Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/06/2024, 06:15
General
-
Target
2024-06-10_cb44ac965e422f8952f5414ee7ce7bcf_goldeneye.exe
-
Size
204KB
-
MD5
cb44ac965e422f8952f5414ee7ce7bcf
-
SHA1
4e95b88e5fcf1719e0a1195e29cb61e198c1b89f
-
SHA256
f4ac51b546b574128c8beb747653cb497fc3e609cf4e9d84b09acc84d4f6bd8a
-
SHA512
fda731cbacde52ccba709275f536f408fdf73535577ab724d6e8da30c34808a2d4b35b10c9c27084ee04495fe0cccdef684f8cd18f8200dcfd1792404609e358
-
SSDEEP
1536:1EGh0oul15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oul1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-10_cb44ac965e422f8952f5414ee7ce7bcf_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-10_cb44ac965e422f8952f5414ee7ce7bcf_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4FC3D961-1573-46bb-9455-94C2026401E9}.exeC:\Windows\{4FC3D961-1573-46bb-9455-94C2026401E9}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9F626A08-92C7-4a1a-B35D-E121F012355B}.exeC:\Windows\{9F626A08-92C7-4a1a-B35D-E121F012355B}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CEFBF8AC-9429-4b02-ADC3-9132C5315A5A}.exeC:\Windows\{CEFBF8AC-9429-4b02-ADC3-9132C5315A5A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D17AE6E2-8236-4af8-97C4-8AEF310A9485}.exeC:\Windows\{D17AE6E2-8236-4af8-97C4-8AEF310A9485}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{93A57D61-7455-497d-9716-CB00CB2506A9}.exeC:\Windows\{93A57D61-7455-497d-9716-CB00CB2506A9}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2064BFAD-2E2D-4b3e-B1A5-19073CA934F2}.exeC:\Windows\{2064BFAD-2E2D-4b3e-B1A5-19073CA934F2}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{14CBBA54-F2C2-42d7-A4FB-3A3BEE20E8B8}.exeC:\Windows\{14CBBA54-F2C2-42d7-A4FB-3A3BEE20E8B8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4AE9C180-211F-4a28-9FEC-EB32123E5685}.exeC:\Windows\{4AE9C180-211F-4a28-9FEC-EB32123E5685}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C14F1EF4-0908-44e9-B2B9-57E983785088}.exeC:\Windows\{C14F1EF4-0908-44e9-B2B9-57E983785088}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C90943F0-961D-49cb-B07A-C7D8305823C1}.exeC:\Windows\{C90943F0-961D-49cb-B07A-C7D8305823C1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{EA29C67C-2782-4d31-967A-3CB1E9551CDE}.exeC:\Windows\{EA29C67C-2782-4d31-967A-3CB1E9551CDE}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9094~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C14F1~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4AE9C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{14CBB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2064B~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{93A57~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D17AE~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CEFBF~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9F626~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4FC3D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD57e703ee40474b8e62d433c463fdcfffb
SHA121b72cf872404b3c23ccee77813ac468c311ccc4
SHA2569cbb1420d3c0dc1476cfb62b215a992f4b733c243a92e0d89d9871a5bf65f128
