Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03/05/2024, 03:50
General
-
Target
2024-05-03_eb713f1aa3be8b1683cee7da058978f9_goldeneye.exe
-
Size
197KB
-
MD5
eb713f1aa3be8b1683cee7da058978f9
-
SHA1
cd44abe8321f884db8482c424e86f3bdca015836
-
SHA256
3cc38d338d425649ebe82030f4587a33473938199cebfdb7b7a9856cb01e6a41
-
SHA512
bb79ec2006b5053f797583c36730fbe53cf3d7b454c23c52d3ba259e2e9cfa1dcff120ca7fca5866c3b937349d8f6c6ba12ee4cc1790ab907cec214cb01c19b7
-
SSDEEP
3072:jEGh0oal+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGwlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-03_eb713f1aa3be8b1683cee7da058978f9_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-03_eb713f1aa3be8b1683cee7da058978f9_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F99698B9-57EE-4891-9F70-2E3F1B8E7AD6}.exeC:\Windows\{F99698B9-57EE-4891-9F70-2E3F1B8E7AD6}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B684D795-8633-469f-B122-05B1D82A248D}.exeC:\Windows\{B684D795-8633-469f-B122-05B1D82A248D}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EDA4E507-1FAB-47ea-9432-A54C8A50F473}.exeC:\Windows\{EDA4E507-1FAB-47ea-9432-A54C8A50F473}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D99E538A-6E66-41b0-9426-E2142876548A}.exeC:\Windows\{D99E538A-6E66-41b0-9426-E2142876548A}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B3CF6EC3-98F2-4592-BE99-0351B64F3AC2}.exeC:\Windows\{B3CF6EC3-98F2-4592-BE99-0351B64F3AC2}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CEA38A17-C57A-4710-89FF-18F01D2391D2}.exeC:\Windows\{CEA38A17-C57A-4710-89FF-18F01D2391D2}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1A659FFF-FE69-4922-B62F-64CAD5C64684}.exeC:\Windows\{1A659FFF-FE69-4922-B62F-64CAD5C64684}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B42DDEA2-C934-4176-9299-A1E92038B47E}.exeC:\Windows\{B42DDEA2-C934-4176-9299-A1E92038B47E}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1B5896B1-D605-463f-8A9D-CBF55EE58DDC}.exeC:\Windows\{1B5896B1-D605-463f-8A9D-CBF55EE58DDC}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D337EC8C-4A9C-488b-AF66-E6011EF79045}.exeC:\Windows\{D337EC8C-4A9C-488b-AF66-E6011EF79045}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5E16AFF5-4E84-4ef3-A5BB-8B81ABD2F61A}.exeC:\Windows\{5E16AFF5-4E84-4ef3-A5BB-8B81ABD2F61A}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D337E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1B589~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B42DD~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1A659~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CEA38~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3CF6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D99E5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EDA4E~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B684D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9969~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD50099ea893754f12b7e9864459cab3384
SHA14d418398b25ddaf98c27a9f96fbcce8e32740ac9
SHA2565ebc4d5a33e6360a5152eb00732103daaf1105728622bb9609dc88903ac39f85
