Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
21/04/2024, 03:39
General
-
Target
2024-04-21_256ccc7157cdafe8a695d2330dfec592_goldeneye.exe
-
Size
204KB
-
MD5
256ccc7157cdafe8a695d2330dfec592
-
SHA1
34c9b9abeeca8bd5c320a468798461d02bc09dc8
-
SHA256
9c0bf83edb844377a2c1eda25465ce64d59f9ee4b40a0875d9299264a5b069f3
-
SHA512
a54c3dc1af1e2a78e91f78c8535efb82ba45b875e9368ccc0fd56e8bc2b852f4403e4164cb58184bf68bcfcefe6a5d422f07143b3304dd67a2ce3bdecc1f7def
-
SSDEEP
1536:1EGh0o3l15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0o3l1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-21_256ccc7157cdafe8a695d2330dfec592_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-21_256ccc7157cdafe8a695d2330dfec592_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{74FEBDFB-715B-4168-A9C4-021DE84C694F}.exeC:\Windows\{74FEBDFB-715B-4168-A9C4-021DE84C694F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0632B83B-E9E3-42aa-A645-401EF93FFE06}.exeC:\Windows\{0632B83B-E9E3-42aa-A645-401EF93FFE06}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E30CA542-E640-4e09-9F4B-14B6ED4C35C3}.exeC:\Windows\{E30CA542-E640-4e09-9F4B-14B6ED4C35C3}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{70D6AF33-A246-406b-AFEE-82A0A2213C68}.exeC:\Windows\{70D6AF33-A246-406b-AFEE-82A0A2213C68}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D67D5B5D-8429-494e-A957-2E80E4EFAE2A}.exeC:\Windows\{D67D5B5D-8429-494e-A957-2E80E4EFAE2A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{05228077-8E73-4ae2-A0C3-61A708964B84}.exeC:\Windows\{05228077-8E73-4ae2-A0C3-61A708964B84}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{259EBB43-FD6E-4067-B08F-7FABA35AFC35}.exeC:\Windows\{259EBB43-FD6E-4067-B08F-7FABA35AFC35}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B18920E7-ADF8-46da-A825-EBE111F0BB9A}.exeC:\Windows\{B18920E7-ADF8-46da-A825-EBE111F0BB9A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{061B80FB-A7D4-4b6c-9373-92525E586EB7}.exeC:\Windows\{061B80FB-A7D4-4b6c-9373-92525E586EB7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{33D1BE77-BBC7-4e32-BA5B-6A37954D818F}.exeC:\Windows\{33D1BE77-BBC7-4e32-BA5B-6A37954D818F}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F55AB9FE-2266-4c60-9D95-42FC420F8571}.exeC:\Windows\{F55AB9FE-2266-4c60-9D95-42FC420F8571}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33D1B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{061B8~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1892~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{259EB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{05228~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D67D5~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70D6A~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E30CA~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0632B~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{74FEB~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD510720d1f3026144182ec8a43bf089c37
SHA11ce9661bd4b5a80be5dea40a8a4b08d094c8ea0d
SHA256fec23a9141cd982420f160b671cc771e79af0aa200b71963bbe850e612e6ba57
