Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
10/04/2024, 19:09
General
-
Target
2024-04-10_fb2d55ad242c2b7414390b13743ad292_goldeneye.exe
-
Size
408KB
-
MD5
fb2d55ad242c2b7414390b13743ad292
-
SHA1
832b2459312e787b7bf40b6ac64b742d9b059dce
-
SHA256
4b78051774b5c521e900ca48e31670d15c06f571c98ebd87000b1ca7acdc13fa
-
SHA512
f85b85cb4489e39703adb7e2214a7d108e2fa1606f51367ca0d08c69708f65426a26d9d8fe8c40b57c2c384843951461e0df0d8e52b3c4d69ce6406409262b52
-
SSDEEP
3072:CEGh0oXl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGRldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-10_fb2d55ad242c2b7414390b13743ad292_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-10_fb2d55ad242c2b7414390b13743ad292_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C9722CD7-D4EB-4fdc-8CB8-6973A11670BB}.exeC:\Windows\{C9722CD7-D4EB-4fdc-8CB8-6973A11670BB}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FDE5FC8F-DEED-49a8-A039-DB70C458ABB6}.exeC:\Windows\{FDE5FC8F-DEED-49a8-A039-DB70C458ABB6}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{52BF92D2-C8FE-485a-864D-1C1D2C901466}.exeC:\Windows\{52BF92D2-C8FE-485a-864D-1C1D2C901466}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3AB299C7-1433-4d75-92A1-40C4D3F69646}.exeC:\Windows\{3AB299C7-1433-4d75-92A1-40C4D3F69646}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7AAEB8CA-CB11-48a2-B855-8D26407B6CCF}.exeC:\Windows\{7AAEB8CA-CB11-48a2-B855-8D26407B6CCF}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{84179DB3-7969-4768-B675-F00EE1B1837A}.exeC:\Windows\{84179DB3-7969-4768-B675-F00EE1B1837A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2D515DCE-AE1F-4d3c-8FB1-1E310E766D21}.exeC:\Windows\{2D515DCE-AE1F-4d3c-8FB1-1E310E766D21}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{29E04428-9E88-4bd7-9442-2DD30C7552F8}.exeC:\Windows\{29E04428-9E88-4bd7-9442-2DD30C7552F8}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{AD30B425-D95D-439e-9741-BAE9A0367AED}.exeC:\Windows\{AD30B425-D95D-439e-9741-BAE9A0367AED}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E8BE2323-511F-4426-B11B-139469686128}.exeC:\Windows\{E8BE2323-511F-4426-B11B-139469686128}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{63AD0A90-21F7-4d40-B4D2-02F21E656B29}.exeC:\Windows\{63AD0A90-21F7-4d40-B4D2-02F21E656B29}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E8BE2~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AD30B~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{29E04~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D515~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{84179~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7AAEB~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3AB29~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{52BF9~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FDE5F~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9722~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD589ae19ce1b9926f6d2b3ed63e8d36a8d
SHA1f1ec52afd12d8ccdc5dd063de93d2aee1425cbb2
SHA25682273971908658a1d2a789b8fd85a205e4b1d47867162d91eec4e225732ed56d
