Analysis
-
max time kernel
144s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/06/2024, 07:24
General
-
Target
2024-06-10_7406e49c5c5c0eed317bc1b64e61bbd6_goldeneye.exe
-
Size
344KB
-
MD5
7406e49c5c5c0eed317bc1b64e61bbd6
-
SHA1
38bd5e0e0b2b5d3e65685df9526d093b0f372c0c
-
SHA256
78c0bdc3e6e95392c00788073149173320093427d91da2fda64c9bd17faa289b
-
SHA512
f2810c9b06602ec3f8a33e6e5b1ed1b05ea7c24145c0865492bcb1b9e894ca65b9a12a7423154b1c1f9f4cea5cd21689bfb1b9922c55983527abf13701126efd
-
SSDEEP
3072:mEGh0oMlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEG6lqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-10_7406e49c5c5c0eed317bc1b64e61bbd6_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-10_7406e49c5c5c0eed317bc1b64e61bbd6_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9A91EDCC-1CD7-4eec-8005-7B987B1166F1}.exeC:\Windows\{9A91EDCC-1CD7-4eec-8005-7B987B1166F1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8E4A2323-D4FA-454e-8DC8-EF1F309AE576}.exeC:\Windows\{8E4A2323-D4FA-454e-8DC8-EF1F309AE576}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E115DAFF-E77F-4f6c-B9BE-9D8FCEAED282}.exeC:\Windows\{E115DAFF-E77F-4f6c-B9BE-9D8FCEAED282}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{39562429-9DC0-45d6-B1AE-A51E3F0DD200}.exeC:\Windows\{39562429-9DC0-45d6-B1AE-A51E3F0DD200}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{12BE75AD-0755-4df3-826A-51947C8A7BEA}.exeC:\Windows\{12BE75AD-0755-4df3-826A-51947C8A7BEA}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4DBF08F9-BAA0-4852-8142-DB7EA926431E}.exeC:\Windows\{4DBF08F9-BAA0-4852-8142-DB7EA926431E}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA5CC6D1-71D9-4b90-9D02-21B4D53453FA}.exeC:\Windows\{FA5CC6D1-71D9-4b90-9D02-21B4D53453FA}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E9502D4A-BC61-4b93-8B75-9B29F850B2EC}.exeC:\Windows\{E9502D4A-BC61-4b93-8B75-9B29F850B2EC}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0A942273-4F00-4a11-BCE8-211596649439}.exeC:\Windows\{0A942273-4F00-4a11-BCE8-211596649439}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{63577FEC-F951-4512-BECB-8C963AA4BDF2}.exeC:\Windows\{63577FEC-F951-4512-BECB-8C963AA4BDF2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{79B453DA-720B-498c-83DB-9DBEAA6EBEC4}.exeC:\Windows\{79B453DA-720B-498c-83DB-9DBEAA6EBEC4}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{63577~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A942~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E9502~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA5CC~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4DBF0~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{12BE7~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{39562~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E115D~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8E4A2~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A91E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD584c01886b6463f8a58d63c0a02da9903
SHA1318257054cbdec668a0000a6094dc4b7acd82dc5
SHA256a315c8aade21174c5285dfa0b3c7f463dc251e27287ef93d876e1823c0345ce8
