Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
05-05-2024 14:34
General
-
Target
2024-05-05_77c616e1c8e25a4c9234a851fabd7fb6_goldeneye.exe
-
Size
216KB
-
MD5
77c616e1c8e25a4c9234a851fabd7fb6
-
SHA1
ae77da10ad413d5a568e7410675b7ba9592a6e2e
-
SHA256
605e762fd6fd732bf7d34ea46f2d923748cc205f3574e4e518add14b8d75d7e6
-
SHA512
22c1e4872785982a70d539401ab057539a6be3f8054185c19dc85ef085583f60b48ab8e0a67d26990c7ad526295b9ec07f202fcea12be273cefcc7b2e76f1022
-
SSDEEP
3072:jEGh0osl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGWlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-05_77c616e1c8e25a4c9234a851fabd7fb6_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-05_77c616e1c8e25a4c9234a851fabd7fb6_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{253652F9-AC3A-4bbe-8559-4F6191712437}.exeC:\Windows\{253652F9-AC3A-4bbe-8559-4F6191712437}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3C971752-7C4F-4332-8765-86494CE45744}.exeC:\Windows\{3C971752-7C4F-4332-8765-86494CE45744}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DD11C70F-34BB-4b4a-B214-C8F1EB4A9788}.exeC:\Windows\{DD11C70F-34BB-4b4a-B214-C8F1EB4A9788}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{24046C74-2C6A-4011-9256-6E2E087515F2}.exeC:\Windows\{24046C74-2C6A-4011-9256-6E2E087515F2}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{105461A8-4B97-43f3-AC67-54D427EE152B}.exeC:\Windows\{105461A8-4B97-43f3-AC67-54D427EE152B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9C5DB01B-F33A-4d55-931E-BCF4233084C4}.exeC:\Windows\{9C5DB01B-F33A-4d55-931E-BCF4233084C4}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2EA1494D-0A84-4ad7-9980-A581F7A4FE82}.exeC:\Windows\{2EA1494D-0A84-4ad7-9980-A581F7A4FE82}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94BB6E7D-5F0A-4120-A9D8-7CB271C0E64B}.exeC:\Windows\{94BB6E7D-5F0A-4120-A9D8-7CB271C0E64B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{EB4246B4-BEA4-426d-A252-C871E210AC62}.exeC:\Windows\{EB4246B4-BEA4-426d-A252-C871E210AC62}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FD6B4A03-06DA-4db4-9D02-23AA7B30A704}.exeC:\Windows\{FD6B4A03-06DA-4db4-9D02-23AA7B30A704}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{15582532-6964-42e1-A4A8-BDC5073E5B56}.exeC:\Windows\{15582532-6964-42e1-A4A8-BDC5073E5B56}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD6B4~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EB424~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94BB6~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2EA14~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9C5DB~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10546~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24046~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DD11C~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3C971~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25365~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5cf5a8a12977fe341b1be06b2c8853a1c
SHA119ccdd783c2a53b96480ad9fd90983718e28f40b
SHA2560fe66aa5f60e8f8ab9b121eb0eea6a82ca01b449ca1e892b4d89d08ab206fbb6