SHA51257fb10f3a8a16b23a19b6d97acb35991a51c57652c0441ade56fc3d5f54014785f4b7cf43ef7ae3adc9fdf10f928a1410f9b355e995f29114b41ef0d1a044635
-
Filesize
197KB
MD5f8ac857e5c087a0d0ed7359eb305cb54
SHA1b69e6ac801e7e5c645ac4b1cb6f784a36effad49
SHA25666c405e370b187683c82f98dc3eca6c9898c07f95f68054cbbee71a4144d68cd
SHA512d6eebb25fd490d02026340b2d7d28b5da587a455c597419d4ab505c92bb75c774c91ccddd6a711ea3be0d07f6aafcb729c41a23e6ae45da525c9ef48787945b1
-
Filesize
197KB
MD5104361ef8d30bd162329dc1c345368cb
SHA151d7e61406b2003fcf420ec79a1eb2150bc928ab
SHA256fd06d372a4cee9ebed6090625238c537e2f4f654800c0f3df2822c52f9963e37
SHA512142715faeedb9b9371851ae54bec9aa18f20b3ec2d2b56fc82744d81b0f7eeb09b8efc4578ead4b28d5c1c4d5f0f696ac66eda551da0a8df9267540c76d3bf74
-
Filesize
197KB
MD53bdea080af5ff7126fdc2ca3a035ca4b
SHA1201925a8767ab25781bed0157966a0123593631c
SHA2567174da13bfb1dedb6fcf7a306d72f4f17c374a5133a3bdb9d7ef96e93714ff16
SHA51221d8140b2389687d47249010f47847d0904bf6c37f183a6ce2f25a57bfd4a6a83eb9d0f2eddda92746e871c2983210498393254d3ecff5ff1a210b03914b7082
-
Filesize
197KB
MD50483476e73b11cdec55a9f185ee3e465
SHA1a8f67fbd4c1a2f845b7498c24f5ef960f67a3362
SHA2562c95684f63658012145f0c2713dc36faa1b7f35010146980088909b5f862174d
SHA51293037de0941bbb9dad21cb15f97933c74f79d008f3cbec89c1ee7cf26f71ef6578f657042de029bff330394b7a869be238b7ebe15ac8b7e27a0e4c0dd600d18e
-
Filesize
197KB
MD54d73e4e02fd87d5d09fac80bb569659d
SHA185a4497040aa599ab57fdf3821a85481b3800ec5
SHA256c2184eca2777e1546299a262ec119fca0ebe5b12fdcca1721e564d9201edc2f3
SHA512056384d1d9754ecbeff2b89fcb7dd94c1548eccae9a30b72d242f92b6b4e84b8de69347afe1d4a3fb64319a407e13c17a4ca3c2e13d7754519d6d5458ec157e8
-
Filesize
197KB
MD5dd5abeff96c1b7d2f49d2610387f2257
SHA15c9e9623d4785094b5250a7bd352b315b74e35e6
SHA256f7d76845c360926fe149d26a7714f97e4f915538111794e702fd48a7d7035b01
SHA51248e5618507c3550b00d03d22d5669834e704069adde8d5a24714de9ae2e4901e09ec1d5876e9f007bf14cee63897d104a5c7e67f9460c18fcfc3413614be033e
-
Filesize
197KB
MD50a4ae7a28da0230df3d6caedc9df483b
SHA1c3b7842025966002d1655e7c5dd69a208a9ce814
SHA256531dac128227134c0daca8ca6535d71317202dac036463b0f17a4d6b702317c6
SHA512622ae8db8ded02d1609a98b2b53e489ebd7607187885fe2ba2caf827a02f0eb346845bbbab104ada74ed8b7922baddaea7c6bdfa31475fe43ab3f0fb1e07b836
-
Filesize
197KB
MD51316d7910018d8f51365e62349c92c7e
SHA1020800981c171d16143c07f955b14d1441f67c21
SHA256e323ec1397940860eb07fd00c6785ea8f0a2ffc64e747b3f511e841d1cbb74f2
SHA5123661c7ef936f201357cbb8905291a9f5ec90f2893a3de6812b528c7cc56fe949586b69a8374ed08d682f9cc2733f3af15ea1acd557c7070ab3da4e8b0915586e
-
Filesize
197KB
MD5ccfa57134aea9ce77b9bd86095ac596f
SHA103ddc11f52d36aa283c5692176a33e2b545e55f5
SHA256ba02fc1ad370586b20dac9eff622a59986589f521278cbea49e1ac4c16b4230f
SHA512bae97a2a94796cbab8e2badf6a7778392dda436e1c7540676feca18281ec294a0077f67e4458b429e8bbc1589ecbb51da1b80ac7a354b389d2a120233ad42cc5
-
Filesize
197KB
MD5662d332fed889729be762ffde64e557a
SHA1c4bc44f535fff7e88813fc4a887c29763b3597e2
SHA256ef6b0a8f5b53e396adfa6226024c0ac428e8d8cd30b1d4c4ef70337794827a25
SHA512394b92abdb463a96b1ec3d40886190a335ad039c6a75c927305e9b44fa9bab49acf0db91c6751a7baa66cf28cb4a178c7aa75855183631976d798706ec67f238