Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
01/06/2024, 04:58
General
-
Target
2024-06-01_57a36226fa578947489c80ae163aa9a6_goldeneye.exe
-
Size
344KB
-
MD5
57a36226fa578947489c80ae163aa9a6
-
SHA1
1229c580f2aa536cce3f10e67ffd588b80cc9669
-
SHA256
20f2b14cf8e1427b0cf75e87d6174fbaf1235cc98eca1eacd805c56774c1f433
-
SHA512
9bd20e3f8b501e660ffb613cfc59f8556ac1a8ff1a393147373397f733e5b1d12930b982e88e783f4f0463cbdac496cd26f4bb62062f7cdc72cbbb3740c41379
-
SSDEEP
3072:mEGh0o4lEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGqlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-01_57a36226fa578947489c80ae163aa9a6_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-01_57a36226fa578947489c80ae163aa9a6_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EE99B23B-8996-44ee-9225-B5DD1BB654F2}.exeC:\Windows\{EE99B23B-8996-44ee-9225-B5DD1BB654F2}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{22E576D8-265C-4fe8-9AD4-FC601265D553}.exeC:\Windows\{22E576D8-265C-4fe8-9AD4-FC601265D553}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{71158F5A-D821-4212-831C-FA202F7573D0}.exeC:\Windows\{71158F5A-D821-4212-831C-FA202F7573D0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E5AAFF2D-7645-4609-A618-B5356EA460F5}.exeC:\Windows\{E5AAFF2D-7645-4609-A618-B5356EA460F5}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B534C9BF-7670-4077-9095-48B361311DD2}.exeC:\Windows\{B534C9BF-7670-4077-9095-48B361311DD2}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E43FCA26-82F7-4c88-911F-339997906A7A}.exeC:\Windows\{E43FCA26-82F7-4c88-911F-339997906A7A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4B3849A7-68A4-49cd-BB2D-7ED356A9813B}.exeC:\Windows\{4B3849A7-68A4-49cd-BB2D-7ED356A9813B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7CC5DD09-C8A9-4358-99BD-5DDB56E9DF72}.exeC:\Windows\{7CC5DD09-C8A9-4358-99BD-5DDB56E9DF72}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B7799D3E-64AD-46cd-B324-3AEE2F86C13D}.exeC:\Windows\{B7799D3E-64AD-46cd-B324-3AEE2F86C13D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8DB4F687-5551-41d3-9765-32B31EB3B5BF}.exeC:\Windows\{8DB4F687-5551-41d3-9765-32B31EB3B5BF}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{24B2608B-7767-4b72-BDAF-746958A095BD}.exeC:\Windows\{24B2608B-7767-4b72-BDAF-746958A095BD}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8DB4F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B7799~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7CC5D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4B384~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E43FC~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B534C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5AAF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71158~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{22E57~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EE99B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD56c4c2926b7bbd898999fe7ffad18f6ce
SHA1e2cd31f1cfe399a4b4b51317a4bb37a35cc3d307
SHA256d27b5b889a9eacde2155540e1a448039659ac5d66fd264404a5b8d121a747f08
