Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
11/04/2024, 01:27
General
-
Target
2024-04-11_0c2919966419f6e5ee6ff492a18f931f_goldeneye.exe
-
Size
180KB
-
MD5
0c2919966419f6e5ee6ff492a18f931f
-
SHA1
ac2babbb07b320b546caeb103c0d8042140f30f0
-
SHA256
c027eb3e7ec5478f30739f44e3b9dafc0d7390018aff3ea19da8b02d17fdfd23
-
SHA512
1c376cfa1e82924a2322d9ab6a7a3b211b28d63a90559ea23f6b1cc3fd1d2723d1ebb45150663cbaf549c9a66e5000f27425d0f12a3433dd5b6225171d92af69
-
SSDEEP
3072:jEGh0otlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGDl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-11_0c2919966419f6e5ee6ff492a18f931f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-11_0c2919966419f6e5ee6ff492a18f931f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EDC2670F-55F5-485c-9989-5375A2A530F0}.exeC:\Windows\{EDC2670F-55F5-485c-9989-5375A2A530F0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CD586648-34D9-4d51-9ECD-6163A5F85A25}.exeC:\Windows\{CD586648-34D9-4d51-9ECD-6163A5F85A25}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{45785BC5-CB3B-43e5-B0C8-69E32C633B10}.exeC:\Windows\{45785BC5-CB3B-43e5-B0C8-69E32C633B10}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{51F9ED4B-564B-494a-8C19-14856DD190A1}.exeC:\Windows\{51F9ED4B-564B-494a-8C19-14856DD190A1}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{353F211C-45C1-43f0-AC19-8567FEB9FE22}.exeC:\Windows\{353F211C-45C1-43f0-AC19-8567FEB9FE22}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CD7FEB27-1996-4050-B63D-398BE5400EF5}.exeC:\Windows\{CD7FEB27-1996-4050-B63D-398BE5400EF5}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2364209C-863C-421a-97FF-7C2D89499571}.exeC:\Windows\{2364209C-863C-421a-97FF-7C2D89499571}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{118E6474-DD78-4d28-8497-7461E6A69C2E}.exeC:\Windows\{118E6474-DD78-4d28-8497-7461E6A69C2E}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E630C082-8BC4-4a99-8BB0-63E4025556B6}.exeC:\Windows\{E630C082-8BC4-4a99-8BB0-63E4025556B6}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D292669C-7311-4e66-85F1-C6DF617F4A22}.exeC:\Windows\{D292669C-7311-4e66-85F1-C6DF617F4A22}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F1A55D47-1165-4f07-A0DB-2085C1F3D1F5}.exeC:\Windows\{F1A55D47-1165-4f07-A0DB-2085C1F3D1F5}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D2926~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E630C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{118E6~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{23642~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CD7FE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{353F2~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{51F9E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{45785~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CD586~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EDC26~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD50caac60e44773a4ae7d37aa12800eb9e
SHA1f15e6fc0d16656887a168e59133fe7f1051d42b9
SHA256b1f01cebe4861fa6ca86ad4915eff362fed051c54e50477e071f4026bda7dfd7
