Analysis
-
max time kernel
113s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-04-2024 01:05
General
-
Target
2024-04-23_e0d185765837693bdf413b5fbbe57e34_goldeneye.exe
-
Size
180KB
-
MD5
e0d185765837693bdf413b5fbbe57e34
-
SHA1
5062ff44580e08c15d52a895ade64f9a3def743f
-
SHA256
36da128880df1c37181a530540ac4581d91f36b098a2b3acea35379fde97a2b6
-
SHA512
73163ee14c95c677594cb58161191114baf18b5012f4c0d7ab8f57af1de088d0472a8129b220ddb619b1624f1952bbc14efcc54c0062321327bebfac6e50516a
-
SSDEEP
3072:jEGh0oLlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGhl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 10 IoCs
-
Modifies Installed Components in the registry 2 TTPs 18 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 9 IoCs
-
Drops file in Windows directory 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-23_e0d185765837693bdf413b5fbbe57e34_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-23_e0d185765837693bdf413b5fbbe57e34_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5804C7A7-3CC4-4478-A547-C16FD558590F}.exeC:\Windows\{5804C7A7-3CC4-4478-A547-C16FD558590F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{86B78F01-2427-49f3-83EB-12C8C88AF1AA}.exeC:\Windows\{86B78F01-2427-49f3-83EB-12C8C88AF1AA}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6CA2456D-1F1D-4e1c-9643-11C5280ABD60}.exeC:\Windows\{6CA2456D-1F1D-4e1c-9643-11C5280ABD60}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E9C3F8A-D169-465c-8E3B-D748E7B85649}.exeC:\Windows\{2E9C3F8A-D169-465c-8E3B-D748E7B85649}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1EB169CE-7829-44f4-BDFD-BFBE0B9AA28F}.exeC:\Windows\{1EB169CE-7829-44f4-BDFD-BFBE0B9AA28F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FB7442C1-C0FA-431a-B5B4-6DAE959ECA1E}.exeC:\Windows\{FB7442C1-C0FA-431a-B5B4-6DAE959ECA1E}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA9681B5-2069-4133-84A5-D0ECE97BE2D3}.exeC:\Windows\{AA9681B5-2069-4133-84A5-D0ECE97BE2D3}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6F1AF9C5-8FB3-43dc-9EF8-52E40C14E77C}.exeC:\Windows\{6F1AF9C5-8FB3-43dc-9EF8-52E40C14E77C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{63059E0E-D3ED-4d23-A64D-6AAD3AD9DE2B}.exeC:\Windows\{63059E0E-D3ED-4d23-A64D-6AAD3AD9DE2B}.exe10⤵
- Executes dropped EXE
-
C:\Windows\{4602D2D3-3890-4b53-B244-A96505C14B58}.exeC:\Windows\{4602D2D3-3890-4b53-B244-A96505C14B58}.exe11⤵
-
C:\Windows\{5B3E2414-977C-471f-90DF-7A6A96260C22}.exeC:\Windows\{5B3E2414-977C-471f-90DF-7A6A96260C22}.exe12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4602D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{63059~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F1AF~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA968~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB744~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1EB16~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E9C3~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6CA24~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{86B78~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5804C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD567ba411e20ffda4b86d4e2859f2582c1
SHA1ed19315018dd3211d56355e2f131bfbe6c138616
