Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
22-05-2024 03:47
General
-
Target
2024-05-22_3480295d4e449a8897d32a9760a2c882_goldeneye.exe
-
Size
180KB
-
MD5
3480295d4e449a8897d32a9760a2c882
-
SHA1
0e37af742a4d29d767527f2f267b82e2af391e99
-
SHA256
42ce85f9d05ea1ef4f8679053217fa684af0f466a68da1a517649ae5e0ee952b
-
SHA512
0b13da85699c3d910df00a298e460a1803a84c03aac726914c21190ac09f71c59b0a609f79cce1e61ab4ba1e18a6bd4731910c02a674e8515a7b0f9a3615c897
-
SSDEEP
3072:jEGh0oPlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGJl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-22_3480295d4e449a8897d32a9760a2c882_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-22_3480295d4e449a8897d32a9760a2c882_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4C31950C-3836-4ee9-83AA-B0CADE54A8F5}.exeC:\Windows\{4C31950C-3836-4ee9-83AA-B0CADE54A8F5}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EC57B8ED-5578-4588-8CF3-609770DEC842}.exeC:\Windows\{EC57B8ED-5578-4588-8CF3-609770DEC842}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A35857A1-A578-474f-8FBF-04384A7106B2}.exeC:\Windows\{A35857A1-A578-474f-8FBF-04384A7106B2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E78EA467-FC62-41fd-AE4D-786FDEF09A3C}.exeC:\Windows\{E78EA467-FC62-41fd-AE4D-786FDEF09A3C}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B690DE63-67A8-4ffd-8970-BC9AF461AB16}.exeC:\Windows\{B690DE63-67A8-4ffd-8970-BC9AF461AB16}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{71244DE4-6240-4506-8E84-49CA8A45CCAA}.exeC:\Windows\{71244DE4-6240-4506-8E84-49CA8A45CCAA}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5E986C13-1667-4c0a-82C5-43A5D176F3F6}.exeC:\Windows\{5E986C13-1667-4c0a-82C5-43A5D176F3F6}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{475C51B5-B38A-4758-AB60-74727A542F71}.exeC:\Windows\{475C51B5-B38A-4758-AB60-74727A542F71}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6542DC4E-12BE-4c58-AF93-C5F82446337F}.exeC:\Windows\{6542DC4E-12BE-4c58-AF93-C5F82446337F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D291BB8D-E665-44bc-8EF7-6FBC55237F7C}.exeC:\Windows\{D291BB8D-E665-44bc-8EF7-6FBC55237F7C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{44E39E7F-60BA-4b23-9538-428CF9E7F22C}.exeC:\Windows\{44E39E7F-60BA-4b23-9538-428CF9E7F22C}.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D291B~1.EXE > nul12⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6542D~1.EXE > nul11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{475C5~1.EXE > nul10⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E986~1.EXE > nul9⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71244~1.EXE > nul8⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B690D~1.EXE > nul7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E78EA~1.EXE > nul6⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3585~1.EXE > nul5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EC57B~1.EXE > nul4⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4C319~1.EXE > nul3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\{44E39E7F-60BA-4b23-9538-428CF9E7F22C}.exeFilesize
180KB
MD5401677181db0d36d7a33aa05e51923d2
SHA1624300cdaaa0de11cc9dc1bfc825d14e48af32ae
SHA256c13973ba3634a8b891bbd93002b07bfd24dc1a21213f415f4d91d18bcb43eadf
SHA5129adeeea357c638b1a1e004297485c2d47357b8203f4acd95d09d9be9be6d9eb393b81ddb759348033ac5fc05419a8700f764bfd8759f522b721b6df2030ec52e
-
C:\Windows\{475C51B5-B38A-4758-AB60-74727A542F71}.exeFilesize
180KB
