Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-04-2024 17:46
General
-
Target
2024-04-22_7a70b99fe20d130f1ccc62feaaa5974d_goldeneye.exe
-
Size
204KB
-
MD5
7a70b99fe20d130f1ccc62feaaa5974d
-
SHA1
069553aeabc474e1023ecb214f9d4a6c4403710c
-
SHA256
2051bf44b77acc743fd6fc549f1b0f6f2952c9e3a360c80da69d0b18783d6941
-
SHA512
bf31847c9114ce130af1530b50bd4758ab4aad371f29572a0522203fbe7d55f32822e63880efb463fe155d3273c4ffedfe00cb844bb020c3cfb45717efd186bd
-
SSDEEP
1536:1EGh0oll15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oll1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-22_7a70b99fe20d130f1ccc62feaaa5974d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-22_7a70b99fe20d130f1ccc62feaaa5974d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C79C5665-4BD7-415a-9033-31D51C65AAB8}.exeC:\Windows\{C79C5665-4BD7-415a-9033-31D51C65AAB8}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0BC9720E-4504-472b-AF9F-2D27A5F275ED}.exeC:\Windows\{0BC9720E-4504-472b-AF9F-2D27A5F275ED}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C9961B4F-A0B2-4859-A152-5A58ED6CC995}.exeC:\Windows\{C9961B4F-A0B2-4859-A152-5A58ED6CC995}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{866F8DC7-FCC4-44b4-9982-3B71CDED14D7}.exeC:\Windows\{866F8DC7-FCC4-44b4-9982-3B71CDED14D7}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9AA9D3DD-4AA1-4c64-AC4B-B2FEC50DAF36}.exeC:\Windows\{9AA9D3DD-4AA1-4c64-AC4B-B2FEC50DAF36}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9BE8913A-9823-4760-95DB-E6D30785F058}.exeC:\Windows\{9BE8913A-9823-4760-95DB-E6D30785F058}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DEF25473-5F06-4528-8801-35AFF019267B}.exeC:\Windows\{DEF25473-5F06-4528-8801-35AFF019267B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7591082D-221D-4147-95F1-4761692BE8E1}.exeC:\Windows\{7591082D-221D-4147-95F1-4761692BE8E1}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{742809BA-37BE-4192-A5EA-D28963A65E82}.exeC:\Windows\{742809BA-37BE-4192-A5EA-D28963A65E82}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9CA0D8E4-B882-47f0-BC6F-F2196A114606}.exeC:\Windows\{9CA0D8E4-B882-47f0-BC6F-F2196A114606}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6A625561-3BEC-4926-851D-D8EFFDD41841}.exeC:\Windows\{6A625561-3BEC-4926-851D-D8EFFDD41841}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9CA0D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{74280~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{75910~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DEF25~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9BE89~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9AA9D~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{866F8~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9961~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0BC97~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C79C5~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD5219afe2a6eb11c9a264edc6b65f04b65
SHA1c4b815c11e6ded3e8207cafb34eaa14138f55bbc
SHA2568d85b45153579837136ad893e2776b635b07d371cb0a54ad2aba239d8728ea66
