Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19/04/2024, 04:25
General
-
Target
2024-04-19_b8bdf4becbd92fe41587d3969de18149_goldeneye.exe
-
Size
180KB
-
MD5
b8bdf4becbd92fe41587d3969de18149
-
SHA1
cea2012236030470179edf933df9bb1f73c3785f
-
SHA256
b579b81025a40428815fca1987fc1c53d8fbb8f0052d2b5dd83d02d30cf9ff61
-
SHA512
105304719130ccebc85e8715fafb377181d6f65dc3924cee453a3c375c1468e46a707093617fd5e921113119af7a33c22f1dbfb4ac5dae741cca42ecc7685a0e
-
SSDEEP
3072:jEGh0oulfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGkl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-19_b8bdf4becbd92fe41587d3969de18149_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-19_b8bdf4becbd92fe41587d3969de18149_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31482B43-EF49-4212-8DEE-F3FB12AC26AC}.exeC:\Windows\{31482B43-EF49-4212-8DEE-F3FB12AC26AC}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{24762929-691C-4e32-A220-2A2EF3BF4A34}.exeC:\Windows\{24762929-691C-4e32-A220-2A2EF3BF4A34}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5F643E40-88E9-42a9-8CE1-FBAF83CCD443}.exeC:\Windows\{5F643E40-88E9-42a9-8CE1-FBAF83CCD443}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A64C5735-C566-446c-A6C8-83F3D153062B}.exeC:\Windows\{A64C5735-C566-446c-A6C8-83F3D153062B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0B3EBEA1-D2D5-412e-A429-15B4F322E767}.exeC:\Windows\{0B3EBEA1-D2D5-412e-A429-15B4F322E767}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8015CECC-0BF4-4b3c-956D-89C7BED220BB}.exeC:\Windows\{8015CECC-0BF4-4b3c-956D-89C7BED220BB}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1D197320-5F95-4ad0-A9F6-16290BEBB35F}.exeC:\Windows\{1D197320-5F95-4ad0-A9F6-16290BEBB35F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ED4D6510-15D6-4643-B905-977E10424DA9}.exeC:\Windows\{ED4D6510-15D6-4643-B905-977E10424DA9}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{ADA466DF-1BDB-431d-A15E-7F6936FB630B}.exeC:\Windows\{ADA466DF-1BDB-431d-A15E-7F6936FB630B}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7299A6B1-5048-45e2-883A-780E3318C84C}.exeC:\Windows\{7299A6B1-5048-45e2-883A-780E3318C84C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2CC85606-4E1F-4b12-AFAC-6EB7F4552363}.exeC:\Windows\{2CC85606-4E1F-4b12-AFAC-6EB7F4552363}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7299A~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ADA46~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ED4D6~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1D197~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8015C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0B3EB~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A64C5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5F643~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24762~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31482~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD557e736a9ed15e46af278c57b81a70852
SHA1574122d6999f6af7a6b2f4f77e622aea949cfa3b
SHA256a11c9cef093e79fa9571b12962a82090e7ae761258c3f8dd914a62cb96da8fb8
