Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
14/06/2024, 17:46
General
-
Target
2024-06-14_3ef7fbb7c3226131fe89452e12df0bb5_goldeneye.exe
-
Size
216KB
-
MD5
3ef7fbb7c3226131fe89452e12df0bb5
-
SHA1
abd94fc8456f7c5acc6f11167c18f7e887674e33
-
SHA256
f8c6c073451dbe3dc391ddfc2819f7ab249a062866d7a5306bd87c26025317a8
-
SHA512
3fc2ddf999e73537e1b6240426c994fcc50901924a5ddf7e1528c03fb8d4a2e1ec24ec329af3a27f7a54ee6be1e3700cef5eca9a8d6006318f21fc6ac2164181
-
SSDEEP
3072:jEGh0oyl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEG0lEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_3ef7fbb7c3226131fe89452e12df0bb5_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-14_3ef7fbb7c3226131fe89452e12df0bb5_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D329FCAA-5505-4d72-A9DC-1E9952A6F366}.exeC:\Windows\{D329FCAA-5505-4d72-A9DC-1E9952A6F366}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{739E1664-3A50-4c11-8FF4-55A42DBDA1BD}.exeC:\Windows\{739E1664-3A50-4c11-8FF4-55A42DBDA1BD}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B66E0A9F-0BB6-4103-B97F-3709BD3B754F}.exeC:\Windows\{B66E0A9F-0BB6-4103-B97F-3709BD3B754F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{77986156-F087-4703-823B-D83C19A2AF46}.exeC:\Windows\{77986156-F087-4703-823B-D83C19A2AF46}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C5221761-51D8-4adf-83CA-A4C110A63B9B}.exeC:\Windows\{C5221761-51D8-4adf-83CA-A4C110A63B9B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ADE4C42F-E02E-4c76-8BA4-7EBF53D501E1}.exeC:\Windows\{ADE4C42F-E02E-4c76-8BA4-7EBF53D501E1}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B8F23ED1-D155-4d96-9DE7-0DB8E1CD5E04}.exeC:\Windows\{B8F23ED1-D155-4d96-9DE7-0DB8E1CD5E04}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{08A1F5E4-4065-4abb-8924-F8A5AE6A3741}.exeC:\Windows\{08A1F5E4-4065-4abb-8924-F8A5AE6A3741}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F74A02AE-8977-4136-B8E6-FFDA82731828}.exeC:\Windows\{F74A02AE-8977-4136-B8E6-FFDA82731828}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{96EA127B-C158-4799-A8FF-05923050850D}.exeC:\Windows\{96EA127B-C158-4799-A8FF-05923050850D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{574EDEE7-404D-44c7-8C82-5504780700C7}.exeC:\Windows\{574EDEE7-404D-44c7-8C82-5504780700C7}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{96EA1~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F74A0~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{08A1F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B8F23~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ADE4C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C5221~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{77986~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B66E0~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{739E1~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D329F~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD56be52ffc112c2ace6447afc690d689c0
SHA113c85bd1e755f633d3f009d0d7a58de4b5e4f7d1
SHA256c6bf6bc7e05de3d586903d23a425a81b5383c350aed3e82e92c37d7c56755786