SHA5126c2c4b8e87bd4bfc07b9a487d2a3fc3f81f583e629d8e661d1ec712872a99264ec8803cdfb3ae8e204a862837b22829abe94f5a9af860ca0a18dfa0564b9c3a2
-
Filesize
216KB
MD5ad6069d8e704c5a9cdfde5bb039bc78e
SHA14229c734d49d1a1387d51559fc973c1754a7bf76
SHA256ab7ae18ec8925d6811305b45ee576d8b739bf450c2c710bbdfaad4fa380c9bb9
SHA512d043724575b0c0fae5d03e695bf567777f883cce794a123f684c9061a6b2804415e6e71d3dde00c92026d93d39b03335e0fbc199f5dc85131feacf28b0a4c529
-
Filesize
216KB
MD5214c3328dbe6bfa2da2456322b773d5e
SHA1b3b7ee71a9472a3666d089b2e5469c892feef698
SHA256d3b55f51f82575760492c98f1b941d9a7917c0f38edebd9a5e54093b0d42088c
SHA512522295f31bcfebdee3824c403db1fbe9c31833187ed7eb3c8547719f61aa9597cd1ddb45d000a7cbfecae12a09873e3bca2eefde30b223866ff49e77c800431d
-
Filesize
216KB
MD56d2f715710401ce813e61786f1ef8c50
SHA1d9d5e3dd5de0a3708c95d10793b7c3463fe284ae
SHA2569bac6d84be727f9883334a20e73966233e406cccc440e36c94bc35224a4ead18
SHA512aade2240dee3c1f122c631beafcc9bdb53f3222d77c982bb2c8be63e278533492dfbf15d73b1dcf62ad98a8e4190f06bd5a2f3a18e06d5ab479774a094deef2a
-
Filesize
216KB
MD5d26951fe470b4309f45a05dda73b97a2
SHA1c890d4a11fc03f0814593eb2c304431bf960d681
SHA2563a73275ab25a9a420b0d95f6260a37e32d5433c71ea72a8d1fd5cd8d79d3ad9e
SHA512630385cef8346ae0d330579ca136852f41ff9d0fa3f01a91704aa00e40589af7d088ca9347ed945d14a11775a8b70428c65ba71d64cc43d0f86670c74020ff03
-
Filesize
216KB
MD55f230a629415f72e00c728db6ef6dc9e
SHA13d060b2ff6fd3e27df5bbfec81592c33ce353862
SHA256ad191ab1ffe88ffe078c6a1ed4cc7ab0c26cf4302c9ee17a48fcdd3679ce2924
SHA512d135d5987bd12cac0ba8eb0d45926b342d3ebf577c62704b00601d455c1f67f03be06396d356988fad9573e0d156a95451b80557ef2f7cd6656f950570ea76bc
-
Filesize
216KB
MD527c126dbcc8dacf2e8d211d2a0810d6f
SHA1904f08aaf23c18adcf3b7297153700a76a03cdf9
SHA25698e66839588eefe15a41ef92f99d304493e723ca9a0d58064acc9314a06fd1b0
SHA5128db334ad5a1d349870581e0085202f14ece0a1b2a8f83958e6bea9e752558b682c8560beb74b7832785859ee5348d36d57ebf2b34568ccb09abd4cf681317e1b
-
Filesize
216KB
MD546b860fa64ef09c810f53dff4eaf3f8f
SHA1e105e4d0d69c555f5e874d31b72bf24e678288e6
SHA2565eb1e340fb9da3621f985616c8c4a8434fd3e6ed39a57af404e75fded78070c8
SHA512e15e586dacc19b90a2935154a7cf326373cb1779a72f81766198a00294c745bbae5031c8b6ec3365450ceb204b05da04a7e8efb886d063c62bfd37847ea07581
-
Filesize
216KB
MD55efc8302381220e2996b0057476bd5d2
SHA11a4f0196783c29bc46a7627aaa41ed2fa8ffe9f9
SHA256fa2f7ce60370c0d8264212254273575dc28f8567a8fc5eedd01b960230e3942d
SHA51267a8a9b9739c7ff5cadb3bc5734ae6665aac712862c4e6b4925d75480918dc30791a4df6a79e5778abf599e2ff2bafe197f7f4fdf60f7e7275f4e05c7f048688
-
Filesize
216KB
MD5986db39526f7dd1d30c0bc78e28d75c1
SHA11f0fca6b6dfcf999f17ee73ff2a7c0ae573104b7
SHA256fc6b6cab10394f4ef2b62a7545e4b86644cb47cb4396207bd1443fa86196e6ae
SHA5125d732af264c18a6be267c0880aaf3af4a4df90a34817d65800cd4fefe61803ccaca7b2da028c3b601ccd56119bc816c942e9017d7e973a4bb75db996efdca45a
-
Filesize
216KB
MD5cd4b6c36f34037963f5fed9bf5c90ee8
SHA1840347e24b8a330958f3c8f3a4534638fe5f354b
SHA256388b3f22b08a9edbbc13b88be661e1a565d88f8b74a00c18edcbb7bf1a53b987
SHA512bc07bf43766678d3f3b2d9adf35ce92e57fd05e05ff6b12f264cf05d30f2901ca5cfd8611725e44b90e898f6b433dee36c2933a836a32f5b53c0970af5ccd60e