SHA512f530a12cd1070dd4f3b68ec403f872e872a560c827813dd703ec54ad2af3a61c206791bc516a55a9994aa1b1a1c27cab09e3975821361391132e2d30abe0a84e
-
Filesize
204KB
MD5b323a8cae153df0650f97a5c9e19d61b
SHA19ed9133dcbe257c3e9305185b6a2dfd9a59fb0e0
SHA256520bb81231b6bbc552a6fe1521c621f4d2ae41b2729105f9d7f32593a0359bfb
SHA5122283ecd2f6e8be75cfae1f97f24bc1bec77599be7f157774d85954dcae2fd553dd79c5dbb7a3202632ffd1ca885068e5753599263ad4b7b78eaf0bb7a7fbd60e
-
Filesize
204KB
MD54a939c57e16f421a2ccf3f9646b18ef3
SHA150c3c5d3b0d752464f9279ebc424689efe3c4401
SHA25640b6f2a255de438ec441995c62bf10b890694ebf1933d81446d183f1693faf02
SHA5129a32795d26b0fcffcfda08c6b5ebaab7b5c2642a2fb7429b1c3eb8f22c5be88a47b62f7dfe54ee91b29ab36881b8f0dcd5d148c8381271f6ec2e0e1b22ed11ef
-
Filesize
204KB
MD57ec03d0a3ac95f9d7e68fac7c090e393
SHA18e46036a9a9a3d8393614bc201e9e0db69da5e4e
SHA2564d0cf1620c5782ca127bd1cfa630e22289ab39a89accb54f07d9844ad0dd7ba6
SHA51210b17fb53015fec20bd077a3c8d8cf3575e1ccc4ff6b407c8bd5c0f8a62549816be4774896a432772b403a5bb13cdd50b8915a20b940e9c97386c820530b98db
-
Filesize
204KB
MD5ae3065d716417b43152afd7af661c539
SHA1b9729a64c04ca019a8e1891b7d94eebd50fb57b9
SHA256b7e32c1e68cf7a30a5e486e9d9820f195a97fe95692e6250480154fc4552fb61
SHA5129cc77423689873a81e26d25323b07c43a26367731504ab64b166e60d3735185c2dac081f93b8d658bef48139587e3629409ea8e2698ccceb9fb7d389dd01d7a9
-
Filesize
204KB
MD591eee77713f17eb6d4fd7fbfd740664b
SHA10a2c19aa42ff088f5b64472e4be687a5038010a0
SHA25684ad152ab87d5d72866133657d52cdcb2ac623a66b6bc9fbaa97a97d7efe616d
SHA51265804c66ba032c5bf0f1a80431c2ed047fe81bcab9804a205dbac2487947b0cefa0d6a08f5634d445c4b8ef0c21f89e30fe940f941f9f425d37454a41e69229e
-
Filesize
204KB
MD5297e93c8d4db5306603fe49403b73061
SHA13d128b5d5755f76d5c79d30148f71bf65d48ed93
SHA25620c52f101780a69f8e895ca7fccc04a52c47830ff3fee20baad4d685ae1e0415
SHA5124d9a7e682ce425549290897782dcf3d872058bb283ecf4e3675a31aaafc4360e7629e19d54ca62a7edd84786e66270d3f9a832c21137b535aa04b93f1fa5f2df
-
Filesize
204KB
MD5185608052a234bbfdcdec648d6c98b6c
SHA1a207576bd5442b3705f00cde76a4b12535f426cd
SHA2568d6f05d533518eb176d9f4ed37f3402fb6e21bd06813df82cb4fd622854393d0
SHA5129a600778d11a130c9e09c98d8135e591766e6f42f3e6964b058d41b7840685b2e95ac7c050312a2e43943da977079b1b456653de99834b6a2c7d774ab60e4147
-
Filesize
204KB
MD58d5ac85af01c5ba0317ec6439969d790
SHA16c618576030cd3fbf52a6cfadbdf2309e14456e2
SHA256b556d5e848f504f25368b51bc19d2e2de6512f0aedd37195d60506f47ede2547
SHA512694133b49cd8068c2be4a8a115f257757570f9c1ff25baeb244ed405f048bd48ab1c292742a43d7d4c7b2ab50d7c098bd90f830e1158f57f39f8e8b758ee57d9
-
Filesize
204KB
MD5cf3c478b4f7f72ff61e5153e4f34323c
SHA14e12b5c3283a7aeffe7a28583e1792af09364510
SHA256ab1338574a12b481389973924e780433a7bddd12fd7c40375cde2b5c13f9b542
SHA512caa841ec642715ac6f46d7ecc016f608b7dc64f7cf62c3f4f38e35119853a4ae5cf364e347e64f29756d032736d75abc96643c46151d72556ff771a26536c383
-
Filesize
204KB
MD5aa33c9f15284d9bbff2b85f91b0317ac
SHA1012a7c90a97e1e647f11150ca5e042b50dd95ac9
SHA256a213a1d867141a2f5aa35d8bcd832a55070fdf874b1c924e202290e9600cd822
SHA512e1d4c5574bd1dc78c864a044fea74aeac0304ac2860ca13d0a3e4d446c6e7edc0785430b6c19dd5c39b3e749a88759b6729eaff4ac56596602b7eaa8f54d5100