SHA512a249d88443d93296cc364dc686df79e231546a895d5056d77c1248649607b9f6556f18ec309c69db470c0707338a7910ccbb4ddfc98e745f38ce4bb341a26323
-
Filesize
180KB
MD57bc568588f05ceed4d3737ff97ec12c3
SHA15eeabc7630e6d2964494b313117daa47080e6fed
SHA25699c9471f3be25c7426bf4dfbebab4dad2e2c3fbfb726b7375cc717a521e0f0e6
SHA512330225ce744c2c29d7109825d5e92e2a03ff4a6410fcb52067a8b73069de2ed76da6c0e49f55a686b8adef9f6dee2b4eef51df659e3cc7fbbed2f7ac4edc8542
-
Filesize
180KB
MD5eac824ea4c8800010620a8afc752e814
SHA1deaca98960a3539303c0fbd679744578f74ba38c
SHA256a697cc501517ca1105b35aa495f98e15bc816ef3dd6218d39f492f934aabd282
SHA51296fb7c6a214ec5ce0c628c268d63755a7db505c8905d70c6313b0c8ac5467e3b7235ac993d586e240e9c36296701d1645bfe2ace5b724da5f1f8ef966c0c40be
-
Filesize
180KB
MD56752b78d89e631353c89e1b5f1def495
SHA16e5cd91786eaf4819d6f3a84cf4e9b4e87b38175
SHA25669c62bd97b4e82805efd742de20bfd1a39b87242ffa4c7ea43f1d102052bc446
SHA51229665d794bb5227915d8edd93d48644d37c06499c4bae3c4303242b32469f3887046ee281443c9f8bd0215e2521048e6bf4e7f2b27f3fe1502b2e754848c0eba
-
Filesize
180KB
MD5de4627b593ca33cc685e0063ffd7bc2d
SHA18a948c3464a51e393dda538131485f8ede63525f
SHA2568b7ee64fbc9cb05125aeabb04c8dfaf91a3e374b8f388845fd06d5bca2c26052
SHA512a6171ce5df042ac35aba04988e722185199cf9692d39e57485f01b39c591dd025f792321b558ebd644aaa57e24cbb8b97a96615b0a2eaec93fdb2d14ca081a62
-
Filesize
180KB
MD57bf7643dfca8bacb167807220d4197a8
SHA18b106a78bac9f695bc543b271803120c7f758db7
SHA2563b0c427501ce08dc2035048e0a63121bafb3398732577efb6b578122dec90a62
SHA51293e64bf4a24c7709de83eefc6a53f3ebefb61afea6dd62aef5877457dd63f66250f97e8cd9c0956503ff5b6199f7b9dd1823b72f14855b54c018af238373b198
-
Filesize
180KB
MD5e503592471c38699728533dea12a176c
SHA1f757b051c8ebf2b0b6cacb93ccbd657b23ee8d1b
SHA256e200a44c16e419a1e6871a548c228be92fc383eb0b2421047e8e49d3a4a4b3ce
SHA512f4c689901d99984dce8c9af2b76123e8c27b1744ba37c267c40c7c656f61db3365a616d665ecd856a6ec956148a371994563c040978ec5733414a82b2934f3c2
-
Filesize
180KB
MD523604d4cfbb0555f63ce47b7468a4a30
SHA1b766d46cb1ca53c255553072fc353b3f704c603a
SHA256ea4e43c86844a81e2723da55b454efbe6b7c12418dd9056fdf9dc32957dd720b
SHA51247c7661eadb96d21614d2b7308c519baad7cbc3df810d49d38959e8dcf316469d6151ad0be907d0ba693329cf312877d162c840fc7c6987b44f34add41e0057a
-
Filesize
180KB
MD5ffb925633bbaa0e5e02dd22ace741f4e
SHA1c1396150f6b849ed41a6f97f2c5d89dce1e23fe0
SHA25691f1bb2b7ce808d7d18f14e13eb2c82ad66717b2ea788bb9d1324dcc5ce49c99
SHA5121707f6f62c5ce1baacb736558ea9d9f4be94e3b8f30b7ada662697b6c0c84994eeaf8185769e7647b62c25c262a11a4194439d3775caa03515717cd77d81899c
-
Filesize
180KB
MD5853cdba4f89328aee41598aa80a4047b
SHA10fb16a5813a8435085ab71449fcc424e33dcbe30
SHA256ebdb68a1bd565385e1dfcfd587dae9c5d58fdf16d56eebea77ba3602bd8534ef
SHA5123b36306f05f1c8641de484c216bdf8a147c8d9e5195aaf7be44ada50be3dbf89de0adf5af97be5ca591ed19584f0a38313c75355dbc9c40ef7344228b67e47d1
-
Filesize
180KB
MD5747c0a5d435fb638e44b111fa8141d8a
SHA1f9dd3476603933f72851cdc4e34eb3e41dc3d03e
SHA2568f6669c15eb3a2e36bad9159dee676553389ac682580f26e99f95a8cf7eda6c4
SHA5120674fc3844ebefd45d7824c8b6dc6098aeb517b6b78ac383c0743844ef0e777ddfbbaa4f3fde3343a6390306e2016252e86e67891129a75e14f0b17d9cc4d2f7