SHA5122da0ad69ccc961610526a2b9d080163130c56c66049de9f31c868f24c855d44ac53d6159860e27ab1285702a339627f439a98585f18b3ad8d411af582c922d8d
-
Filesize
180KB
MD5f29d8e489ce3097732fccff806767acf
SHA1be2cd381efe3500ea24a213f4db1a6f206aee0e3
SHA256542ee36007330401c98827ae791882e94f65f315784a1addb2911c7b3e311590
SHA512767e908661b4fd79e0a9ecff5fa82a013976fa9232ba42f87a7a0292d727dceaf1d0defa085592a7088c53892341ae8c6fdd88c2fd5259a9b5fa0beeda85188f
-
Filesize
180KB
MD56b9b6250322f29e3aa917da26d0b0d8f
SHA1d9de50053c7ef7612bbbfe3402942acfb04d7248
SHA256945ee9c35ed1dc2de3bb5c991202b9b1a0e3618a92309901a12a0a37b8f88dee
SHA512e0f315fc8835ac8a6441efa27352fb0be4077cca8c072903e2bfa26b1070d1d0de7b24a9240a360d0e8c70493dd600a161f84aa5bf92f570e96a31d51ce7eaf5
-
Filesize
180KB
MD529f6659e8d18fbbc0f3d6c47ba1db99f
SHA14db54c72fe8c8a20973372715c4f3b675c4814f3
SHA2563f60f7356b1854dc2b6b8dfb1b7f37e81ee35976c561331b99eebb852c40d309
SHA512e1411436fd5eda9846b51583350c726ade8d0678bd3dd8bd096f5a0d82e476c4838b838607cc6170acdd8191aab686df0b44253fe10c0fe97ce7cc224d44b631
-
Filesize
180KB
MD53056c7d864f321085121017c868ded3c
SHA146d36fe3ce0728aa79d8107923150a2cae066b00
SHA256d348052c25003515427929bc2cb7880651824c926de2786de6cb4173413289cc
SHA512052a7c777bc2dc1b3f7792a4cc729999aca1fc4b838285d0a717f217e9772e2d8dbefbd10b8559991a50509826cf5e508b7615099e29c1f5c7239aa7bed3b657
-
Filesize
180KB
MD53f70ac3434e567157b42e93c0f191591
SHA195b0e1b8db656710c19abdb7e9d40e45b068583a
SHA2563e37968f11802ca5646d3304e90cf3e84936cfb2556643c97b6846adae68ba20
SHA512de3062923851e644b79c29cfcbad17729dcb01ece46717e0cdbf359b33666f9092627d07c67f98bb52dd6a474435f8c1deb709450a59a82171c2de791105e400
-
Filesize
180KB
MD5d6cdb4f5890c4dad91e5bd5f6f5ca173
SHA1a2312d4b25219a9e4d48d46d9dc1e7c61a08cb7f
SHA256dfd2ac3b362a08b8b309b2ba2b366213699a2d59c370d78f9fb72da5321f1acd
SHA512ad7db614ca98c0f47799b26fd06041afd2234ac4f74f63c9fab0ed97f35ce82cba4837a0424a609b7e0d181fc11efa7350c76b91f8c60b3b9eeed5f2e53bcc9d
-
Filesize
180KB
MD5ac0bb6ae810cb38c16fdeff23c81d38c
SHA19845f0266e8551eea42fce98a4f440e1cab27a75
SHA256e1a99925ac5013678d4ef79dccc08880ef39b43b67e0a5097ba7e35115fd6be3
SHA512c7b2c0eb0a766385360373ae2856836c9427bc615a0fb877bf6b5340284d740f31a8be7cf9da06949b4958f05f01a2b9da9c2122bc9487b1431069d6306d9105
-
Filesize
180KB
MD5cfd36a209cc52c45d73f070b65f38cce
SHA16fc9c4afe0841d8b9866da95b849b1772f612451
SHA256b754c66b3f0927c88e1dab9a6df7801fd9b92809da3bc525f5a156e72627f16c
SHA5129c4a62f449e6b87e4c1ba1782093758f585733bcb589239eb60fed541c17a8ba3658ded68f1294d260209f8bd4537f92a1ac4b90569cf4e74981cc5a4e999b9b
-
Filesize
180KB
MD56b91de354aecf397fdf5046e890a7ee7
SHA1d1e04200ee3c239ec0ec723c573d09d40445781a
SHA2561561ee08cb2693f1c1c3cdaa1eabcadc281f11f3f75f64f7b0cc5f4d25e69ba9
SHA5129ba68ce795e005fe1032257ec958d289c896a7966c4e6b60f89f15d201d6ffd22663bb86d8bbe9e1b4463fa944b807e4b0fc7b3afa36c18299290c6ed50bde73
-
Filesize
180KB
MD549c5a10e3e8ca70ec146549b32ec0c1c
SHA1ecd6e008aec40701f3a6ef13c4a1d6d17745193a
SHA25650b743275dbb433e63204d8d016e21e4e0efe9d1f63370ed90f982349288ea68
SHA512f82364c026ee6542084888ee2c3656c5ffba59fa49632a4708dd8518eba86aff5ef49f972a108b63ff499b6dffb7d1baf71ed1b5fdc16d10fee1cee773ee1231