SHA512656b71c12e7e2f199c1b7dea21ce45703b0c1cbad528bbb8c62a79f5fa2dcb7e645f28c6bfc7bc9c74ed47df75210623a94cb3ad29356dd3af24996475a42b46
-
Filesize
344KB
MD5d3bb38cb6f2b8c6a46d5f92cac15d91c
SHA1b03dbfed6953ee37d861e58f2a70c2b045c5e751
SHA2569f1cd2d3ca089be69fd9bfb3df20fdc8da8d879cbfa32dd7e3b75bace3c84dd7
SHA5125166cb956ce89ca037baf46c07283c9f909394f9ba9315662656094648778625b9f46dda65cce19d86adb2cbb38d17838a4f0bf243e7f813e3ac0f226fadeebd
-
Filesize
344KB
MD5e50506418e3e9010871308674fb35081
SHA1d72c79b28d7dc16ba86b98eaa3799cf9a0f4fd7d
SHA256d875172873210d1006ef8ac092af0eb79b631516b21f429774877a10c83d9440
SHA5126464cea873b1a6bf96ec169be45da9b4c27a742509cbed091aeee03969b51663406533c8a101fa9196e080414e14812c690334893fddb598c3519e8d50f58f11
-
Filesize
344KB
MD5f7567609a654a4207a93c0d214264b2a
SHA11053197fc29b17203ff2de6e90afb46bb3585705
SHA25672c0952cd7bacefd7f63ec22d7781a69995200bbbcb05b2f6ccbd2ae9c6986af
SHA51275d0527faa7208de68c0c62ec6408d84f324efb29afaa040c2d2018ac50fdb6fec75cbe96f63ffafb49f9a59041d01a38ae993b83283e4ef6603cbb1f3e4f02c
-
Filesize
344KB
MD5a4e5ce7c9fdcad5c452483511442c8e0
SHA1a6e245b745e5cb919ce3afb93cee57426357a834
SHA256c65cdac1d7f0c76e07bc90d03358124b79e109518c93b060b77c04073b625c38
SHA512a4afeebf027c43babda63c50c572c864337971a689f6867ed3ec786b1f5cc11a00d39c0694eb6a6d3323dc705e72516329b33769260f3621268cff5b0292c4cf
-
Filesize
344KB
MD5520ed0ee5c1de6e736504961c64dc0b8
SHA13922b848eb78eea76ba561b431017c09c945dbe5
SHA256078d2cdb1d62a377a7ea52afd995e63cf585d1bcd8611272f845ebebe7255028
SHA5128d5a96e8c9d09615e24538d45a0742f7336f50be380a522f2b5e5b01ea27e499f769e461195cbeb9d49c5d98b0583c33370c590a393f93d8acf005c7a9123d76
-
Filesize
344KB
MD5d4df2201ae89c9ee8fb062fe8a8eb941
SHA10c9cfa9b618aef7f2950dd5aafba4ada799506be
SHA2566d6fbd3c4e035870cb25f1522076458e59e3c8db6c4108765d29ef9eb151b8ca
SHA512122f14b8fa95c5f298ae004fe548876f7a9f596dc09d7c72af7c2e3e15c7dfadd47ef3f30ee09452f985b91c1bdcca1390d7ee6de776c61e16e45930ae245bc3
-
Filesize
344KB
MD5a179d022f2f94f24e7df33a2a00c6380
SHA10e5b2340284acdc673e18e9f950f55ffabf0304d
SHA256e41835d4bdc502ebdccb815155769ca5ccf2bd0fe9f8799ef61ead69a8b2e687
SHA512444b81610f856d643277db743883fab8d555f966ecf488ff3443f541c802c82fbee03c5e21f52f519b9c6cdf1a3d22cbec50e857e4a064a32f3435c39648b03c
-
Filesize
344KB
MD543202a5b5da9d9d3236f90f41075e1ff
SHA1b40f04f034aa2d0df6fd393ecaa7a8d2f3421dfb
SHA25607cb3dac265b8a630d0c72d20c6dffc816b5e080142d3af21fa8c41f67acca09
SHA5123fb6a78b5f0b26106c6c5b95682119bb5e32de01e48dc8209c6df8891f394cca6a2a32eff519974d3c099f223a50c68942fc710e8d614fc3e51c6965dcca75d8
-
Filesize
344KB
MD5de06d4a115683f8ec957433a71d8e6cb
SHA17bddf032973c13027e9c39aaf593006708489323
SHA256cfa91dfdc4ffe04478beed026a224084d85b7e9be13748e89ee0293c8ab09340
SHA5128aa1f2cbb5e4b45d21fcda8e8eac45ca1129777567864c157050f15cbeecf68f8a06d63ed57119cfa9652939c547f8e442a07d2a9a87638461b20510596755f4
-
Filesize
344KB
MD513b480de32824de982ab6a8777d48d33
SHA101de0b8d62993bfe1bd5a787a98e1dd322866959
SHA256a2f57b5388161ac4db406daf9afd36b363290ffd44431a1be8299946ef5a5192
SHA5121aa41990b76ff9b061021bb968ead66d629507b03ae1b8eaa5550e3f99c568a462c8bd8bfc83e8475884019e1e25f2b47bf88ecf9a14388093ec079a633d0c4e