Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21/05/2024, 21:07
General
-
Target
2024-05-21_9a19070805ddf83332d484708cbd0ee1_goldeneye.exe
-
Size
180KB
-
MD5
9a19070805ddf83332d484708cbd0ee1
-
SHA1
ac69b118036aaae559903ba12a39abe476b9d950
-
SHA256
2cfa0e31caf611587b5221e6ad4852dfd0de43679d80a8ea77ed05ba54661dd7
-
SHA512
17c62d681e3a4eb3ef2675098f584af1b461c303a5327fa4a9421f4ba776f4e18168e6641cfec11a6a9688a319361c9ce5d946c6c45a7a2440d613cef6f3d151
-
SSDEEP
3072:jEGh0oYlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGWl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_9a19070805ddf83332d484708cbd0ee1_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-21_9a19070805ddf83332d484708cbd0ee1_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{33939802-EA0C-44fe-83F4-9668481C202D}.exeC:\Windows\{33939802-EA0C-44fe-83F4-9668481C202D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A87E82B3-57A3-4c6b-B80A-EF2B247279AF}.exeC:\Windows\{A87E82B3-57A3-4c6b-B80A-EF2B247279AF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8E66663A-07DF-4775-9E7D-E5419DF90D3C}.exeC:\Windows\{8E66663A-07DF-4775-9E7D-E5419DF90D3C}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EBE65A70-A632-4300-8D73-30A0C7F86623}.exeC:\Windows\{EBE65A70-A632-4300-8D73-30A0C7F86623}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{46197269-01C7-4480-8382-45181AEF1FEE}.exeC:\Windows\{46197269-01C7-4480-8382-45181AEF1FEE}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B416AEA5-2161-45f9-8A65-ED94177C8BAF}.exeC:\Windows\{B416AEA5-2161-45f9-8A65-ED94177C8BAF}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B6F16FDD-1382-4f97-98B8-D42B5D635958}.exeC:\Windows\{B6F16FDD-1382-4f97-98B8-D42B5D635958}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD6BC64D-B858-4252-A0AF-A5A5D28A028D}.exeC:\Windows\{FD6BC64D-B858-4252-A0AF-A5A5D28A028D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C869A129-1AFD-457d-98E9-706308070332}.exeC:\Windows\{C869A129-1AFD-457d-98E9-706308070332}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{313F2F27-2AF5-401e-9BFF-4C035A073D52}.exeC:\Windows\{313F2F27-2AF5-401e-9BFF-4C035A073D52}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BBB11934-46BE-4289-88CC-06D2CB787C9A}.exeC:\Windows\{BBB11934-46BE-4289-88CC-06D2CB787C9A}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{313F2~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C869A~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD6BC~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B6F16~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B416A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{46197~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EBE65~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8E666~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A87E8~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33939~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD56b1ed950b2d0d52440a1d469a2539f36
SHA140a7d6865739cdb078c312868cda000cd49d7119
SHA2561581587265a13e09d160fbd7b7540333cc08996b19b856dfe245cc5c6fc35928