MD5d3c0c0dad2870a5721ee8ac697f14377
SHA1adb9c3e652d5778ed956ce22fea052e2c3d5051c
SHA256a4a285ed6a9be2caa92507e63b8f32fc059c158572633553d17faea269bb27ea
SHA5125740642ac82c42c66da8ddf917c9fb0194ef1151608790a188e2eb0647d6a59729ae091956252dddbdb44261c4b8990f86633d56aba1de03e418beda82a01a2d
-
C:\Windows\{4C31950C-3836-4ee9-83AA-B0CADE54A8F5}.exeFilesize
180KB
MD5ff47af8dd5b9e697c388c7a9e283096f
SHA150074664682f3771960c51c341fc7d7b57c6b821
SHA256fae6a179f453c3564753fad212c923c5f2da62595edb3faf3eceda01fc18a4ae
SHA512cc4d26aeb468835fa2c8341c1367239342c92fcf665d928a7d28643a57e2e15fc2667c82687b5066724e62ab75f46cfa7bc0e2a3ea283c40ede5d7e8b8fa4df7
-
C:\Windows\{5E986C13-1667-4c0a-82C5-43A5D176F3F6}.exeFilesize
180KB
MD54e0fd942e78f9e5ae941888acea4d38e
SHA19d9084ea66fe90217df985fd9a159f1a26c99407
SHA256b69a3b6010f9a77cf5cdc609c7e01858d76d52e757da17a69b4f5c1a65f10c21
SHA512750c300f4c90ec7546828e5a7e18c349dfcf4fb682b88778fe4f573226ed35d86a2150b04dba1439e2c805123cce5a70a1120b8f30248619d233705ecd8ac710
-
C:\Windows\{6542DC4E-12BE-4c58-AF93-C5F82446337F}.exeFilesize
180KB
MD5f75fa4c0057520e3289cf77ae7b9e450
SHA1c0ef861b5564c0b54b3ed7702c31748cf1b70a5b
SHA2566c6967743756a8a0685e3cd3220fce611c6942cd8ba36b82af414bd9dddb3f03
SHA51238fd906efbe17680db41be19e32fcbb5fbd579d0c780c0ee9991878ea5c369a94aef6351fdaf15e5795a8f2589ee581f2466010f8c8543d35b96c341c6e06a38
-
C:\Windows\{71244DE4-6240-4506-8E84-49CA8A45CCAA}.exeFilesize
180KB
MD5947babe0b7a2c4a5798ec5dcaa9b411c
SHA192df28e2dbd6ee7ca125e237fd4b96095caccf61
SHA256f5a7df943f7265ef7adb1c903ebd457d1e14436e718111cc60385e5b80359cf7
SHA512b618ecf959e726bab5a89b0bebc3982873e715ef66fa33c993082f9bfc4e94f702aa587d2021d76a42fb953d9d363632228b149332e7530f50ed009461f233cf
-
C:\Windows\{A35857A1-A578-474f-8FBF-04384A7106B2}.exeFilesize
180KB
MD587383ea5ba4e40a5b8ef575b5e112be3
SHA119ebf9576bbb2a4c4af23c4be07b972423460c50
SHA256231b3855557b0ad7c6dc6b072afba8ed67aff9f0bf5fe327cd347fbe0066c0c8
SHA5124b63efde10299570c1255416547fe0280324c24a1e063a339520eb41d438e7ae474aa5e1e8a77062c6d8521979afcca68c51649c9eb302fbbbbf9451274d665e
-
C:\Windows\{B690DE63-67A8-4ffd-8970-BC9AF461AB16}.exeFilesize
180KB
MD582c4d9a986c82b993210e5ed69905d0b
SHA1a16098049b1d29f449984940a64a5012df278a11
SHA256db0b82fd60616a45ce6d0b3f70631ebaf1387c76beb6cde7d41b4446533f5062
SHA51250a44c2315dbe33143906b97a25adf65cadb4a74770e98e254d42c64407ff31c336e8b1974f51160d4f2586a5a9bf2f92bf59ae9d543115f88548416d1e02ac2
-
C:\Windows\{D291BB8D-E665-44bc-8EF7-6FBC55237F7C}.exeFilesize
180KB
MD57509b0d7398588edbb4157e309b110de
SHA1f111a2ba2c625e6eac2edec3caedc2342d62dbd4
SHA25640ffdf9ff88378cb4ffb3e14d1126eeafb90e7d7b0e4037f15619836f0a5d291
SHA512a4ac415821b76ca01638e174e876262a81a8d376c5dcda5d6c87c394614f047c71b1dae6b3ec58880823609fec86133702eb0fe98246bdaf5764dd18f07b1e1d
-
C:\Windows\{E78EA467-FC62-41fd-AE4D-786FDEF09A3C}.exeFilesize
180KB
MD5f3f16ae19ba1697684afcb5329417701
SHA1f100e16f0e04a5078b86cef98c7859b72fce9bb8
SHA256f9e6000736bbb0b2142f6e8955a2c79cd9220edee3b8a092df545bce5dfffb7e
SHA512fc596fc8b8295795f7869c07d3d751cbb98ab9cb21e4f3610c09ce42868721e557e8762e1c6e155c5cbdfe383990db5f3c140b982a6566540bc510a2626badb0
-
C:\Windows\{EC57B8ED-5578-4588-8CF3-609770DEC842}.exeFilesize
180KB
MD55af7e3a38f9769d5de33ba74bc35ece1
SHA177685fb9c3884d5db96db60cb43213069a280014
SHA256716f61a318b6a5e85ad3ae851eaed4a57a2e26bc0121161aa8544342533728c9
SHA512b8073f686b8b50af05adfdf53866f580beb45e53ca5960f275be9045b160ff4243d0e25c9491fad39d8c16493fe4b4e0af188f28849ed3cdf94ab45eb4086f00