SHA256f7e8b7f918195e29ac54bdc6f4aae606062dbb63d25502181362166a75094884
SHA512dfe11e813002eb49ed8034dcc5ef00ab0e01803228196cac34aecee35178f98522bdbd0660b5a9bd1303467c7b5ccd52d7c3010d0429c31dceecdbcb9c7a2418
-
Filesize
180KB
MD5a7ebe8fc9d20080106ab58cda1c140d7
SHA1df42c48818c484e92b5807207b791d72915210cb
SHA25665c30d1959de371ab4511e576c425dafc1726153443f601a54ee0cc7628b0675
SHA512557b5778ebdff4f3be2805b23ebdbae880330fc917e673c88ae72b3e25189c47e2127f3cfdc769543a323dff5ac4a9aff66dcf18dc391d8d128b1d0b6a4c59ec
-
Filesize
180KB
MD5c282d0fa888b4bf19d0f84b4c94fc240
SHA1a76b36b84aa8d77a09e7703210f79f16d13036de
SHA256565c5cf6978e93b115896311fd1d09bf295ea941cee8bf0ff0ba3994a0132a92
SHA5128a4fb91d3775be7888623c0aab46e7b222b162fc50bb67e73d27dfcaa744544a648bc3de69761dbb04245fe220d7784cf4ab8ff0ae407e6c8d928bb7d7530cd3
-
Filesize
180KB
MD5ce50516fcf3571b46e607df4090dcc19
SHA1591e55573d740d0e30ad42dbb2a2791dc119383f
SHA2561aad606732c184029e138d6b95e8e47c9001eb7091752164ab81737e86ab71c6
SHA5120b7ef6518af909206b890fa88c655fa964b0bc485caa7700aebc1ee077569fbc83ff8266e6194df4fcaf656f5165a9772d5fcf0be0a65c393eaf34ec12c87575
-
Filesize
49KB
MD5da5a7cb5f32d28ef021a051b8f8fc35c
SHA1d127c2e428a7494e9ff52af264ad6021e3351ff7
SHA2562ec3f36f6a4f15c0445c9c4bb7268ff6a6c029c23b0f6ccd0a75288fc4e8b63e
SHA512bc5c1dd38b9454feb0666794e5b5ec26e0bfce20bf9f678f6c6de837ac468999b8033173ed1ce4b8f4b2af4de958e1cb5595a929e7564c2f3bb9b1e27074a6c6
-
Filesize
180KB
MD5fba03c8628a6b4c19ddd9c68f687b064
SHA12f00f30ec0820eb757e3ed9d927baa55d37ebec8
SHA256491a75daaaf857d6aed323b24d27890c3a256f72c4422f6323a710057c368f7d
SHA512b9f80fa4b16fc49583e5ac4987a23a0a3ae69709ba0e64df6ab0dd8229d8c42d77928b42c499cd6dfce4949fc4ce2a4296c9c4bb959acbf332cc35daa4ea55a0
-
Filesize
180KB
MD5118e82b94b50b4cef71f0a9e6a17e04d
SHA1a10a38d4599fa902b835889b8b951f836aca248b
SHA2569cf24f79d5aec7d5048e18142166ba93c5fab420b69d4002a57b80ec94c27176
SHA5127983c08abd8feb60405700dffb0afb57ba8ad781ea884f6c6c38853d395ad6e0c164f1d4d3a4d5dded50051199f97899dcf59dbe7be7b7d25f06107c4488e544
-
Filesize
180KB
MD524ac176921b858d606e529d4d1b2c09e
SHA1d20ebb877094b1b42b2786e2fc91aeeead341cba
SHA256e0e2142625a4f3eea26a3e28c23da8e08842da6c1c3a3fcf03d18bedef44b5fe
SHA512d5e278f90a50bdf450327c392b710121ed60f49b33d7ba3fd286608a56d0c21b43a7b400c709cef2f9ab2565a4ca5d9ba20a41a79e5f6bf7efea54cdb9ed9e2a
-
Filesize
180KB
MD59de13a6684470118f2b82aa907cf2d57
SHA15b6c99b8914d5391ae8e702144b7edf2186d8b16
SHA2564511be61a3106616fbd3484cbb79bf200ba5392948ec2df88bdd06178d89c7d4
SHA512ac36f5c366c13f1032979dfb7c993947e2b24f8ac05687598fd9b5f2875b1e435e16c06f20b96fcf416850353fc3be1502bae1d2185ba68920fd68285ca93919
-
Filesize
180KB
MD5b9bc8a3034827a806b9b4e1df3442219
SHA16043561d0bb8669d31b53caa610673f1affb48fc
SHA25681e42056bdaa5f5dee48226678353d5826ed4ce5d0fd2c1fd5807da44a072ae5
SHA512671b5d0b1d19ccadb26d52aa952de1c73759b4e8f912eec1a604901503782e37548284c16b41323268a3ef513eb2dcac12fbaa8987e5d19c772368213e4441d1
-
Filesize
180KB
MD5a681591c38fd9826a1a4698c62b7d236
SHA14639b9193daace3aa75195ba978e5a7a902fe58d
SHA256f9d837b1f5a9c77dc42d6845f7903317815ee0a963f708192d56d88499470cce
SHA51212ba8b7e09a13a119f233556b808ba8b634d669e80a006206e207cba6ff055789f8467ba71cec99c29177e2616eaa964e5bd0baeb2a59b8622df5425fe47ee99