Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
14-06-2024 10:42
General
-
Target
2024-06-14_6437dabae7d25257bb573a0b73c6042e_goldeneye.exe
-
Size
380KB
-
MD5
6437dabae7d25257bb573a0b73c6042e
-
SHA1
3b7b445c4a9b759d1eefbb5b83c61eb682bae8e0
-
SHA256
f3f4cd68fdc8e51433cf2ffd0d259b1a11e7b24e1c55e15fc406ff9dcd7b8cf7
-
SHA512
a0af082c0baa99f0e7cf6d3124a1a71ff448af3ca1fe763c0c71bb52810ba370ed23ba00d2d92ae5541ec4235c2e521c2b9f70d3d7b5aade1869397f121da5c1
-
SSDEEP
3072:mEGh0oklPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGml7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_6437dabae7d25257bb573a0b73c6042e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-14_6437dabae7d25257bb573a0b73c6042e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{782A4978-F7CF-4249-A9B4-B5C0C6ED7DC3}.exeC:\Windows\{782A4978-F7CF-4249-A9B4-B5C0C6ED7DC3}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2DB76E3E-43EA-4c8d-8226-5655E6ECB2A3}.exeC:\Windows\{2DB76E3E-43EA-4c8d-8226-5655E6ECB2A3}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{42F20FD2-4115-4491-B934-F33198FDF1A7}.exeC:\Windows\{42F20FD2-4115-4491-B934-F33198FDF1A7}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EFB5D98F-DC22-4144-AC4B-D53CD2753E5E}.exeC:\Windows\{EFB5D98F-DC22-4144-AC4B-D53CD2753E5E}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1992470A-AE22-48fb-8B9B-9A932206E874}.exeC:\Windows\{1992470A-AE22-48fb-8B9B-9A932206E874}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{62F5944C-56F8-4ed8-8FA8-F858AFF3BCAE}.exeC:\Windows\{62F5944C-56F8-4ed8-8FA8-F858AFF3BCAE}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{920484B4-2154-45f5-B810-FB5590FE4D0F}.exeC:\Windows\{920484B4-2154-45f5-B810-FB5590FE4D0F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3823AE01-B20F-4eb4-B4DE-F688C8C3A22B}.exeC:\Windows\{3823AE01-B20F-4eb4-B4DE-F688C8C3A22B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1AEED756-C3C0-40af-ACD8-16D492495E73}.exeC:\Windows\{1AEED756-C3C0-40af-ACD8-16D492495E73}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3BEA6AD6-D401-47a2-BB54-F5036CD10944}.exeC:\Windows\{3BEA6AD6-D401-47a2-BB54-F5036CD10944}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{38A4E2E4-AAD2-4b8b-9BD4-9434A8291732}.exeC:\Windows\{38A4E2E4-AAD2-4b8b-9BD4-9434A8291732}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3BEA6~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1AEED~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3823A~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92048~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{62F59~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{19924~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EFB5D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42F20~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2DB76~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{782A4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD50f490711e4ddbe1eea829e4ce95a90d2
SHA1e9ea3fb97d78daa0612fb1c94be52ce43ae36744
SHA256eff79b2428b496607670eb0bd09143260016020964b8354ce344b488375bfa0e
