Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18/04/2024, 01:29
General
-
Target
2024-04-18_37b2d54bcb4bdb258a2625134838c375_goldeneye.exe
-
Size
408KB
-
MD5
37b2d54bcb4bdb258a2625134838c375
-
SHA1
2fddbde4245f85b1e85a50e2323fc06a701b8e84
-
SHA256
683f242b916e993663df32eb6c0dd5d850c7c11285d64641cb3742d26a17c639
-
SHA512
95f9def1097f96b5754f5cf1aa567222abedb4db189789ae4245e60efae77c286409a6e668f19a059952f55698cf95ace1c6266b18c9e138ebf52390f49084a9
-
SSDEEP
3072:CEGh0opl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGnldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-18_37b2d54bcb4bdb258a2625134838c375_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-18_37b2d54bcb4bdb258a2625134838c375_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{282DBA66-4110-45ca-A682-7EFE0C10F69A}.exeC:\Windows\{282DBA66-4110-45ca-A682-7EFE0C10F69A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A16081F-A290-47f5-9C0D-1C053323D5A0}.exeC:\Windows\{0A16081F-A290-47f5-9C0D-1C053323D5A0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CDD9A246-35D0-42a5-90D9-7FD80EF2B6E8}.exeC:\Windows\{CDD9A246-35D0-42a5-90D9-7FD80EF2B6E8}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E29CF507-0E4B-4496-B026-FD4C2E65D268}.exeC:\Windows\{E29CF507-0E4B-4496-B026-FD4C2E65D268}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2FDC4A90-971C-4f9e-8CED-3F2F2A7BC0EF}.exeC:\Windows\{2FDC4A90-971C-4f9e-8CED-3F2F2A7BC0EF}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{87DD3D4B-7F54-43b8-BDE4-7438C2D592F2}.exeC:\Windows\{87DD3D4B-7F54-43b8-BDE4-7438C2D592F2}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D6492D5C-513E-4d2e-B511-D17A44430ADA}.exeC:\Windows\{D6492D5C-513E-4d2e-B511-D17A44430ADA}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31E18334-CE4D-48dc-AED8-307866883BA2}.exeC:\Windows\{31E18334-CE4D-48dc-AED8-307866883BA2}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{728FD29E-0000-4d81-BBC5-9506A9EB0C9C}.exeC:\Windows\{728FD29E-0000-4d81-BBC5-9506A9EB0C9C}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C2C69E01-3A00-42d5-8C41-E4363BE80CD2}.exeC:\Windows\{C2C69E01-3A00-42d5-8C41-E4363BE80CD2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C4F78506-53FB-4661-955C-2B17F27CAAEA}.exeC:\Windows\{C4F78506-53FB-4661-955C-2B17F27CAAEA}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C2C69~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{728FD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31E18~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6492~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87DD3~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2FDC4~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E29CF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CDD9A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A160~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{282DB~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5f057e3b359507a2e20167f2ad8813b9b
SHA14190846816f231f50af87dd7a0180249769d818d
SHA256d1f9bf8596df4c7eaa03f411b05141f135be8d58783f27879c4b38d0c7c2c075
