5915fc80f3fb1bedcfc50d0b4574d05
SHA512ca3165b76aac5290eed975cb2321aec302e1804202637551166f6a2f65030a6c721f69518f109c623fcf1e951cabf8131d840ad123e5ac1facef174ee5bde574
-
Filesize
168KB
MD51772b54151754e6cc03807bac57b08bc
SHA1ef098b05711f106b82a80e619626a2502f446217
SHA2560b7eaaf3d23515bae80c7f5c5dbf1cce58a1b3e31595fb264562fc02bf166722
SHA5128e942bcc70fbda5b01622bd9c65f659a8c4d4aa62eb84a165bf916b32daa7418d4ece02200152231f9a4615fcbc1991b1c86e5d8592a33513ffa33a119258797
-
Filesize
168KB
MD5e9b6898ed9d837eb14ef85180ff142f2
SHA1fb25875662a64600f9fcddabb9c0520155a62cb1
SHA256d39907642238e4f1c6d1afaf824452110fa626b5472492c94ecce1ecbe392a3c
SHA512b162e6b7221bb156678e04bb74c2793291a362b1c57573165eeb6bcb77e8c17bd204e05bac2b135a1ebba1b5d5b373d2081267494136b2fd76b03ef76f19ff5e
-
Filesize
168KB
MD55672248840c27f68ef68b54f1c3be29b
SHA13f1877f0f5dead1d114e493c1ddeea48059cd81e
SHA2563ff2a24b5d5b53c9e40c435b4378db42245e6591a5fbda105b4ca90c2e95943f
SHA51271cc4999dd957dbc9c596dc1ac36d74e2d62eec1367709aec028953ade69ac4629b13d4b6a8489000706c78ac0cedd8d22a9da9e4c90e15b00f83588471c6219
-
Filesize
168KB
MD593e921d0b1f8f02682f57a8167d66ab8
SHA1a2bddaa377c5355e1d253bd49e53840c7a0960c4
SHA256dc5ca94a5ab03797b1de3780a1bd49d7b6a70fc06ccaec5c28226557eb1cd2ea
SHA512e321ad7116fe16ead4b44be38677c12dc064bf49ca1d73d8b6a3766fa09d814dd125e4ff429ab1d51e47527419e894b39805eee87052838a86bb59473bf54d01
-
Filesize
168KB
MD5e321aa1ad3aefa34b1bc667d7f41ba96
SHA18a5689778d0650e7ed873fbc3e37a90b1b094556
SHA256d81b4f530956a0e481d6b3414af2431dd09a6722fd9a6a99dee4f534b6abb042
SHA5127fbbfb2583f8e3d3b35c88a01e881e836255c7e3ac7c49f784682d9c044a8dec5113feb74cf0c54415eadc8aeb7dc5b2bec646556ce9a8d7303ed27be94114e1