SHA51218522b1e6104f91ac262b825535a7177b9fdc7a82b2be009337496dbb580bb6eaeaa4d50417cdec0604da9ac0595cc971ec65a84638d01546d248bfe1fe27ba6
-
Filesize
204KB
MD5ba7503e1eb0aaf5672755e7c51a5b82e
SHA1fd7bc5669f9e71054c62791a3c6ca98be7f795ca
SHA256baa103d7809d181b8fdf6d2ff41a06420ca386ae3bb9da40708252e04ee543d3
SHA51268b50ffa7a07ff5409027007f63fb22ab5a1914fb47bd3b1597800267925b849f833da3e0831d85fbe5f37cae9ed2edc0b37e73ab3d9c12fe778b27c33d3129a
-
Filesize
204KB
MD54b539d750f7441b5a26d08424aae777d
SHA1aa07677ec95b842d63effc07cae27dd8c2d78a9f
SHA2569eabdbd929c27023e3ca9c6db59a35780d8e55e86a82d2022a9b779a1951e43d
SHA51261fc0b797ac2ef03cc47528307f4beea703fd144947daa3cf1290a57c5281a220ce55cc99aa358fbac728515f877c6056e9f50720c593ab92b1f8774f1cd0d4b
-
Filesize
204KB
MD50af420fba86d2577f1330b7b851e5c71
SHA1095fe7d019834f747f72d8eeae5174aba3351271
SHA2568bdb0dddd96bf4f18002ce4cb3c40aa25cc07809559ccdb4efc8058188742cee
SHA51216e97a8d111805afc65ba4661fe66aec0caa3f2e468099cfd9d8963e38cdcbffa71064165541716e1339513a1c0035a8751eb80deaf8971429cdfa708cf73878
-
Filesize
204KB
MD5425b50af0803a5b315ce60785417e68d
SHA1e15ce1040d17772940b1fe1e03f371a437eb4f22
SHA256cdb91b008224a1e003866fa974cc6ea9455dc4045e90306cb64b40f4f4a6927a
SHA512792fcd0c3a7ba344d3196ab81b7294a002cc26b967a63955bd2e443d6134ca1381bf6a8db583e6f498b66b5bda66e7a7a9ef8798d8aeefc8e14fba3c57c60f59
-
Filesize
204KB
MD595062fb20ca3ce2f75191dde1b6cba32
SHA141a566efb21cb03f7209faf08d3ac29a69e66962
SHA2569b7752e21a299d8306f1d2b633e2fda26eb63525357f8021ce264d3410ed64e8
SHA51295ff3802924c40606914150f522a5b627fcd38d6ac6caa19dbe161864cc1dee5e0264fec651b17e6d0b9de2a59f5ace5f1bf29382330a69e7206abe5b8164607
-
Filesize
204KB
MD52032eb4fb40b77285db6133a61a45155
SHA180f170b74746cad922cd6c9af274c7717c87302d
SHA2568e478e6a2e1fa075bf0b3d4862af8fadef13060afbfd99ad28c486343a4b00e1
SHA512abd21074fe3809c0fb9211c81333964d07860f13d321c9668e3dfff998ba0d31848e417b8c5624d3237c4d3185d9a03308226a69752c24ec4a4d93028f34066d
-
Filesize
204KB
MD5cacc0d61379a1d7351f069a43429d836
SHA18bc107a7c051a88687e9a5688b64fefdc1c3a075
SHA2566f16c9d3041421048c8a911abd960cc33df32c3f7f13189182fcde97342e3055
SHA51272366d5b70c10699dfb37e295e015eef9c215e19b757c81576e7a33d48348bc308a1ac04bdc369c5c5482bcb1fbc4970f19418aff0c9290f21f223c46333b7bd
-
Filesize
204KB
MD5b88604d4949b2833db8c5b9caf603bcb
SHA1d80c565b621bd78a90dd0ee95f3e4660f2ff0df7
SHA256c61ba03c13c0c6b39049d20b9132515143e637d22b34678894dd6d1bda993af0
SHA512103cf9d8e2677a0de59c4d89601d8b4c8c675e21909ed8a9c01d0c69a37f5c1b25bbf25c1c2cc55efcc9feb253d17c361808ec7c9d98cb9befcee8e3e8afbdfa
-
Filesize
204KB
MD54616f237d5cedaa64054a8b2ceb0646c
SHA1f2b4a21d78543235beec719a77540c8e9f4df6cc
SHA2569b9fffb9b7d52348879367ebcc2842fe17c3708885dc006869c8d3b0f655d9d1
SHA5121b3fe8307feb13091248308256ece36155b48cf2ba2cab7c0a5b85f09c2ee1afcf590d122a6282db8c52b001e78e5c88cb1b11d8b62ba1c03c3240992f8401e1
-
Filesize
204KB
MD5dfa0a96a981b9795ec990e47bfd2da8e
SHA1e486d37c70c989e6b4c3cd99e6ccd8fdcfe88647
SHA256794ace9a6037c3a199bc7c7c2c8ecc29be3b09f8337a80c4c28648f1e6768458
SHA512b23b7848e8406dcec8634f2a184cd42e17bbec4f941a4d81e9f62298c2ac5e139d3dd7109376a425f25ac2c1a984eb3cfd2fdffd4f38e5bfe7e55cf112733a29