SHA5120a976a0cd4e42d93db690f5154ec8f170331fe7839b3aff8fc2d13e174a713e1e28be081084287780b406f71cc7a73b4ef6008342ac6e572cf5e603b6c37eb48
-
Filesize
216KB
MD5446e0ba9e8df988fce4fea9d897e31f1
SHA1b87764d4eea2c5750de70cd02b657b83d5311cf4
SHA25676c436f002d8a0dd32ab8ef6275fab5ab8546b4fb821476f5aba2b613a203d96
SHA5129140f227d27a414ba0f43a4f6b291e698caa7e90a2557a0b81e2e1107deed137ab5fe73fcfa4115407f170219f0d70b98b26af7af2295a8076df674e71be53be
-
Filesize
216KB
MD5417eac88d8d784f349ac8a7f33802825
SHA1ce369bd2db76667e83450da39cbfe3b81b8642c6
SHA2562ccc3f29ae0b849aa019368c7c55ed83fc30fb363f71fca095c1a697e5c1975b
SHA512be381d544a008eeff12f27d7f45c2f7b7389c0192bbf62b98753c504d39969228ca9e70362bdf3bda68db1c50d755111d0e2b1b8ccfade4e8d04b1471c9ed70d
-
Filesize
216KB
MD5403da865deb12708e8a926ae19e3f00d
SHA1d823c9d4aa5058f3771c69c0095e5fe61a50e8e9
SHA256a2cb26068fa8ee5382a82b9dfbdde56566e0123538c0718b200d47336ace14a0
SHA51280957fccb9e936bfab357304e02e29129d7a49e8eb0b7a70740781394ab024c4b7b8a440d51aebeca45ccc4eefc56aa4ce0703fa43ca3ca0e527922650d861e0
-
Filesize
216KB
MD51e9e10fc4fd09a7bb65272ca3ccc445d
SHA16bf3200180e86bee4f57107a82e4bf152ca013c1
SHA256de55e39310d6eff1d0dcaf0dfea314b78ecb8183d569009718f640ad1e956a94
SHA5129f7543894e9d7cb8d4aa9333c94b0617a45e67eb69dcdbe19a3cc58fc4e84d7f132f281680400acc27601dcf8d292137cfec2bcf2f48f68dc27fdf021017db49
-
Filesize
216KB
MD5f0012fb0d4287cc275dfab45cb175ff9
SHA1ae74ff107cd2676bd556bb6a4a6324f4041190d9
SHA256b30737597bb174a7db81a83daa1a833fa9db4186f1793aac98983539af25b3cc
SHA512f057fb70252dc65a220bb1a138f2acc47e4c9fef2b1b6e1f468e922948e5acf4b344887e9254f5413bb623f22f3cb5b42c249dca92fbdb4e4276882d0dbbce7f
-
Filesize
216KB
MD5d1ee2cb1c8baf3c15743304135102e87
SHA1e0ad77a33b1f877440050e7a5ea15ca77bf19418
SHA256be6a0faaa28861dbdf02b05df34caf1a672052c121e59d9a2a010526fa4f6acb
SHA512e8fedbacfd0d0f7772fd670035bace6131890b211edee0b7bc60372cebf668f0f698dc718860e8545857f1a7471593ee4b7c0a0ead0e4c93cbbf5bc4c6ed054e
-
Filesize
216KB
MD59b9810abef6d1d1d2261875615223beb
SHA12cf4f4adeca50bff021d757429888244e41eae7e
SHA2568aeaa88acaeda4dfbd398a6656e188418579be60b6365570798852b5d0f993d4
SHA512adb368b2d7fbd25c5c154ebd9d5e6c4b8cb6d1820ca9bfbc045e1355ede661811a4ac534ee1d46eed8ddddf9e3bae4b6a4d79652d46b2b24192f49a363c532a6
-
Filesize
216KB
MD57b499f4e3fa432d6d70a353590801171
SHA124c295b62b842d5593d4d31a3625e11f7038c176
SHA256a311db0933c25a72bf5d7beee78c2e3546c5056d516aa953de50028dabfea0c4
SHA512dbb7a8d741e30d719d176d79466e0b5b6731b216dceabe5f4484241f01d78d0ffa2f1fb4b2e6754869ceee99a22aae2b855664a1bf56ce91f31a83daead2a12d
-
Filesize
216KB
MD5d4b7f1ae28ee99096f2bc29e7938958b
SHA1808dcd78c0b6dc3c808286f0186f876912a2c802
SHA256e9e5930d9b07c7089eb9e3d43107bca9237d1f1cd1e7edd663fc171227566e66
SHA512f7aaac954df11170d3f10305e6c658eed349ec3b708526a981a94fb4f35effa02903c05f8396daf2c961dcdf48ecf785844ebed209ba520023866634c3fd6ed9
-
Filesize
216KB
MD54d4e3825362c74e628361e19a0bbbca4
SHA10e0e2c27398173b77ece756f8303236550210a45
SHA256a0d10fbdd13f6a0bffbdb4865fcadd0579e2e38806b6cf3ffb5411865ab1b02d
SHA51237b72a7370072b633396af0cfe0128b348ed13aef6b5ede55911c8cdf8957289359c719e059540e98709b56fbd7fd6925f69ffeb94765792d4632f369a4677d4