Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
27/04/2024, 18:14
General
-
Target
2024-04-27_857d91c625b67d4a6f3e670e8932b4a8_goldeneye.exe
-
Size
197KB
-
MD5
857d91c625b67d4a6f3e670e8932b4a8
-
SHA1
218ab8bee6ee1e4499aa701fc3a0b4c52e7096a2
-
SHA256
4c00122619923c9063862cdf89e238f9cfa8d931224fc687b0069a780a84ca40
-
SHA512
19c80f633fdbfd13c8e198e5c881b63c530c04cc7867f8ffbf31bb3bdbe67952603fa1c732c5624b3afe2f577bc8ea99117e751817b166a4361858a6c0dca61c
-
SSDEEP
3072:jEGh0ogl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG+lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-27_857d91c625b67d4a6f3e670e8932b4a8_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-27_857d91c625b67d4a6f3e670e8932b4a8_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{73EFADB4-058C-4819-9DDC-3113D06E593F}.exeC:\Windows\{73EFADB4-058C-4819-9DDC-3113D06E593F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9A56944B-1433-445f-B747-1EB37B670D03}.exeC:\Windows\{9A56944B-1433-445f-B747-1EB37B670D03}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{98C9A429-857E-4cbb-B905-8058CEB4E701}.exeC:\Windows\{98C9A429-857E-4cbb-B905-8058CEB4E701}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DDACA0F1-92EE-42a4-9969-5ECBA84831B6}.exeC:\Windows\{DDACA0F1-92EE-42a4-9969-5ECBA84831B6}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{58AC873B-BBD4-48ec-9CE0-2F646993D602}.exeC:\Windows\{58AC873B-BBD4-48ec-9CE0-2F646993D602}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{70699718-2DAB-4ece-9960-89CB57408770}.exeC:\Windows\{70699718-2DAB-4ece-9960-89CB57408770}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6402DC49-D2F1-4be7-9780-9B515345F769}.exeC:\Windows\{6402DC49-D2F1-4be7-9780-9B515345F769}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{419DF520-6D26-4f85-9B7F-6B656280A064}.exeC:\Windows\{419DF520-6D26-4f85-9B7F-6B656280A064}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C6D2A342-B93D-43ab-83E6-765BA9C30244}.exeC:\Windows\{C6D2A342-B93D-43ab-83E6-765BA9C30244}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{13946497-1A47-4959-A4B0-D107588A60BC}.exeC:\Windows\{13946497-1A47-4959-A4B0-D107588A60BC}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{757584B8-00EB-4a63-80FD-17D7788306A3}.exeC:\Windows\{757584B8-00EB-4a63-80FD-17D7788306A3}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13946~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6D2A~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{419DF~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6402D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70699~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58AC8~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DDACA~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{98C9A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A569~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{73EFA~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD59e2bd3c8c2bfe404a51a7619c2c3b140
SHA100d1a379e070e6d2cb2ee92fb8f9e10edf4ce6a1
SHA2561d44136b48dbe3f2ec4834280c5430c2e2d31f64bedf6db6e38e5ec2a5f62813
