Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19/04/2024, 14:46
General
-
Target
2024-04-19_996a824bb17e1dc4fc1af53ac96b9139_goldeneye.exe
-
Size
408KB
-
MD5
996a824bb17e1dc4fc1af53ac96b9139
-
SHA1
aa20fecd652554c055480b47d743676583ca4442
-
SHA256
b5a907b0d571aede7de120b326342858ca649b5c1f340540d8223bf824d2464e
-
SHA512
39429fdfb140cb8e0189a2dc613029b1ec285bc5829cfd8ff5f18e9ac5734be07f198830107ec30c78c6675db763ac9eae0d67402bc4b526a489c2a411f9066a
-
SSDEEP
3072:CEGh0ool3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEG6ldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-19_996a824bb17e1dc4fc1af53ac96b9139_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-19_996a824bb17e1dc4fc1af53ac96b9139_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3BC80105-C99F-4952-A04C-2BB1391214B1}.exeC:\Windows\{3BC80105-C99F-4952-A04C-2BB1391214B1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{86EAA488-6441-4d86-A593-A8A7C5A5D5F0}.exeC:\Windows\{86EAA488-6441-4d86-A593-A8A7C5A5D5F0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6ACB9034-750A-482d-863D-F5AC16F8401B}.exeC:\Windows\{6ACB9034-750A-482d-863D-F5AC16F8401B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9029DE6B-6D89-4eaf-8804-CDA57490ABE5}.exeC:\Windows\{9029DE6B-6D89-4eaf-8804-CDA57490ABE5}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5A3EF38E-76EE-4eed-9AA4-B69E6E72BFE1}.exeC:\Windows\{5A3EF38E-76EE-4eed-9AA4-B69E6E72BFE1}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{477D2096-87C8-47f3-937B-3A427B069F1C}.exeC:\Windows\{477D2096-87C8-47f3-937B-3A427B069F1C}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E5B3BCDC-E9C2-4b09-B429-3B8DECAEBD86}.exeC:\Windows\{E5B3BCDC-E9C2-4b09-B429-3B8DECAEBD86}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0AF1C329-6359-4ac4-A18E-70708BAFFAC0}.exeC:\Windows\{0AF1C329-6359-4ac4-A18E-70708BAFFAC0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DF14B9D1-1856-48d3-9CC6-99C81D12831D}.exeC:\Windows\{DF14B9D1-1856-48d3-9CC6-99C81D12831D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F58A535A-111F-4ca1-BB90-447BD2033ACA}.exeC:\Windows\{F58A535A-111F-4ca1-BB90-447BD2033ACA}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{108588CE-9750-49e9-A4B4-2F843B3186A3}.exeC:\Windows\{108588CE-9750-49e9-A4B4-2F843B3186A3}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F58A5~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF14B~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0AF1C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5B3B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{477D2~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5A3EF~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9029D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6ACB9~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{86EAA~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3BC80~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5e393d6b3b0eded696245672e7cf2367d
SHA1c9700ab2f37218a48a9ac1b1108a6afdc7a0d67a
SHA2566f41912865e84a49b984a709ca7e0df338a22c9dc2a53ed16cecc2a9482e542a