SHA5127def3f8bf62d75b8dda4639151b0288d780e8adea1e7be3f9cbad2e874ac9a9632dbd981fb193d4a1b3da83806885b2ea2f5e5691680260af59ff6f17c5f9fca
-
Filesize
408KB
MD56e92197d9c6878776e84beb39cad0587
SHA14bcbcfa5ab984bf1a1da18b456de389982d8fae2
SHA256cac87bd5098e1064e2f688127d75918826bcc675e6a53d36ccde30b174c65acf
SHA51250c5282bcedd55bdbb4896f394196426dcdc6c42092d7100e2feaa3b388c26e85eb300b9ab050e64ea60068ca88c4b40e12b4f8b495fdcae5427b01428130844
-
Filesize
408KB
MD59ae4cb47bbfc478d2842c67bf35392a8
SHA12b819b68fc90d706f888365d77c4f233878ca13f
SHA25616c4433d7802c8d7f0fbb791ff75a1a1e859e643de8357dc7c01b1c789528a0e
SHA512c7ad19b3402aa9a0c59aa21a3d754d860243c3beb22c2945b9990ca2efe863c9c1b97419f99631b5b4bbb855a02d437dd9687eb20f0cf735a9ad31e103074191
-
Filesize
408KB
MD55eb6f3b6c6bfa625344ffb795437c81a
SHA1a1997c5c534c98f586b40851913b0e51077efa1a
SHA256b121dbb35d2832df551643c33859527c48d57b455e983dd736ce7f1efd2329f2
SHA5126f6c0415052f93fef75429f9ae17142456581860c4f78412eee4e60e3f299f1632764bcd3b8e72577832b3645eb83013749570f73b6b9628e0dd68b093ec2666
-
Filesize
408KB
MD5081ee7d93829d3ef0448bb25ccf1cb65
SHA15d1e590363e7196c635b2884a831db4bc85244b5
SHA256c407b47a7fa76b6682b269a2a4287b14832c19c4aadb46dc36eb521ad923132c
SHA512cb6fdcbb0d52e184a4105bac578ae934ee3ac5612f8e14753bf52b14b9f9ce40612b7e682d8bba8e154b86dc1d45767710fe2c7fbabae9ed72619e2a8839263b
-
Filesize
408KB
MD50abdedd8ede4084d3b18dbae04bb4c06
SHA14ff58ea0ed1a2e4f0dd6b170f83268535375dd32
SHA2568a245e74ed963f2773c86c3a86db13bddcfc931e9f0c5bff0a1dbeb152e6f4ea
SHA5121950350ba8046c849449d11b76aeeee72d605479e13b3dbaf179118fc0f29dbf2182175996b5c9a81ede8c5a23b8183a767c8b4dbb26679411b392fbd21444d0
-
Filesize
408KB
MD5fccbf3d4254ae39b9f83d57af88e4a81
SHA185fb1d03c8af619cd232e831d4344575d58283b4
SHA2565421fad12cc0e56d15d51e44d9d198e1f0b7bc2ce4b42b9da6299807ff99460f
SHA512993d7a493aeb47d5a3c4e5ce20f43ad372914fb2fd26acbc5b63e43a11abc24702d3789bb36079d3d0f6fd530d1607ba42c251ff35998223c0cb3a261448f26a
-
Filesize
408KB
MD55d9ce3cc65875d33a0befdf096797228
SHA1539d768e7e0f0812b711be73d9a2f36a430cf4f0
SHA256c1d1d78836c4b900514a47316eacab5a6f441533966b0b8976171b34aae6f843
SHA512ea8ce7c4ca8bf2d6839d52bc4deae760d82028505c33cf465f951162637ca86be227877a1b04577542daa9d16c666c4565318d4152d9bcf381be336e312161e1
-
Filesize
408KB
MD53404e6d0d29871ea191927865cdf6959
SHA15c4efe54c08ca4808123d6d8f8a57a27a0d31430
SHA2563ef470afb91fe16bb73a6b73293cbf216a299201e47c2bdab0b146317c651a66
SHA512d76908b8f27879f8349fab75ef61538d4482116a5a54390de136e789a030975f583da9c66d4f1010b12a0a740f58089985ba43d9fa77d55f9e9ce2f560b2b316
-
Filesize
408KB
MD59819d69e33b94c1b50cbc4ff49875ba1
SHA15bbc33593db04a2177a3a7252ae46a451bbbbeef
SHA256bf68f398e6c2a96d95bcf21408ed21293416702c2fad5761fd277767cacd5bac
SHA51263098f94a7229871e63ae3baf7c1cbd47bb35f047673394e35497b23616abb75168f2b969beadc21d1b6375ad338961a31f0c51bd41a55ef9d4ec1b76a468d63
-
Filesize
408KB
MD586687c6f94c8b36f5626a120e7aba616
SHA1f87ef461f3c7eed028d868094a723d18d2d88173
SHA256fff4fdd0289bd9b767200bd5e0acdab29ee8ac83b33fdaafffb5702f1de08df8
SHA512e8b9059d704dcb6b07b67610063445fc93e6bbffc1a6fa090ff08b6d8870f757572665259a9be6e526396b35954d67fe76559764d6380ed42d48d76f9d818418