Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
03/05/2024, 16:25
General
-
Target
2024-05-03_3e8daeffa4ab772c76221d28415f2809_goldeneye.exe
-
Size
372KB
-
MD5
3e8daeffa4ab772c76221d28415f2809
-
SHA1
e25f64deca938bd799deccd01a9c065d7726efbc
-
SHA256
9b32b9837b2db2fe31a3906979999d7663c41227e104c868c7d6e510a7ec97fb
-
SHA512
abad844504e40ff18f8d76aa7df0ea477d118ffc8046e6cbd344c3c3cf96ae2310ca8ce65e32bac4a9c66743323a0608efc97903ba027cdb0bb6fdf0ba02e0e6
-
SSDEEP
3072:CEGh0oWlMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGolkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-03_3e8daeffa4ab772c76221d28415f2809_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-03_3e8daeffa4ab772c76221d28415f2809_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{22796916-FAB6-4505-BAF4-D836044EBEE0}.exeC:\Windows\{22796916-FAB6-4505-BAF4-D836044EBEE0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{34CC497E-D2A3-4e0e-9A24-BB6C4A7355AE}.exeC:\Windows\{34CC497E-D2A3-4e0e-9A24-BB6C4A7355AE}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DA4270DC-57D0-4014-B591-D445DAE8B6D2}.exeC:\Windows\{DA4270DC-57D0-4014-B591-D445DAE8B6D2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{33EE2F5E-730D-42eb-B5DF-48EB9FAB5155}.exeC:\Windows\{33EE2F5E-730D-42eb-B5DF-48EB9FAB5155}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{05D7549B-CF1F-4bec-841A-810A21768D59}.exeC:\Windows\{05D7549B-CF1F-4bec-841A-810A21768D59}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A0A0D463-AF81-48a8-96A6-A3F7244E7402}.exeC:\Windows\{A0A0D463-AF81-48a8-96A6-A3F7244E7402}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6BBCF635-78DF-49c2-9B1F-16DB5D64ED3F}.exeC:\Windows\{6BBCF635-78DF-49c2-9B1F-16DB5D64ED3F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CB3D5334-80EB-43bc-93E8-954D9E616A20}.exeC:\Windows\{CB3D5334-80EB-43bc-93E8-954D9E616A20}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1C2DE375-07E0-479e-A9E6-8DE1F934D8E4}.exeC:\Windows\{1C2DE375-07E0-479e-A9E6-8DE1F934D8E4}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C91081F8-32C4-488b-987C-E5ED75CFEC21}.exeC:\Windows\{C91081F8-32C4-488b-987C-E5ED75CFEC21}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0240DB31-0198-406d-B26D-AD869554C66A}.exeC:\Windows\{0240DB31-0198-406d-B26D-AD869554C66A}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9108~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C2DE~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CB3D5~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6BBCF~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0A0D~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{05D75~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33EE2~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DA427~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{34CC4~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{22796~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD511697067d8396cd13f1b70614244b982
SHA1f39ee45dcb4322366d799ca6e266cbeba22f9102
SHA256bd019446eae8db6cc027ddec335e5f652c6666fba294307be252b6bf766cf3ef
