Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25/04/2024, 15:53
General
-
Target
2024-04-25_5d807631eacfd2ed38a4c99cb5d179c8_goldeneye.exe
-
Size
197KB
-
MD5
5d807631eacfd2ed38a4c99cb5d179c8
-
SHA1
855da6dbe400379f4a85fa7e223443003675fb7f
-
SHA256
5076b367bf13da552a2d606a2bd7834d267b41846df50af5a2764353d7cf8afc
-
SHA512
20680f35c5e26a03d30acc0c7e7660785df184811c2fe045710364212e4b73b3244f2ce213c10f2d97a728fcc6ed4a16f4217594c2737a75258e6bd39442b94e
-
SSDEEP
3072:jEGh0oOl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_5d807631eacfd2ed38a4c99cb5d179c8_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-25_5d807631eacfd2ed38a4c99cb5d179c8_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{75A7FC28-2095-443c-9E7C-0322771EEF86}.exeC:\Windows\{75A7FC28-2095-443c-9E7C-0322771EEF86}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DB85986F-C5F2-4c83-A2AD-B747642B14F0}.exeC:\Windows\{DB85986F-C5F2-4c83-A2AD-B747642B14F0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CE17AC88-726C-47ca-AD4A-33A6096E808F}.exeC:\Windows\{CE17AC88-726C-47ca-AD4A-33A6096E808F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9FF18B2B-D857-4c4b-9AD0-89EAFF7BFB95}.exeC:\Windows\{9FF18B2B-D857-4c4b-9AD0-89EAFF7BFB95}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4967FF4B-5209-47ee-B486-729757F7044B}.exeC:\Windows\{4967FF4B-5209-47ee-B486-729757F7044B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{485B6FD2-DF64-4e6b-976E-4198751FC8A8}.exeC:\Windows\{485B6FD2-DF64-4e6b-976E-4198751FC8A8}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E5149D96-8272-463b-97C6-B74DAF2F058A}.exeC:\Windows\{E5149D96-8272-463b-97C6-B74DAF2F058A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{745BECEC-050A-413c-A273-B8774945040F}.exeC:\Windows\{745BECEC-050A-413c-A273-B8774945040F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{37FDECC2-72D4-485c-8192-7E272720967C}.exeC:\Windows\{37FDECC2-72D4-485c-8192-7E272720967C}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2C323B2C-76CD-4803-B79C-539D7109C89A}.exeC:\Windows\{2C323B2C-76CD-4803-B79C-539D7109C89A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{40EE4C89-7D65-4b59-AE06-D96B62CF189E}.exeC:\Windows\{40EE4C89-7D65-4b59-AE06-D96B62CF189E}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C323~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{37FDE~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{745BE~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5149~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{485B6~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4967F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9FF18~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CE17A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DB859~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{75A7F~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD51f92a3eb904acd73c6777e1121b38659
SHA1d2d93a487a9909dad23be1345155f86a72e61441
SHA256296ec741fc391553e437d3947622773cdbab75014013c488ad099b84eefecddd
SHA512262f554f2d6f7b6a022be803e8b3e4bee2f488944701ec5cd8a2dd713e9c8dc712e58a8bc330146bacfeccae471fc1be7f1790bb09306714e2016a30ad832d56
