Analysis
-
max time kernel
144s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-04-2024 10:58
General
-
Target
2024-04-20_5c1a9cabc7ac73a303d8470a6bb3cfbe_goldeneye.exe
-
Size
180KB
-
MD5
5c1a9cabc7ac73a303d8470a6bb3cfbe
-
SHA1
9197edd080a4b164632161e4f56a7cea2750376a
-
SHA256
03bd98861a08d2c47895820ef4d57c37ca6843e9c8c4fa97fc83f2e50100d462
-
SHA512
7ff23f89abd904ce3df519b085617ff6b13c3811b4f63b39f7c32209788f0745eb481f80b83def096f53e92c05948751929b9e916a6b4ef7b47d2ab0549eec5f
-
SSDEEP
3072:jEGh0oNlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEG/l5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-20_5c1a9cabc7ac73a303d8470a6bb3cfbe_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-20_5c1a9cabc7ac73a303d8470a6bb3cfbe_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F364F1FC-1D17-4040-A907-3610ED3C8B05}.exeC:\Windows\{F364F1FC-1D17-4040-A907-3610ED3C8B05}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F427225C-E87E-46a4-A9A8-06986DD19295}.exeC:\Windows\{F427225C-E87E-46a4-A9A8-06986DD19295}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9AE19932-87BA-4c94-97C1-0668BD0CD596}.exeC:\Windows\{9AE19932-87BA-4c94-97C1-0668BD0CD596}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94AF53A2-6EF2-40c2-8E6B-52C9D9D96EC6}.exeC:\Windows\{94AF53A2-6EF2-40c2-8E6B-52C9D9D96EC6}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8022809F-7385-4bf8-861E-0E41FA5F41B5}.exeC:\Windows\{8022809F-7385-4bf8-861E-0E41FA5F41B5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{272F887B-AA63-4f86-A3F6-50A171BBD9D8}.exeC:\Windows\{272F887B-AA63-4f86-A3F6-50A171BBD9D8}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD94C7CD-52CB-4314-8EB9-AC5F7EEC7159}.exeC:\Windows\{FD94C7CD-52CB-4314-8EB9-AC5F7EEC7159}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3208489C-A828-4ddb-8E48-FA0EC7F852D2}.exeC:\Windows\{3208489C-A828-4ddb-8E48-FA0EC7F852D2}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8057C344-558B-4c13-BEF1-00EC63A01A7F}.exeC:\Windows\{8057C344-558B-4c13-BEF1-00EC63A01A7F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8BD3BC3F-8F1E-4afc-9B89-A370490A05EE}.exeC:\Windows\{8BD3BC3F-8F1E-4afc-9B89-A370490A05EE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D57FCBF9-6A65-4a50-825D-25DE80519B45}.exeC:\Windows\{D57FCBF9-6A65-4a50-825D-25DE80519B45}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8BD3B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8057C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32084~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD94C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{272F8~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80228~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94AF5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9AE19~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F4272~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F364F~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD59d6259324b462f878d8edd82b35faee1
SHA102d0afb93ffd990c8c16e597405dd486b278a12a
SHA256cc3b0ad23113a190f5a31e482f728dd23ae552eb2a286525ecb31da8948ae335