SHA512f3641a5cdb215d2134fb2816a26963d755654928363efd93e043b95a1ae52e54c4bc7ea78d8f7a961aa7986bf5ef6e6b98496cefa236a6cc2655d7db784e340c
-
Filesize
380KB
MD51af2913f28cfc27c6e702cccf620d29f
SHA1b3e35c92afa686dd6e08564f39a50218f59d6247
SHA25657e3f9a3c7999a037e7d88723b4831ec9be7b7ee6aa8dd795bd99b174f535e9a
SHA512b1845428c2e8579201f74cccd2ed2729a16212b9c1e87cbe118bff0c3e86b78c28a24d7b4f512581304237aa132ecc3fc1a8f394c2d770ff17f578baaba2ffe3
-
Filesize
380KB
MD5119fd99b939e8c8d3ff7137adcbf516a
SHA1e8f5e84814970f271e09d34fe4432b1df833c82e
SHA256f783960eccfeda1774bbe67e9b68c10eb1f5a82478f3cfdb12b40e7c1877ef96
SHA5122fbc4be28bc4fd1fef3bf38fb0f8569430e65b296e4f5f7996832007bab815fab846fcf8dce0f090b18e51ca0826ae8ea6f2f3819a22e31122b824e54f977449
-
Filesize
380KB
MD5afbf778ecf8d9c759ef920153a5660a7
SHA14f1ac9ab2cedc3bf2331cace28e235af171175a2
SHA2565bb06672cee37df0120edd28c331fcd271bfd8c3a342021e3883a11b3776f4d3
SHA5129dcd248b063527144494c24d6a73f72067b7d36f7fe9c105af952332e72964fde53c47fc8ca90884b56bf884924e3370a529dd43a84f0725b5eb7bd4a10113d3
-
Filesize
380KB
MD5597938555ea5ae0395033f0fa3ed7f59
SHA1d97d0c135b6803ba605c4ec4a97ca9e8ec5c8ac0
SHA256b4d52f8ada83120c25502567e8505e016696a8a538d5471aa9c52b7b6a580abb
SHA512888aeab05f314b0a498ad36a54085b7a46bd204add383d8a7afe30673a395afac9007965180f7599bee9fbcac7a5d93176b3954f091bdc15a2b3a298b93b3e0b
-
Filesize
380KB
MD51358eabb0cc77a8fabf7a1ebb0e629db
SHA1342890986d3e0abedfc9a8cb8e551818736bce82
SHA256002a1c426222b81cf1c6b7212800cbc277fdc7a7e972a2b1e91077b81a9616b6
SHA5125b47501e959d13e959398d5547f669781d35ff8798f94c76dc7fcad20712807e20fc3ca32623ee0b75926b6b23981e45b078aadd1f82a05ef1a9d213cb7bd53b
-
Filesize
380KB
MD5e03bac61038285fe5939193271f1bc20
SHA112fa6503cbbd04fd7c660de4f621e4f91686dca9
SHA25672d32ab0cbd74f9b1504fbfa5c73eb31a8b86750fa0403eb749bc99b1d2f1ba4
SHA512f05ee8dd216ca5d63ca3c4f386bbf1de1df9900f6c5ad26b7c769d0df495215873f379928ef5cc084c0b122bac7ea5d869d728b257bf648668d2f7040f4842f6
-
Filesize
380KB
MD5bd7ac28aab12a223380ce19bd0080e7f
SHA1ea6c11f7fc0ad8054bb5910bf86f27d311b3d5cb
SHA25643a56c9e0b3718fa188a43b3fa9d36c71732e0b84ac1a2babd19ecead8210202
SHA512172cf1b556e8d054138a1c45d807eb0b36e9ce34bc97f14f84f80fc6a1573030dde94d8c631eb7a126f32d3b97ea9599ccb60138a5d0a4f6661129662ac1f1bd
-
Filesize
380KB
MD559b1128e2ead740050da73b600ef00f6
SHA10e24c778c7f4f35baf02bb458c6866a5c7b6b1ee
SHA25664de31c642eb306daafd3e8374aec98dabfe4ceb678f280fc99f77964e8980af
SHA5126b7113e9ae4057b9bef369a8cc3d0ac0bd145af35c0069f828af3bf798c27a2b55caf3b22205d2cc71b0e7d9fc19d57de47f9935c75ec5ec19f29d59524b2860
-
Filesize
380KB
MD590672a7b10361b2acbbd446359ce598d
SHA154a1bbbe60fbdaa850e34997cceda43c9ac28e67
SHA256f12ed9eb3fa70f6d5e5aada8243c85db20ef5571a2e15dae993f308fdde3857e
SHA5126faf968f8c8b0ccbf87f214b5ce839363e9529e1c9660a84401d843bbf846b2f0942ee0d8d0de382111f756b0bd2ba85264ce7e457d1d95e4173af40a51a9a79
-
Filesize
380KB
MD5c07805cdc49f2c4ed1bf848dc22044ad
SHA138db1dc364b1a5332ca34aa58f9353c5c61c8146
SHA2563f7c68e025aacac106c4e98e6192d7be9401df852c872fb3fc77beb54270bb36
SHA512e34a68cfff650d33efb6d19a8f828f10321ecbc997b750a806db1a20e4756cee05b9b1db34ef2d146a49ac10b9e5b2efcf710d1eaa42679821df07c396306f42