-
Filesize
197KB
MD5a1f76b6b48caed348cb130fea83d3265
SHA1f08a3ef0ba54484f3325e7fe34d00ae98a9fd1af
SHA2561cc24dc569145bbb18183ef40ee9230bb92cdec237161601aafb3e6c0513c357
SHA5126c079086666cfd28e404f5e7ae62786761a0d9f6d7b9ea1f6a1c14fe65cda5d489ddadafa79e6880d234084da6bbfc64ff962a85d99b684061454fb86c83b963
-
Filesize
197KB
MD5cfb75aa40e16e992f2f940b433163e57
SHA1ebd9e311a97ba107ea91f39bda8723a3f5ad2ccf
SHA256da03abca0cab57c413f37273d925e086160143ec7c01b5da556dcb96f68f3374
SHA51276c891945303a70f46a0fe16b4a9fa18073ba8c14c405aec2f57dcb6d894d82dde36ca5fbff7b46716d603126906b678e6338a7c101b376c822511fe7622cdc1
-
Filesize
197KB
MD5113e29a1cecc2dc2db3699255db7df3b
SHA1b29676809bac1ba621b927c25cf519ca727a9304
SHA256ebb7a052920b3e226cd61d3fb22c430d2c2986916ed75df388a62cb42a9260a9
SHA512e2b07eca02c9c365d98d80b900e97c303745027330b0a1b90f6e29a0ec5c34992a25226542368d069ffde86c2cac50f42dacee32286655deaacd921b93ffcfc6
-
Filesize
197KB
MD5d52917a9f2435459ae362bb409e07204
SHA1dcb5651ab914790ff4800259815d09fb0afeecf0
SHA25630f5c010f84bd2c6512317083a86e5fe851bb14b74b249f293861a63d7dca94a
SHA5121dde88006e053beaba8ff0c0b86ff1a293677b8a0ecab35ae3e965d4974503b6fe0e45513436a0de2f90ed06b8b12bfc8b2e4c4d1bba7737e06f6ed62b096307
-
Filesize
197KB
MD533c871c5fbb3ac662bd3b935ee211d9a
SHA1b841c9a4cde18f5b91b7dce4da88b384a6d2e302
SHA256b79d064c10a74af446ed7fedda22556910166aa43f269b7dec1f6b9e9da2b245
SHA51248b0e29fd4a36a0f5994272d1a073c810d9c5d89d1a469bf292bed8dad88bef9d1a730a6c23bc6c8566c6dc6af66084a40f6ab0fc978d557d10afe3e773bed94
-
Filesize
197KB
MD5579f7fa79c72b1610326733ec18a9948
SHA16d3cdceecc7bc1e51a584e539fa4026037038cc5
SHA256f5247126fcd1d3ec4848282236631e4597107d8f798ae101146fb85631440759
SHA512d9e5151ef8e2da66e6aabff99897830f52ccf979be1e37b7579ec2ae40586241ff51d89b41e5af24fef59dffa17eafa0317f23e2339497511089f2af4f4289ea
-
Filesize
197KB
MD57ae3a60140bd3014d9ada9315c477cb2
SHA10f05831c2acb225b22e6f9002e7310601264f2ae
SHA2567bb3ccd2765f9feb2aa53f52c267cc82038b1601ab9daa0f053b28a2946b1d42
SHA512ed9a6a622459da6ad81e90735c6dbae41ac0f1093d1efa1614f1d0a4e56fb949371b2187f06c5e5a8e1d7a0e8c97568639c3b57c4b7991c5348b0c166f9c55e7
-
Filesize
197KB
MD58b86a40f46d461637b68b5c44ff94a0d
SHA1c964d61690d9d81ffa4e56b64757543aad31ef34
SHA2561c668fb5c804c0623b4871695b886b49dd464b57037ee969cb7e908c3060c911
SHA512d54ed335ea80fdf65a0bed48a454c99103ee8a17bd15d7d4aebbe5b9bd7ce189cb7d85d196b45a7e9f1da69cf994a0abbe5d4768039bbc27a24292f34541b41d
-
Filesize
197KB
MD546a5e8341319b59369d2e418e2c842a1
SHA147ff8401b4a46d8780ffa726532e9c878218f551
SHA256e7cdb0431a4c147f8f7bc6bba32944c36c7b06d9d6e5e81bbc9826e0916e20f4
SHA5129fa2a1c50436e53df4ba3a325964aa2a160c5ac51e4385f86545b54eceb24db9b65b480cacb3663f5c6c012ee96b9fe0bf98db354f5b9f40fed902d8e6c8f499
-
Filesize
197KB
MD5b27235f3841bb497fa99334b23812173
SHA1bdfd6693793e62972c0b9220dc9bc203f83e54d3
SHA256c0012f5fbb8386f86bb356acd7feb62aa94d65cc66fcedf28e5874693badf922
SHA512f5445517cc1673f0e1e1b5a62d3f9914d0c9068990e469cb71ff04fd037aad0104b161c26b0433dd97822011736b364e495bed6789b41f7aa51ee67710563883