Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/05/2024, 03:49
General
-
Target
2024-05-10_6ccb4e35cb94cf57674cd6bf53a58f73_goldeneye.exe
-
Size
408KB
-
MD5
6ccb4e35cb94cf57674cd6bf53a58f73
-
SHA1
d469c1518905d32808f212b497f4de690fd38a91
-
SHA256
f84723c93140c9de052f5b675cdcf990a9e6d039dff58b0ab951b04a4cf5f0fd
-
SHA512
92e858afbc4a4533f0ec8669261162850814fc0be92a463aa8a5f5d414c871d4b5d791833f447983c91e6d02f0d675c19f4fa5c6c10e73c656799c8ca57b1aba
-
SSDEEP
3072:CEGh0opl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEG3ldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-10_6ccb4e35cb94cf57674cd6bf53a58f73_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-10_6ccb4e35cb94cf57674cd6bf53a58f73_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{63657DCF-AC52-44ca-9151-5B6E3631742F}.exeC:\Windows\{63657DCF-AC52-44ca-9151-5B6E3631742F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{083C3FF6-C9E5-412e-B252-D5A3EA6C43C8}.exeC:\Windows\{083C3FF6-C9E5-412e-B252-D5A3EA6C43C8}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B886C6F6-FB88-44aa-9CBD-93F75DA7F56B}.exeC:\Windows\{B886C6F6-FB88-44aa-9CBD-93F75DA7F56B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E528448A-1E79-4992-B111-977BB2A57942}.exeC:\Windows\{E528448A-1E79-4992-B111-977BB2A57942}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{176B67AC-47DA-4782-9627-BD7DC816E159}.exeC:\Windows\{176B67AC-47DA-4782-9627-BD7DC816E159}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{459F86BE-E897-4c34-82CA-21E4204268DC}.exeC:\Windows\{459F86BE-E897-4c34-82CA-21E4204268DC}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4753ACF1-8785-46b2-8642-BFBFD3D57E91}.exeC:\Windows\{4753ACF1-8785-46b2-8642-BFBFD3D57E91}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{44F2E2ED-EE69-4aa4-9015-53A33110E36B}.exeC:\Windows\{44F2E2ED-EE69-4aa4-9015-53A33110E36B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3A9B9FEF-F737-4a0a-9E75-77A5EAC02EFE}.exeC:\Windows\{3A9B9FEF-F737-4a0a-9E75-77A5EAC02EFE}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{075C78A0-2B43-4a58-96AF-747FAE3622C4}.exeC:\Windows\{075C78A0-2B43-4a58-96AF-747FAE3622C4}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{EE521760-49C8-417c-BD64-8033AA0A7688}.exeC:\Windows\{EE521760-49C8-417c-BD64-8033AA0A7688}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{075C7~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3A9B9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{44F2E~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4753A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{459F8~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{176B6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5284~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B886C~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{083C3~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{63657~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5bb1570d887063d66f6f353328f8ff982
SHA17513fb121a2dc666d2d04c4a5946cf47b76c94f8
SHA2560ac4f95c3f9f33008639f3a8e1339c0c33ebcdce3256d259a445be4ac6d013ef