SHA5123145072b7e6bbdc3077e9b6abd5c4c48fe9888fbde386f1a2c76b51466f0144ec84d51a3248889f4edb0bcaef49e4fa8ea50fe40f643cc954e7c5fea1cba7397
-
Filesize
180KB
MD543439ec168fa1472c1fb5ddd6125defb
SHA1536cfdb31e968d62f71a97ecc1bbe488e47af40a
SHA25635386017db07d58ac45fb62edb1ab5287cd1e31551ea1d232cf7b2e4cc474b2d
SHA51209662710fee86a9c2458a5c6884d1f43afb4350e4da7aad2f268b154bfef2697e94c55263f2f1dba2f7c3af6535f8c573de2e4d01a8f6516f94fcadbb1d6c16c
-
Filesize
180KB
MD59a5d68d73a0b626584f672e23b314c44
SHA13ae4c7ff691d5b5f480a00653851914438c80d09
SHA2565d55bd56e754593ae2a22e2156afa4aba7e46c1a7c1047cc7cc059d55946fc39
SHA5123d9888b487aef8e90ecf871ea53495f6945295d41895b23f04253bad6267506544efa871c87a8747863ee3129d03ddf11acd947c92d13927cb80f5342787e71c
-
Filesize
180KB
MD535026f7534c02800c9c7980b80d13f49
SHA1c09f537bcdeba6221724c8b6c313f1b2881b1c63
SHA256f5895adab03e6ce1c7d03a842d7dd91063e907841a85887235f440d17045ce33
SHA512bad917fdbc3dd262d316334876df5cc6ea891e29243e5fbbe0c3cb641fdbe83011e44eaffe475781400534ee328a2f7985c5a27a93162d48392baa9cfc9a208f
-
Filesize
180KB
MD5497dddd88daf71eae004138bff839add
SHA183710e7fd7facfa5414eec2ec52fa5127249b287
SHA256ae670e5bdfb4ab9fcec7a36a77eebfca0704835d67283491e6356e5589275d75
SHA51217ab4ebe6019639bd4c377c04987632e21a4c0c3b74b9f945680e2bcaacbc1e93de2bbf06c470a3c57a1154a9ff298654f668647a765f5670c7f85e76721f729
-
Filesize
180KB
MD5d12515190dc0e8a847d8db3d7a0fefd1
SHA1fd53ae687e7a2be2f667bb43af6a27eaee62d34a
SHA256066d2bc6eea79f9f8019b445c27c813f4278c49b27f2f993c4fea642878ce0cb
SHA512446104ed2c841f307065f8a5d2ca35b4c036b383ef20359c093d4741d0f84737959733eb05894928cde333a970449f7b74df43096f9b1752ec48865dadddd295
-
Filesize
180KB
MD54d6da1b3e7757f33bb3bb557e0be116f
SHA107d077e41b682f19852f0ff2a2f675341c6c144a
SHA2561515452d2a886aad86cdd1d817e6679b88c635fd5e23a24948affb72146587a3
SHA5122810e06d8e6dd7a41b05e485821c0b8d32d2441b68a279966e49dec8e87d74854d25d629ff706626d1a983492057d09f53c49274642835b699afa8221cd43878
-
Filesize
180KB
MD5df687f5f666126268197f4be31d6ca9e
SHA1736d880bb2e60d22f0dd8d004a1dd05ccd136557
SHA25682df2a5a08994e502cdc299964a0a4fd008f51b91de26d1a8cad05451f1badb3
SHA5121a59da2017856d5030e6e5365532399b93a5c493e7709f10cb50da0bd71c4a53812ca9caf229c950c7ab92b3efe6f2e37cd1b9e8153b87d9c4b8d22c0c184237
-
Filesize
180KB
MD56337931fd3300f05503b5f4f35493dd4
SHA15af5d1cabe5a9aede48a599bf110b2ae29808c8b
SHA2561c1baab9a489eee8947b7a1759ece31a49cbd7677d95408222f153d3ee4f2f29
SHA5120f1d6872b5f98920fff5e826ebd3b50413271e6a7d033d58574bb7cd7b6439a13553aec40c7b02485624c37fd1065cdde0bc0cf84d725fbeeb397670267109b8
-
Filesize
180KB
MD54994be0c026585329ff27c0300ae54bb
SHA1175cac6dc6b9581ad2f49b1341f338b193c6734d
SHA25672185fe95b8391ee1ba204a4831e438b9f63c66f92ae63918a06f8262998b418
SHA51279f6201c7ab6d6a0c1cd10b7e3b672b3824eb63ff9d26c5ff310d67365d389dbb8605518695f6e8a5e77b0c3e211f13db0d56055859ad702ffea18065577ef0d
-
Filesize
180KB
MD58b2010c568b43243510f3e819e021ffb
SHA1c10cf6ffe50a6c82c436295baab70f9f59447986
SHA256adfddf6565e1bf342c5c3491607c2c718c530e6ec583afe8e2be791367a9057b
SHA5122c9764377499583dfe547a02170491e0f63aa80fae9b69368d4d1193e8a46a36f6049f486f7ab0b6a6fdd3f65e8576768d70d1db9591b9dc5a122df6a12df345