Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/04/2024, 01:48
General
-
Target
2024-04-11_a9aa00ae5e998d65b57bcb80ca6353d2_goldeneye.exe
-
Size
168KB
-
MD5
a9aa00ae5e998d65b57bcb80ca6353d2
-
SHA1
e7a63445efeebaf4979130e03bc3c54d6456911b
-
SHA256
0b8eb6cd16405193c25dc34aff9c86465c034d46c757a786b64b7f9401106622
-
SHA512
21ad924fc980a1a28a9e9d529da16623fea57e09374887c16a34fa4a46ff56abdd0fbbbe2e185e9034d98aa0b73cd95d70afea2277682c920a7604b89561a9da
-
SSDEEP
1536:1EGh0osli5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0osliOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-11_a9aa00ae5e998d65b57bcb80ca6353d2_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-11_a9aa00ae5e998d65b57bcb80ca6353d2_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7FF6E652-A2A5-46d0-AE9B-E195CF3CEB89}.exeC:\Windows\{7FF6E652-A2A5-46d0-AE9B-E195CF3CEB89}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{82872B5E-FB3D-4166-ADE8-1169AD71CF0E}.exeC:\Windows\{82872B5E-FB3D-4166-ADE8-1169AD71CF0E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7C2859DE-5F10-4e34-A07F-882F759A09E5}.exeC:\Windows\{7C2859DE-5F10-4e34-A07F-882F759A09E5}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4E10AB2D-48A2-4e05-ADA0-B5ED6EA17818}.exeC:\Windows\{4E10AB2D-48A2-4e05-ADA0-B5ED6EA17818}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EBA19A0E-B4DC-4d1b-8BF6-247482B3151E}.exeC:\Windows\{EBA19A0E-B4DC-4d1b-8BF6-247482B3151E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A467D1AE-0E99-4ab8-86D7-1235AFB73CF6}.exeC:\Windows\{A467D1AE-0E99-4ab8-86D7-1235AFB73CF6}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{925296B4-50D9-46d3-9392-BDC49CECD1F8}.exeC:\Windows\{925296B4-50D9-46d3-9392-BDC49CECD1F8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7EC93992-7D55-4f5c-A4F7-AF4B58CD8D66}.exeC:\Windows\{7EC93992-7D55-4f5c-A4F7-AF4B58CD8D66}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8FEC4658-5547-41b4-9A37-C5F98DBBF2CD}.exeC:\Windows\{8FEC4658-5547-41b4-9A37-C5F98DBBF2CD}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{156D1818-E7B5-422f-80CF-B2A0A8FE6441}.exeC:\Windows\{156D1818-E7B5-422f-80CF-B2A0A8FE6441}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{37877B32-4DEA-4d5b-8DBC-1923BFA014CF}.exeC:\Windows\{37877B32-4DEA-4d5b-8DBC-1923BFA014CF}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{156D1~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8FEC4~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7EC93~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92529~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A467D~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EBA19~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4E10A~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7C285~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{82872~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7FF6E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5261c8b3923f64f8590b0d0b4403bf5e1
SHA114f26aec42a453e9ab6aabc42f10752373abe733
SHA2566adb3c28caf5e0203e81c1a01955c4a64bf4e4f19870940294e26c48f9f7f361