SHA512ca7dc8dccaaf44b69d05c8101d87d1093b80d80c811cc501853f99d666fa06bc5288225a2f74825884d3107664273127f6ad7c15f74d3ebf985a98aa5ebb98dd
-
Filesize
408KB
MD5ae5a504d5371c0d1c0ce8a6efcbdf429
SHA111c4efa60c490e1310e4502044068bed63c72082
SHA256a0b573c2f651df6acc7ac579a902f111f3bb9db2d12fb4b3987b16ec2fa0e976
SHA5127e2c0e99e95e8ba9a3c567a990fdfd4d95c8853914559a64bfabd2d10ca574e17d45507cfbc2bc61c71d94f125b34da61482c11218c872a2944c8f3f042a33d7
-
Filesize
408KB
MD54225dc556107275a7133be9b60fef6ea
SHA1ce0a38535960bedaf775fa694c436ec3c2c5c927
SHA256be94d606f0d7c54b3f28fa29055156a3a16f8eede781155d7839f582c8579ecb
SHA512ae595426e17279b1c81f8342f97d54da10eeae421d2f8e0b651afa88f8257289282e4d28259d4b0502cd4f88359cbd729171d08453be1c176673a6efcfc3ad6a
-
Filesize
408KB
MD5f82a485e561a5e853c6c8f08df56c9b3
SHA167f82ce13fec279dc24f96999a6ce7cad464d8b5
SHA256af908bb1205343f9d46bce971676d26d9dde6f7d92dd4d780cfd92974c85d87a
SHA5125256c74069dcac0daa2856c00938c06a2638f47d85bb288d97770c2a731c3500aef1c18e0a8faaae8ef7a3fd4f023d47ff3ac9a9701be53996e6f7b3f23d62b5
-
Filesize
408KB
MD5ace098cb26884ec707f2e6f5dbc15e04
SHA1c9b834c3716a23c29ce0796b24ee7ec541b435a0
SHA2565ae5fdb91561660395b7fdf9b6e506440689cf99350f0566e541dc607a37966e
SHA51212c2f912b1bbde898cee2a260b9234040d7c76a57af085bde5eef597fe5baaf091e010e9a3ac08d742697faa8522614dbacc53dfe02bcc5852e874daaf79764d
-
Filesize
408KB
MD54dccdf72638e634f27d20af6a0b33b23
SHA1ebf4218edd227ffbbd6d04a408db3a20293c5b16
SHA256e49b7d1ce2f018d7a1916334508d4c52f0dda661a08a0b1a956d81c86e4e1a80
SHA51287c395dd3f0b66576ecf116fd9fca3d358d806da2cc97001d6ada1e29a26f1a4a8e5ecf8ef6f475bf07804dcc09a568cfd500e1b8d4b6b421474966b8159f7c3
-
Filesize
408KB
MD52834183a9c750cce5ec47800c1b3ae8c
SHA14e9e7392b45bd7d30a4df5a6f01a5fb1512abea5
SHA256f1674c18aeef105ee7f73f518f9665d721d5d2f0291330b980c4a45a21c04e89
SHA512cbb5018db9ea42386af073ebf7c46d073d15fddbb3390988601d87eca019a6612430faf1159db7541c4c5ac5c62af4d69d5b08054859cc568ba7fa60924962ab
-
Filesize
408KB
MD53468e61820d4cab00bedf93636816808
SHA146bffb6ba0a8aef616aa2b9ce73fdcf7fc3d6233
SHA25657981c9b383dbb68a00bf9767dfed0e922cbcc6349f3c4425d793c2b1ec17d39
SHA5122781dd658686abbf555cfcc3ecaa32ef3d68bcfcfb8924e24c90c67cb4ee93b45fe453c7e6e0b51cde8b11164c3c9945e5f81af64f8ba8020260f030676c6b7f
-
Filesize
408KB
MD5672f799643be3b4557ca39335c1692f1
SHA13a642387082127642619c0d5693f310fdaa1983b
SHA256359c260f0aa97a13dcfefb651b1739d597aaec5497202813eceb56dca3ae7aad
SHA512099c391db0e15ef77899358770e2fd1e83e0bcb094fb5606314f2bbc48edc71e4a22a8afda147ceb23e986c004ae2a3b6319d974bf3eb59877c76afe6c1522c7
-
Filesize
408KB
MD55cc760d550e97f0bd3a89e979468ccae
SHA154b80bd223b0da06ec32dd251f1e8f56a9d8d184
SHA256c7c74c0054404e4e994285d06cb6714b11e20b3b0c0fe58025cbf733af35168e
SHA512a8b84726432b09854d1a5648c46086c6395240f232fc818d1a1fa2cf25806a7c1c6b256cb6827c6e26f29f1862dc2a323d280dd9eb87812f03cfeb24e0a3077b
-
Filesize
408KB
MD5fc5055c058d6f2a54e08d9b4521a1d8a
SHA136ba85aef53250e2e7d17834dde40ba7a425cc77
SHA2562c3058958c7d91fad25540c983e8d7f8bf764f652f7349fd6026856b26d8839a
SHA512109e81951e052c65844c53979ad8fbd36fbdfb238fa81ad7f60f2d9863e0b4a665629d0e0109073b1a8a786277995843f6ba23565f7bc0f4361de9e374637d8f