SHA5124e6f4da86882e1bf959cb4073c0de1d11685d1cf35c93d8202042bbc1c753c3bddf1949ff489f1e6d97d9f9164ea4077d230e2550cf131957d74f9a25406111e
-
Filesize
408KB
MD52fad1551a11b3e4f157221fc7a6219de
SHA15b5028a1ca08ab6a039e55c51260b6db8b1dcd0f
SHA256570d5df0fc84b6916ead2e8b9467636c0a9f68e84f10eeca3e6da65cd9eb92ae
SHA51285ff2e255799624c4eaca8e38ca4a7c97ffd4ede44ba14c049e041603b8ac8897d8b7bdf206e3d72653c0eb9f55a190f8ab6566e892e9b04888ccb3e8b1635b6
-
Filesize
408KB
MD5c40498b7afc958df3b934ba91ddc58b3
SHA1eb0afc8be5dead5d36451ddef3a755799de48eeb
SHA25641f18c31f13cfa035aaec4e5af1773bfa1249be33420973e0d010c59127a57a5
SHA51226c77fb29040eec3b34edc5df3b7920125e9ba742aca42bc47952451f59e8c398d8ca16de34ea5a5d01ac737e8780094e9d1d47d018d940019ed6808c32a5ee7
-
Filesize
408KB
MD597136f56e0c83cec82e10651bb5987a6
SHA160885a2a2aa3e380f586599850c1e716b974be36
SHA2566ca674ce1277610709b7f8f287ada54c596d6cfaae950d3ac5f9b38e6bbef8b8
SHA5120da352e2321f3dff820b1e8095489cfaf7f3cf103488155f4dd87a527e5ebdb749360561ea739106b41e65d311f2b65dd9a8d1ade4c69fd7f15bafb5150ef85c
-
Filesize
408KB
MD50c71832ea6c5fe2280b6065bb93665bf
SHA151134986abfdb23d7c3b90cc5df656b6e00546f8
SHA2568f72c0da7454ecd5bfe5e1ac02e42425ea2206db7fe174da71820dd09681f06d
SHA5124a5d25504aa37a887433ac02440f3a66f620bd1b75a0a1db5ddf3888ca25b32902386fdd976e0334521eff1f0ab61e72461f2be890b8d69da3b39a0c3bc9c2c2
-
Filesize
408KB
MD548f16058b7bbb6dc49da36719d845e1d
SHA113984b028328a5d2272ca93a7b0d309e0733d50f
SHA2568e442deccf626a5f181e153bab57671ef75178cb6e27030349adec1f401dd50a
SHA512cc7950f7efcb206f62498a00447aa0d3b26c9a5583fa1fbd3f63b29a558f31b2b609124cd1405e05048845b3de426cee37c56c2a8b0a81edafacd0478cef4d74
-
Filesize
408KB
MD50c1671c4f4e1dffb513fec994b8e3ab1
SHA1303a4613117750bc76adde3dd71d70aaaa8d7a91
SHA2568fe9d9e05d6f68e48d7ad5e0faa8cfcaf3c1c944ffee51e8d5e456dda3bb3341
SHA5124e5ac950857d25e363da7f06aa9e9d3ec559da996ed720165aab78beb6d762fe6fc03db85b242914cab3fe78676e864d5449ecfb5a5a1bfdc62110234397d36d
-
Filesize
408KB
MD5d4e12a7d5a19e8818fbff377749011df
SHA1b4b88f01a29fa65d219db696916300aa4565e9e7
SHA25623fa609b207f114477a3e4363044287b6d3f8bec307d077319e9acada1a73e52
SHA5127d25abe305a6a1f0b8af0a90e0949f65c32d5537a16c8b0ee6ccadf49bfee7a17d0e74e3b14a1603a14e4deb08fdb73af20bee921dff18dde8d08362f05c06ac
-
Filesize
408KB
MD565e820734cbc5b0efeb759a89a888c7f
SHA1e3eb1e90af11ffd3b54702642f361f49135ef776
SHA2565e02012665c21a363f38197f37ca8e687a3c23fc7ae47b979fed860aabfa028f
SHA512065db6ac8a767cd732167f2f863228569f0ab2b10b7b26fa5ffd7bc38cb4d22ebd0bdb1a052c4ee35fa76e88d56fa1136e5fa45c04b9c3576e26b3cccdeb33ad
-
Filesize
408KB
MD5c1085756dac118e1715e783b59db335e
SHA115bea8add554b8063b006292987ad2701c733d39
SHA2564b46c89d195d2e4bc6d5eeefa4b6d9fef205609aac0aa17d8ee2e2683023994f
SHA512419e549da42a5c2c9e2c725da66e3ca293f60e5b6aa48c97ba6c8590324343fbe0f712adf84ce090761b84e472868b09644fc1f398eb4a8c084cca2422ee31e2
-
Filesize
408KB
MD5b07cbe514352db7f52df351d5961ea73
SHA1d0a27b07b54290cf57ff25285c96ae494489a8c5
SHA256aac7c61161f765c2647c1fc54633fc5d05520436d28fc623f880fc27104a90be
SHA512624bed3d99611f0e20270442bf8fd4e1e232b6ef50d7b8b50a6c4cb993666ac7316c09dfb869894009666609e9a86fb6914d1ee1553001ba82df36f72905d785