SHA512113dd7347b625b75553abe43ae44bce7653196d678c63adc8b2a7169ab4613fe20776f29e714c3a20dfb185d0b7d048d87c937bf1def0bbe3f52230da0b19e1d
-
Filesize
197KB
MD519d088eee2cfc69cc9c2ef0b792907d3
SHA1e42b31a5601390f239d71fae4f1a5b320be30d6c
SHA2562cfd66abb08e443c507a43084c8a9b7ad42569709bbbba7dabb350a6757c6ff2
SHA5121a7a9a69a348ffd7abe5f74c5baabb5e1a0b857189c8ec2ff652edfb6460966b284256a6b7078b251e3f15599a707344c55e79977f5f008f0514bba9509142a8
-
Filesize
197KB
MD5d7cf87208d1d55c67ea33a03317609ef
SHA1dbe0a43c9b92015d591339fc91189ab3e3a0cbfc
SHA2563e9adb306fad9765668576c5c6e63fbcfe62387c6d693e4cbcf7f043c665b98b
SHA512fa6cf0ffe6954846e835adf423101d269f27eccd78ec89ea45af96337ff7b8271ca7ae4dbbc1b9b0c431800675864dc70159278fb8c49496a78edbab409bcc95
-
Filesize
197KB
MD54fe23cb89ecbd2a136e96b155da6092d
SHA15d6c91c7f6155009f89511cd95c99c0b2f05ddf2
SHA256b843caa52ab877e508d0ea17ae89dcf4c5f4bd128f4f68ae1b1c5dee917a9a48
SHA51247f25cdeee9610aff58843ddc11a3bac268b478b0402edf54b27f6ea43657c1d3ac13ceb68b42cc085bdb9ce3cc88af72adbb6348da6330051c250199fcfeb9f
-
Filesize
197KB
MD5ed5df6c63251030e85620ea7d3329da4
SHA17060e1e01785edc83633e0b08246ffa9640e510a
SHA256be8eea009bef439c05b4bc85099d4be70f4333077673d9e9f7207d2f18f03747
SHA512a08183ea1fc56fd74c27d181041c268f9f63c848262bf5ea3e9ff493004d93915228c22ac910b73e7066da1989f84b799b3ee9461c6e32c489fb6eec80583155
-
Filesize
197KB
MD53d615f3acae94ffb6553e912d13c3213
SHA124ab7a4a3431f4f8cfb3dadd22fbbf57e8cf34c6
SHA256b786427c41156d4393a467b7aeabc22c1e8ce9880c3c1661eab5ab14795f7d43
SHA512916b0df4a4a020078199996acc538b3f05174a91e9b492263ef7130a18b34fae0d3ae7f82e6d735885f44af97e4986f4f30c41d06c758c83b4b6f3df559445f6
-
Filesize
197KB
MD5f4aaf05db8c87601c322eee75da51892
SHA17ba150c256262f787d981c2a7ab48463e213d9c5
SHA25667990b3e4330a03c2c5e4bcb3ca0d6223a760eafa08172c5d00cb474df1c08e3
SHA512a24381c82ca5ee024564fef31d5dea09ac26fe968250dac1e992e45b4ab535c18ef4f357574f3e7dc2adb017af5411893e8b630236d4015f7b16126ed0957eec
-
Filesize
197KB
MD5bfc9d058d1da65abd3bd0fb2cd5fbd13
SHA14a71baa41fa573c5226f9d965fac8a8464ca6aa3
SHA256bd447dded066d003b0e6628569093a68022167450b9aa129937c98885331cab6
SHA51201cdc89196a6169fb59cff8e4785e6c84b70eb8b7b65340cbd7ca1e77a191033f1e194ee0107021276a2d9530146688f5fe5d571c1907d58fff84a9585995239
-
Filesize
197KB
MD57742a03173bc1aa26e35845e4b753983
SHA13090998ead9e72d4dd976a8385d0e2ebb98ea900
SHA25610bd93a4feecc743c540a862e7c2ebaf493f41ef1232a2e5469c1cc0bcc7a5c7
SHA512b9e01225a06d752e7ff86c293e4620485ab1b60fc2f1fdb224cf286f7a973ff00e651c7f8c0cdbcb176b5097b1be12bbfeb9ff7356f1c7a030fdfa3cfaff87d6
-
Filesize
197KB
MD52a561a907e181ff44f8157ecc7327cab
SHA12db80c785e45da986eef702eaf2e4e29f32c2f3f
SHA25640e763ce91caef388bcdbe21847f72f3200c68c776467f7ff91eb7614bce723c
SHA512d63916f45a5ec7f48e06ef29f97bcdeb23117ecb2fb94832e0de290a06ff131bfff5a1a008e531abf9e88e9f574bd1a3dd8e9636496b5279aff5018cc3560b09
-
Filesize
197KB
MD5ec19649e46cbb2d7213d883a4ed8d43a
SHA103d942b8050bdf87fd936d91ab1c54193af26499
SHA256717282eb2531d9a0dd2de0bcf4ba9b4e2ef26c66f77249b0e0093b1526cdfcd4
SHA5122b5a4f4cc60cb703238eff01e368c97cf10232ebf4ccab27221bba044b81fe472c0482f2eb50f1bd9e1b71bc739c07fd0bb6c4f47f9abf9212ae4aaf7368b8aa