SHA512d96daab59e14b4f7d35be7cf36dfc1ca9962f7d15758d4336b07a9e30eed5bc796625c4157964aed1c5ccfa42ac373c235c79013395407484f7a15da11547da2
-
Filesize
180KB
MD56a45a877fa11adeb6d752fe095769a4d
SHA17194c190b5aa7eea4ff9cd226d06eedf79983910
SHA25602e2f7aba3ca92ba16049ca727de29cd7d024ea7e17487247c76ab937eb1d4b0
SHA512b932426e0b0a78fa166f331073121d61b430254d1ba7289c10ac67f01fc42e5ec269f2b694e285f54e1ddf983e8b8245b31d6ec4ada8c6e84b406330a9935715
-
Filesize
180KB
MD53ca6d7568d96500d794c5b2b60628626
SHA1ac5641fdb57eedffffed2e70d121fcfa676990f6
SHA2560fa60a2a10edd5a23ae64427a214bb45bc01648b4862298e034c886a5d9f8d3c
SHA512e7f5b98862f87e6a16e0e08f9953602756282a53c97a94944c946b496148b8e2680d92c50cce2005c5c8dd228217cfdf36151366ae8b9c31eeeae4c459d2c4a4
-
Filesize
180KB
MD5aefd2a07cbfd1c830ed0f5e83686d755
SHA174338bbbab52bcb7c6d0f2a26ef92caa7bd7e19d
SHA2568d8ef1df3e7fab7ccc3a5703022f410d92c6cb59530e610c2a41326601bf0228
SHA5125b223c5d3dc8bdd66585218ac09da137fda891d6f9350b8e6b4e506640e31a15e7e32fb522079cb7971a26641db7f954c1ceddd55c1ed70f357df7587d713e51
-
Filesize
180KB
MD578e45a35001b5b1456a1c0b1f7acd404
SHA1f711a7ed632f1d8e0e9d84d0a5a296e34b099a0d
SHA2565a0b4bb74f5bdfa5efe2def86707f6592153d517678554689869aa58ee16f247
SHA512a8f00e674ccd56c234db1ede9900442cd6af31a00b7eb22f9f2d09c9f07f7fe9f347ce268572e229bcdaa7c3a3cebb6b43353d02df41c3ec11802496dd465a23
-
Filesize
180KB
MD5a21862628227989a3a341fa6c666e771
SHA16f3359a9278efd7f7b21019e65e73c03866eac97
SHA256f8d2ce835871445ad8cb57ddf49acc9d6a74cf032927fc25190c5d6e91013c93
SHA5122b3e948965e5a4e34ebbceba23056536a71ba8ed2a82322d9a85a1921b2542464141cb87b0bafb9bfc76e3004ae9e50478048c76b3a9cf958fd4b48db5942c4c
-
Filesize
180KB
MD5495a06d639a1462d4900baf1b010b275
SHA10881d884a89ae074051ed710c970d2034361ac7b
SHA25625d7d30443e3029bce9148d11dd2b7b5cc1825f5f10997ccd5894f97d52c2534
SHA512e1f2659aa1f73629fa88ebdb59050367541353048bf2ebe3ae664cee7b3d8b2c785e16e6c197a52fc79a387b5d172e121000a8dc1351278b57b8d5eaab284de6
-
Filesize
180KB
MD505a37dc584e97738e7a6e90f4fd7c11c
SHA115f04ba5c39eeb81620a805be2d2297fc99253c0
SHA256960dfc90c9f2719bc3ba671eb925bb619f0d90de906a0cfe0e5bec2df551aada
SHA5124992ec2e1ad698648196757c6edf7b7c2e5bc4b5b7f5c8ed420246bdb31ca7dc7b121bed93366ec6be21252567917e9f82f85c3fc0dfa84562bcb6407192d34e
-
Filesize
180KB
MD54601d9ce699838f5fb9cb68be85237b1
SHA134ade78385f48ffae22bf7d10db6f83c8dae7722
SHA2565753e09027705c275f1b6a9437ba1485515e00b2e9f0dbbb1ddd0279b36b36fe
SHA51247207bf5603d65ec74963ba1d6d6c5e26a6eb97abb672a0c1cc954ed9d668fdf3eef2c18e3abb8ad9dd7d26fb7c868c21b59b35fe1f237c80ec39d7ae5fd3f23
-
Filesize
180KB
MD5aca4b9177ca881d2462ea62f98511b98
SHA1fa975593bf05029563a82818476837cc28cdec4c
SHA256747c1d87d677c56a708f4c124805ac6e712b0cd6e6a3b7b5e74dd24598ed272a
SHA512aff864a9686a5573f385f4b92e5ae8afb4e72a536a5b5a3afa1afdb4e68e8dcdecded0f0578e40bd45eef28f968c30fb4cd9bda0a34ee4bbe2f1dd3f4c4c2c8d
-
Filesize
180KB
MD544292737afe3ca246131d3c05e4a30ba
SHA10fac925caca626416a379d29733114d5cd7fe883
SHA256873ef842c4d404274696311e577afe6143bcbf3b6510d6b9746ddeb05027b76b
SHA51252ca6d93582bfd76ed5448a0a6a30a2704adf4efd339294898d57ec1ac604c14dc9034be927c89082c3c7a0d38d8ce070ddaa793ef51e79c43426756548c879d