Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-04-2024 17:14
General
-
Target
20240414483bd1c1fe1040cb4bbbd3f2402df4f4goldeneye.exe
-
Size
344KB
-
MD5
483bd1c1fe1040cb4bbbd3f2402df4f4
-
SHA1
bf5f541bc96e0c3a4430b8df6667d60023200ada
-
SHA256
05c7bad576f8b6422e01fe202b323900b5d8bc8539dad1d7e80896bf445d35a7
-
SHA512
c46b0699da13111dfd1d6551f5873285aaf810d22c26ad7e31aa72886415a4f2b0a74a9c60d1bd38b76582bc982ee746a1789a1ee217d14fede3e81d962c5563
-
SSDEEP
3072:mEGh0oFlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGLlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20240414483bd1c1fe1040cb4bbbd3f2402df4f4goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\20240414483bd1c1fe1040cb4bbbd3f2402df4f4goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{65B00360-6F19-494d-861B-0206B3C66897}.exeC:\Windows\{65B00360-6F19-494d-861B-0206B3C66897}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{39C1414C-F8CA-4d22-B5DE-E678C7476A5F}.exeC:\Windows\{39C1414C-F8CA-4d22-B5DE-E678C7476A5F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FE692338-3FB8-4f8e-A7A3-E6C60F4560FF}.exeC:\Windows\{FE692338-3FB8-4f8e-A7A3-E6C60F4560FF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{25F26672-C209-4e99-8E49-C38CFFDA1B94}.exeC:\Windows\{25F26672-C209-4e99-8E49-C38CFFDA1B94}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{52711BFD-B486-4641-9448-4732378B8EB2}.exeC:\Windows\{52711BFD-B486-4641-9448-4732378B8EB2}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B2EF9C24-D818-47ec-B414-87926849217A}.exeC:\Windows\{B2EF9C24-D818-47ec-B414-87926849217A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E903A2D4-3BE4-4469-B761-111F446A0145}.exeC:\Windows\{E903A2D4-3BE4-4469-B761-111F446A0145}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{69DAEEF6-04F4-4cec-AC49-D841E7316DDE}.exeC:\Windows\{69DAEEF6-04F4-4cec-AC49-D841E7316DDE}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{974D072B-3C52-43dc-B99F-467173206C02}.exeC:\Windows\{974D072B-3C52-43dc-B99F-467173206C02}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DBAFFAD9-7604-48a8-95D1-6EA3F477AA6C}.exeC:\Windows\{DBAFFAD9-7604-48a8-95D1-6EA3F477AA6C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{970C219C-D873-4e1d-99E3-77C6C1B65490}.exeC:\Windows\{970C219C-D873-4e1d-99E3-77C6C1B65490}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DBAFF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{974D0~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{69DAE~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E903A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B2EF9~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{52711~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25F26~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FE692~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{39C14~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{65B00~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\202404~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD5269771c7277a06dfc03e80ffb4b151d0
SHA19f2547390f60e304e87f5de48052500b3e2b17a7
SHA2569d885a9a9406a6e2da56060b50f5b485899821560aec500305f25febed31e8f5