SHA512cd4d60edb1e6b1711933b418882aee97cb79104160077b051b889ca1a0e491c7f1551d583aaefc381ca9737da12c7bd2a9cdda37809c00185bdb65d34c8f2402
-
Filesize
372KB
MD54473d4c04e987779ad129fb9d584c79e
SHA19c62b7fd77446c4ca76dda671b081d3a0f0e4fef
SHA256127caccf48b0c5c18542ce7c3fa4889716b71b238aeae222d4544500f7db7345
SHA5120ac751de7a3954cc1d08176a584d34901c1927acd089d127fe2803a3d684ed75d992189cb2ad7e43aa0cfb7c60d19ec6603e44ab2932dcb96f14dc946193b8b4
-
Filesize
372KB
MD5d88db6cae790a362431bba202310a08b
SHA101eb22731ae876e1327890608c4a749a63054605
SHA2560aa738057494481cf72dcc58ada8aa9ebd9715a10cc1e76f8b30e6db5a38c57a
SHA512048fd946810326283d5d9272b37bb70c938c163cd94afeb09155bb416c79536993fd0d6ad763262c386d9ca0ee574eb40d12babc6652b03c06b316461cd63e1a
-
Filesize
372KB
MD5167c4aa433f86210cec957dde2f6debb
SHA18dc73c5cc5717fb369a97867b4541fca66b9423d
SHA25642587768425559907f697c6e8d140cb7e365b734cad84bf070ebd0af2c8f19e8
SHA512106a87e02fbc0c5b961c649d4485c4fc36280353cd87582e2e7e14259570f9481149c30eac0f2dc3b534c1a5da06883a6568c8caa9bfd3f6a2f7854982c1e8cb
-
Filesize
372KB
MD54d82190e44750dedd149a49b8c233f59
SHA1357ac5038b008d167586354545e6afd689dbf242
SHA25636e9b5cd4d9f3b6975fbda62e23d22dcaa14da95009279b24856d7b0eee5f683
SHA51203522d88042fe604620d9682c85944cb48d05bbdf29dbf3fdc989b8e45efc4ae76376dfa88151907f9727600a06905ce6b4a3a455b653618f9e1b7dd3410b944
-
Filesize
372KB
MD5943deb8995322473be094d7cf1fcc1e7
SHA174112d1e45398c2fe96b4f98fc2ef3e5fd70fe0e
SHA25693c1ce500dffacdbb3908f49884b6d920d6d0bf95701cf086ef95d0911d1137d
SHA5128f3b05a3ab8b84cf58f830ec046f8f2a35516db5115b3a217e6a2caeecfd7c432f985a3e7e39b672b914b2770dcdb8126cb7c48447e32d14c9c3cd8884cbe255
-
Filesize
372KB
MD5ee6c00fb7f84eaaac6c1d40448d83771
SHA1393cf312d7798d4730fb1566ce49cdd02b2f7727
SHA2563d23b50e0c1078c8fcabc7677a36a320fc2056a169f468ae436091955fdf4840
SHA512ec3dfc13ee8e4349744f12bacb66c3ec1eea691c44abe0d9b9697946113b0c2e963b214d189986673fd15b845cc9b5e3d66b8d474d8f3b27b4fac82628c1856f
-
Filesize
372KB
MD5f12c868951d342a9ad7e334146fec52a
SHA1bd2f3b87fc78c467e7f72ebef0bf8c143fad1f39
SHA256ce37f4b4209ce4970ac668c8f1d002a1baf4ef677c5721661411bd3e7377bd4e
SHA512dbf03a37296edd7aa5b5d49d730d629a3b59d6a04a101646d3b2c33e315122a4fccaa9478fbae4d5321051e47e3b1e9b85ff7f1dae3f99f85ebf365428766c94
-
Filesize
372KB
MD533f31fbea05af8bcd277423ae5b555aa
SHA153af20757a50cc148ab0ab3f4b8547b9de0ff1e6
SHA2567b22f19f9f491fe2f89ede61c97bf69c426156779d8f7ae806bee4f2e352ad91
SHA51276d9550fd322492f354db4cfa19b93747d798f74fb7a605a1896ac38f16f712195b58c7ddcf0c898cae59fad101f174ae5b2c4e251a7ad2b7e41a5e8e5b9ca19
-
Filesize
372KB
MD5b3fe95987fe6e598123dd692002243e4
SHA10c2c90c65944e70d6c4e08d3e771aa31d9194fa4
SHA256e9b48dc47a1fce1ac33b4f7978d881e38a1b26f7c7c210588ca1941cd9f01873
SHA512ca06bb1ab9c52ba4fd2caa5dcf885d7adecd41a23f11032455ff470e22bb3cffe60a0623c4c4b4867701cd0f2b423ddf33d5bfb0e9da0b6c0b7c75f5096df9eb
-
Filesize
372KB
MD57269e97912758dcb196bf6c396d0f266
SHA13300d6c0af06ddb8fd8ada2c4be9415efe231596
SHA256243d0bce5763867c9606c394e3131b8a0bf0dd548d9c4364b27635cda368eba5
SHA512fd2029dd83a966bb07092151dcee8b7c93a036c51c6718f4eb64d5457f8a93224c31d6c7ee26e4e69494ce058b667c49030fca57be20405bd44c65f8f7cc794e