SHA5120ceb9b547bc39623d8396a0aa960c113f8026c55819b1a5d4c6fbffba5c3c34e6f3f096ec144da055704aadfe88f21db884aa9626fe8f7aee76b704f7a977f13
-
Filesize
408KB
MD5c82dcf52b6b47696cac701f23ee43420
SHA1210060ec31a47ea347e6629019d1ed4f59c8d47f
SHA256decdcccd3b92efaea1bde60b6c89b55e300cd8c482ef058d76ae32460bbbfe0b
SHA51254ce31a0a721d8f4b41f09bb69d99a0f3c08aac610cc62521f6e059197109061f669c517b23be03c178d46ec5d886ca80024dfc24a41585059665eff3041c044
-
Filesize
408KB
MD55cae466ab3c1c09b3a32cd16f95de108
SHA100120558a666c888390b7725c35bc6a44b69b6db
SHA2561007b7b7e6c8fc82f4e40d2f45d2dfd39e958e7e883a6c5509e69031979d69b9
SHA5127fa74843898668a59c96a20e5a286a05b5020abaa00949198a9dfa83650f09a574865b611aacc8c6867ab8b7de1ac521b9122c7f6e5a2ea6880d2596da6dfbf1
-
Filesize
408KB
MD57f33ac82c6658c4ddad2a57e9132a49b
SHA139b9877b9ee32fc653d2afd48bc09fdccd2a85dc
SHA256be904b88ce645b74223c5b7b916a90edf7a88c313dfe047698f04b222f5bf47d
SHA51219b294a31d4c779859bce6b29f57383079f9cd25b99cd25d73d747dbd5d61b3c24021cb184f564f97b1c4d93ddbfe6248c136cf9a6f394efc09ddc45ee47b94f
-
Filesize
408KB
MD5f8067f2507c97fa9670a738d9f6f72a3
SHA182df2d2476f6a93603ec082163346f920d99fef6
SHA256a04484f13c4b31ce10d84d88d38764124e5238c07ba9ea0ca68c8870bbcec5ec
SHA512c8802e0f38a216d589e3a08785f7c58fa13120aaccf84f5a525e6b6324215ccb142f4df2de542ba51471850ea7580550a52cefff7606f2b1f3d76ce354646a5f
-
Filesize
408KB
MD598f3d30c45fdad58207b71ef25961b19
SHA138ecc4b8c31b16411517da8e21c70ea363a19577
SHA2560d6d68b4430e3f4e4d26447cc123a1145dfce623806b60654c2d4bc5d39e0f00
SHA51262159b7d9b023d9bf8bb23d7210210c6e19b6a7bc8c0b2102ff1adb286e40169e055f6940d9d2fa05566949d48a84317dc85edd8b0ec76f1cad7caca638ea510
-
Filesize
408KB
MD512986c4d0988ca2b87944301e1758306
SHA18e3e0b8ea3180224845bae70de8400e036808e14
SHA256d127d0906deb911f57686eaca9db93999cbfbd1afdccbb7fcac83e0358ee3291
SHA512ab9085202da0e49398f39f57bf61fa4df827e915f068279c287a69bac93497f9c8174e7066fef3ea9d6a0e68639d91d253cb17396d931c3e9612610bb441e093
-
Filesize
408KB
MD52c4e2b2ba7865a3ea0da9ab24c56d8f2
SHA1440314014606645c1f7c3149e32359c050b43604
SHA2566c0911327d85dfbf862558c95efc6bffe47dd25e7378ac5aea6595dd34dec10c
SHA5126b3ed70d2aea514ccf1029891120aaa5b45c78bdf0e6247352231b8ccb777114f633992c8d49a1eff35f2b1c4bb5e5666d0eae3a2f9c5d6adfe3e606758c5c74
-
Filesize
408KB
MD5d2c9ad83160c277c5c6ecf3fa3e3a535
SHA16da12e83ea568b61b6eb7d94fe00220a96044b77
SHA25675122e8be3b1437682709ce0eaea78e14a3323233928a272e1046734c6d2ab54
SHA5122da69317d87149de85f6b0ac384cbf61bc1c497147fccd6bb18eb3536d1610cf134cf10116adbc56a41ba38ed68dd91e870bb77330336ebc04d4a08f94cad217
-
Filesize
408KB
MD52059a927aa11956eb5a6b59297c4a689
SHA12934cb871b1dcc497ea0daf9b4a986e1c621fefe
SHA2563453325638c021c7ead955f5972ff3290cd6d8cc50dbeaba8202e65a0960e94a
SHA512c1c0ff79692d073d14bca06565dfbba352432f6f0bb76b365b44c64ecab8d5157cf663d5613dd7fd633d64e270f857b26aeea42f42cf48765ba58343b6ec5f5c
-
Filesize
408KB
MD5fa84a41a0d3e265e429be10aafa7372b
SHA142eba9250ddc42a0e80d108d563f94459fdc0a7b
SHA256777f2bf6363e47e2558e5196dc3c1a2ad46469b15445e8ed2f6f135ae9885474
SHA512067febea68af38fcc535764a8f61f4cdf166ac9cdcb4ba278a8f46fecaf27cc8bd2ee3dbca2f906167f19e412990fd328b3f66b19e8afedf17acdf005199e609