SHA512d230639f1825e40562229024e847430c9bf49866d5acc96816e765268192a18bfc3a9093e4e8cc3b143d9f20d61419717519a71390fe191119f28dc069dde707
-
Filesize
168KB
MD5724b99edf9be88a53e9a283b058e7365
SHA159cb8bb24e27c9f277988ca31b4a8e4651d25693
SHA2562bb6013bf73f92630f8dd09d74a4e48e09bee6862a688befda1d6bf2aa84567c
SHA512e1e7cd00fe9a67348cf948f0fc8d7781dfe706fd51d875655cee03bb97a15b8297778eea4f3508a751a7f0524a731d123c5eea791c4a47c4892a42af1339ea8b
-
Filesize
168KB
MD5319cafef5460eea8cd843a2b3dbdfcff
SHA123c3437dfde2cb130c684fbb4464c98c384ea9c2
SHA2561e21babd58f8a184887a107075c45061fcc150c357d4fac388713ef15c87940d
SHA5121fe853a785018f576a94aa14301e1a19a2fa671dc9f86d213580347b528bc22ef1f8c147afef39d919afb416409a4c5507316e7219ca126ab9955528cadd2d0c
-
Filesize
168KB
MD57555c0f277e672a6c4c26d3daaea9596
SHA1a892e0ae5e66e2289a5f7ce020d0b451a535a8ee
SHA256935c6b5cf91c4d1442c2484274883aa161e00694e84dd85e25caedfba49bf46a
SHA512e15d908585248511d6f6751043810177135566cbb95ed1367096f7fe2c9b45e82c91868ec4010ca722f9b10674962f7ab544716785dd996be5d1d6a6780f9bf3
-
Filesize
168KB
MD53b5aad29d98fcd19da89fe11c7bbaa9b
SHA1ae5cb1053e38ce18c2017dbb6985e89e65c73cac
SHA2565386efdfe23e490929708ed487aea049b7062c0f709dd3efbafc6bad010ccbeb
SHA5122ab7806b212638ba9fc33c761044fba52eb786c791c031f4bb5c056e769507e4c7c2e74ec963a4706e7204c642ed4dd01b056da2b6360c2c2ca94753cd631593
-
Filesize
168KB
MD5220f2890688a8ae6d518a48319970fe6
SHA1338d7bd834b58fb61ed3255b5f17da04f8e489d1
SHA2568e56f58101a961102ead1221966fad98af0bf56e8d84c20760334d595e332e28
SHA512665f8aa8a04bbb80bb399060e0e337f649743062828da4e8177d7bc1f5986db47643509489f0b7570d32b5829a4918d88d07f3f44aeda05be260274b9a69fcff
-
Filesize
168KB
MD5621869c6b923366cbf5e4507e3850153
SHA14c73a3fbe261c8f1fe8d04ff66f8080857445b56
SHA2568fb7944ef0356d58da568acfc9a192a77c86920618c41ab031065a27726c23b5
SHA512104bd77061df6518ce16cc2a82c51e62844794859537ca341c2e709db14c1b1bf646bb3cd4287aa72d8283cf88b1460d15b1c3982f18a50e5da4eb8d391ddbeb
-
Filesize
168KB
MD57bb9ffe9273d6eda6c5fd916b8b8d291
SHA16e546801338bde6c42bdb11763e5576e099a8e37
SHA2560bc374e1e8463860182715df46998ff88afce7578a4771a6eb0f5209cd62ffec
SHA51225296cf7f452d9ebd862b001555df9acbe68de5309cdc2b67a2737e051fe57cbe18dc6bae8cebcb06b25d61ae3f04619068273730343d91d69b30f8c467f26bb
-
Filesize
168KB
MD5c7cea15efa3439d2942427bd15eb8715
SHA13faec8497bfb8f80eb167adab1ed67e4a331c350
SHA256aa675d169a05fc433457d4270a8e819ef47ad517bfdb6d161e94ea63a799bf33
SHA5124e67fd104e68b6cc6d7452a16383848c2f7409a1254db8f10df92b247031bdd6b1002397050afdb1107fdc1396ca549cc1fee1bbecb3d7967b1dc1c32981f248
-
Filesize
168KB
MD5136d627c084571433b859fbb18c6545e
SHA12073537910b5541e53ca3e19c562ac0afb9a8b50
SHA256cde523b3cb9a9cd83bdf4cf0cc71425431acdc940f52dc38ea529ea7b5f15f8a
SHA5127386881af78b48c18e80102c0d298a6df2a6481b816d191f18558ae2c2526330acadfc9b18b2bd6107a4bd0b7070e37c431e9e702404236d9d3b465f01ac334c
-
Filesize
168KB
MD59c634aedc93bd9f1e077f789286f3997
SHA13b13fa1597577701aed566161a588eb2b11e81f6
SHA256de1465fcdd9e876d288b054c67a4aa8a8ebaca2f940ac88835d0b0c1b364a781
SHA51200f8afb7dd333d15897654a0fa5debf6467e64ee81c88b1e81fc28bfd04552ff2a98489e82336d2bfee9e8feab2d64bd60688ef45936d54056de744137dc8331