SHA512dd610a2263ac42b2cb276ab83d5650329302b28f2beb0c479e8d8fc1975e9b27665e1f62de2a70d2dd7e5af11bcccb3844b17cd8a4c9c099ad51a2ebedcd139b
-
Filesize
344KB
MD55cbc33e54a297f25c8feb72587223e3d
SHA19cbbb30183607357f8521d9d0f557df872169e3c
SHA256036ae98f828a11bd39c153d4edac963824561a5951bc06b568dc4d0ceac0e7b6
SHA512b75872eff458eafa17ca4cd81c78123d616d2f6e2107265d41c77be8acf8560fd6e7811dd00fb7c94fc04b11dd002b4b66dd6811ef7359e56d22bb596cacd805
-
Filesize
344KB
MD54b04f1c57edf40e819ee5ec8a195396f
SHA168f755008a1181e9bcff6ed9f1e08e93a7ab2fd1
SHA256ddd0e73becc68e1967caae2b1141eb8d4fab55e242b6965bf0532547884b98a2
SHA512409390cbd8a34291106304d60fbadcc8f9fa04978cf0aa8ff92a63ae0a7063bb78ceadd3e7f42af589201e77e03a8b67f6fdc6797bf903d5b6b10c205b24eedd
-
Filesize
344KB
MD55325ce0c3a1d1af85ee3a91130374228
SHA1ca94295e3c227ee736ff17f556f2fc0e75edf19c
SHA256abca584641ca6d45d87b57945305dba75911eaf9682a1442ce1b63bfd929ab0b
SHA512bbfbb796590d4d8f5040b9c71b080b172ed6ef398673ec7688198b2f215e9755517d9c2e9c52ca83079ebf36e5a3eb7bb1eb552d4a8cf15628a4a8865a9dce50
-
Filesize
344KB
MD5948c49dbb69fd9929472d22ee5fa6a08
SHA1a86c4884249bdeb7723222c1ddda8a979c55ea2f
SHA256da4c11e75311cc1dce0ac1baeae8295463a82dde690e673328cacd3e0d9e80d3
SHA51262d0d6aff123deae74870367124ca91d9e520f74d0674ae8aad7781a89b19cd760ae669a3196d2feaa3e63f0bbc3c01762128c7cd0178f77f208542e07e63763
-
Filesize
344KB
MD5a1ab0a314e70984f51bf4f3c2b0382f4
SHA1b387179ff67bf311ea38f30735351031eec16e0f
SHA256f07259a9bfe2b3465cb668e32b5ee1f960445122c3af1455e5cb2d0d28604ef8
SHA51230d7fc428200b9742b823e7ce52e461f7ba64cc46162cdeb977bd52f4d3056644863ea019e5fe523d7a199fcc8bca1b23a10d395792da5152adf48c2931bd05d
-
Filesize
344KB
MD5a1f5bfa7b3a66b56003ca42b59506454
SHA1b779f916f46d2aee5d40547e586f711a9bd4399e
SHA2566dc97d3db7ed86df8c7a122f804c67f412c8ff0b5a12f433976a2772a54d4b9a
SHA5127107f17b472731f510f9543587f09ae6071f014adb5a838699a264feb63d384fe837c502b65212690e504b470fc47598a53d02081c20cfe7b16018734b26c7db
-
Filesize
344KB
MD5d73638ee059234f3b10e7d754aa19f0f
SHA1dd145b22369ae79783f9b8e5356f966528c41445
SHA2569278e8530e2bf764b468d179cb064ce9cfa7cb3c3614af2667a68bddf59bf9ef
SHA512ba5d6458e7bccae105d9ec3ac070c7ab5ea8a4cb30862b0b2d89687428b90f7915e1999d41e40c34df2677f943fda622041ad255511aa8de18ba6a17a888bb3d
-
Filesize
344KB
MD57765beb0be7ce77231abb433f118635f
SHA1e3c771166d10f6e6dc53df9cdca4ec6b3ff7da5d
SHA256daf88437f58c0221c4c4f8be1e8f8b0cb6fc96a8effbc8fb08ce6555af0ee33c
SHA5120b5dfae189dcf4e7777bfd1c5e55e43079a1b6d9ee0f139d38d8f1fb8992378cc99b6aa8cada72e91a8b3e1d54c53befaab2399fff18f934a29d218e2c28af80
-
Filesize
344KB
MD55cabc75824d449cb98c52c6a15c14880
SHA195a1f2d11495ce1da1f6052f0ed17c88f1b93c20
SHA2564bcd6bd03ed7c03202bb4f5e383aed0d01b00a63bb54b7ca353fb5e201c6b08b
SHA5125986bf3670d939c140270e20a66f86adf30d7a42400a8eb3db38146fbb5ce4834b9d2c03bb8611e99306808b4d3488603da8374f59699b7f11fb3249d9bfd10f
-
Filesize
344KB
MD5ee925d1b70e74800687588ec7492f6cc
SHA106fccae96d40997da92824c471d6d76a0410315c
SHA256e9c81a63b856321471ebd62029be4b2a72205d3945261f0118ab6b78d92ce916
SHA512e47f2d30337a79e07ebaa0c4c019b57476f59430e207d2f520f1494523ca2b7ce546159065f00048f0c07df20d094761a2fdc6b2f000a0108a484873f66e3da3