SHA512d0bb150b7c9bd5499a6710f4aa067f0239c4e3746bf5ac46a7aa84e806f05fe8e503baadcc6668d4fe606c4d93bc7a37a1b7d3c32ba1a3ac6cdb43bede673317
-
Filesize
344KB
MD551dd8603c70f5b297dcaf007275a4108
SHA1ef8c56ad6e067b14bd84fb9776489a02494c16ce
SHA256cff3ab0ac55bbbdcc304f714803344b02686950f7a1a27b7f8d5de832ec835ba
SHA5124793d359a6fdc6a98678f82576547f91565328f3c125f5ea24d7e34a5f2491dc7a2a220a0116617fc622f074b7edcd71068ab880785e9acb0c29c7483da5a036
-
Filesize
344KB
MD59ffef2757c479cdfe810279897f31a08
SHA1dc047c0e1b942f14098c33978f789fbf431c1c12
SHA256a22d57b4927e3d1ab6613705e5811aba31e53f66aa73cad9b36616ac3109d970
SHA5120de33c83ca16963e6d4b17ad029a5078f578c9eda19baba5445667836b5337c76459ad8ffd33b116bfbd59a1f98da86434051a21d02efeb5f639bc571ae561e6
-
Filesize
344KB
MD5196e990b678cd10df111be89cb7b57b1
SHA1ed8ab6ac63c32b57d6c9559d7f2ad0f639c266ff
SHA256be61ab5743a92fd85d9343074008bc5c56bb500dd2f1b12fe02adc3b1741ed7c
SHA512ea32b57a9dc5748a9bfd036537a940b6ec14e632c5ff81d35837c2967217ae8fbc68989a9a3ed5e1af84074d318d196ac2dfc1a56108d1bbc77a97da3fd3ce70
-
Filesize
344KB
MD577579ec0fae90839faa83225ffdfda45
SHA1b4257191c722a872fcd5f65ffa3521f4b88c7935
SHA256627d3106bf4e986e6e3e528c3e02dcb9d88f09dbbd06437c02edd85380055256
SHA5123a241a2d298c3c2ddb4b82dd242233d923800505a874ad02cb4c325340b377c688d7e1ea52964cdc7b98e06b2f5cf4c040d8d13089ffcd58207833f8ca0e19dd
-
Filesize
344KB
MD57c86acbecc499ee6ea3705217da426a1
SHA1f14d2a9186970ddc844e9aa859f28afc70e43d10
SHA256d9d95112152170fcdc6f58ca9f5a642956c716671a7602f51298902714358324
SHA51224f7eae7b01d9a1ee38375b3d99bf3675a1dd29f08f0206843b6fd13cbd558f809c94aea4d138ba818e19c6578cf65c9dc629e5d9da9879abe6c3f248d6b9eae
-
Filesize
344KB
MD51e9d9dfe17b4cad2a89613869f07826a
SHA10240465e0ba6c362c1407252a089474a1691c7b9
SHA256d0cd0a0945f9d8bcc4ad2186037dfe954044a647782f98a27eb840723a9045ea
SHA512030aa5b9a8c67a5396ced93e60211c53acc55dd38f74cb19dd7d75cd3379bab0356eacc02a7151466723ee62d9cffa050d5bbbe1040a1f76e394644afcbd5efb
-
Filesize
344KB
MD5f366b9c9c0652ea5b1443c0579df2dd5
SHA1ce41c77bed0dc2845f1946a31f84d4c63ba05ffc
SHA2568e62f127ba86566e5d4d8d9c153ae1a1dc000c11e4dd80270f20680dc2f44723
SHA51221295a1949268b076bd6cded929275d922d86f0d00b87d5910f893ef6ff9a6c7bff91c6691c34dc0f1cbdfe9606d5db6c03e09f64377478215c906a500500a34
-
Filesize
344KB
MD56f0ad99c3f6dc4375a23dc205e22b9b7
SHA12d11e078aa1aa381f39172947d44aca1002d0a2c
SHA2563332f003b2ae103975f3f93201e6ab594617ae9383fe741aae7979a7283d849a
SHA5129249488cac7dd821cac7a840b48e526aa4674b0561c4d25febd0c72d188ac3d8839f69c97da39ed05f8ce9e8c8f0dc89e4e3ef308a086e5633cf2cd611b0d18d
-
Filesize
344KB
MD5a556188d60b9846f80d0ae7ca5632b10
SHA1ff52945d0e2a97438a8a5164dfb0360935813b26
SHA2568a468cae35d53dd7614385af75e4e1f45f59ff95f8a243760f522538f2747bf4
SHA512fa1ec50a3b56f6e4144b6d03b95fcf28aee3f779b623bb7d2ea2d86a691daec1e4993f411bb20ba8997aac1c0b07286451c44a0128f86429fc5ecc3013c3889d
-
Filesize
344KB
MD5730f402639037930ec02b56c6284975d
SHA1986c7d0f4dc66165bef715aa4b5c727a884fbce6
SHA2560e2d1aafb82a273c29bb91fd2f4595f57d147c49b7d72ffb11faa037c6bd0efb
SHA512aa6e3d198a55c4abfab2dfbd02d4f677f8252b63194b29c307d1a607b31591818a0dcd09c4c0ebd363704aa6730a46efc5255da15d79f7f306f01e465dab83e9