SHA5122f0548945f7a87b2ef845500195e3e76f1c57ff9677f9ab6db3dacc58b0cb36ecda0fdc41d19b8594cc06e925105dcb292173a61fd512d461177f92269e125c9
-
Filesize
204KB
MD5ffe7fe0af28ba7204531d870046b3e8f
SHA175156578248b0e807df3b7b1cb24c4b11c44395d
SHA25659620e9fdf7d7557e614645f09a34b9833ecd517a6fbabbbc3a9fc670611fcd1
SHA5121dea556aed4c267e89a4b85e6e1e62c15d52bb755236b7258b03b7c5c2d6aaaa13e9b313c84dba7689926b6158b5aa475138a478e6e43b7c7f5076b5c5c85b0a
-
Filesize
204KB
MD577bebee0fda9b5208657b9c9fc12826b
SHA122315f3e6ce334682417c4840461d471fad81e12
SHA256c55bba6c0b923137fd52c41db2ecf6e17124812aeeaf6ace195c5f452f44db55
SHA512ac930393dca6dd1a4f292aae9610154c557b8c1646d60d5790cd96474979ff10eaa4f3ac299fcff760a53a6ba326fe5c81fee1535ed31ac2b59cc97893f4f754
-
Filesize
204KB
MD5c87039f490981e2d17616808dab8a5de
SHA18a7dcf082c8ae3100a1a8c2fa6b9afb6079d9b93
SHA256e536fbc28a75da3a81b4991c0aa169f1847ed4f092cb333691eefb1b3453458c
SHA512ae421292a8fce4563f8ce6046f8187962987875d6afef5c6b69d1d59fb44a6bf86fc9c5d860b2236e1eed5edf1e278473919ed60b4386c66e97ccc11f6dd8f85
-
Filesize
204KB
MD546c69666886cf7c4f4881412147d31f3
SHA1084ee89eda2aef1948a0b6be1845f25ce19d4c05
SHA256cf4697a8cc52b25c15aad9f75a8334b9390978d5e9228b94046c3b307c958e24
SHA512094b313d92b6a4e82d43aa1ed3c91d33fa03206f998d832c47818996e6b310ae62d3abd0e57dbe62f96fd24dca4ba4a5c882a6bfcb7f31987e02ae4cbdba99ab
-
Filesize
204KB
MD52c4e1ab8b7c2c70d951b6749dc0f1bce
SHA104e94f2ac92de9770bb2a90f494c22cc114d21e5
SHA256b0e7da068f6b96450ac3b01e958d4876d588af2febe3defe286c5b496fa2fbc8
SHA5121b66b348ebb29dfc31f09c27cfb3d0f4b703fa56fe2d8e5cb3bf305751a1a94e603f19641d97637da45593b87344682d580a4d5102c8ed9584ec2143f8fa1882
-
Filesize
204KB
MD56f99b92dbda288b3440966dd4d9a4e22
SHA17b0354e4f5a9c281726e28508122a8ae408a53ab
SHA2568a2ad5c2d4d2c50871a501874e4848476ef5c29e15111491b5fb0941c5a2b73d
SHA51218141bc38d7e6ed22e2380ea314c55cadb0e48ebfbd53b2439e9e37ef4e7a826261ec06d443ed0ece7ee4663822e0dd74b9609b45ac351d117af85d2e6f8fd9d
-
Filesize
204KB
MD577355a2e6e3db73ef5fa12cb9668d4ca
SHA14010c57f722367b94e330a1aea52c29c641e58b3
SHA256f7294e5129f68538bd676715df6327277dbd02e20b4e2e0636c1afaf9f28b98c
SHA51265b5dafea135242e111491476d1740e6ccce87b8ef70a22b9422aec3ed54bae8c6627e3f0715f3d9d1079822a7c00998dcc5dc2e682a40fd12669108735e948d
-
Filesize
204KB
MD5819d15b557263901e6dd99e388e7810e
SHA1af4f9b45f46cdc6f4c5fab0589667a9c2464b7ef
SHA2569fc3004961511b47ed4863ef5dd8a1fcb58ce84e34e8face74cf6bbd86c4ba03
SHA51268721c01906d8fb1d716961a77e5078bc54c5ca719f40cc2ce84260cf6bc424109e3162d46d2073088d200c000484a74c06f372a480b962a1113d4e11413ab4d
-
Filesize
204KB
MD518b4f94d9c2ad1732efa24e89b5bd45d
SHA16d784b899028af80ada86c4847dbed835d17b4cf
SHA256dbc058e30bd83ecbad05e6f93a550d9840d3f64e3f9422a79a38f87cd68489a8
SHA512262b3b2e8e4e2440fd551d8a3bcce5d796ec897cd4e4d9c2b342c5b130b56131fcc462468b5635574376e8c5b5f96cd9cc0fe7ec43f29104e01adeb11132f83a
-
Filesize
204KB
MD574271e053a0226fd43a4e200cc23aadb
SHA19e54ed8a1f32c854859e94657308b3a79ebfcb44
SHA2566bbb9fafe3598fbab4163cd977f1897682ee890614de33d8154f06de1a9cefa7
SHA512399f11f3bddfb2148302668053084ce3789cba7237912468a6b662d752b55f1ab8fc39647cb66d1a2c62436dd6772180976e29393fc7138a500433709067ad41