Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
15/06/2024, 11:16
General
-
Target
2024-06-15_9c8074fb888228dbea488d1e9bb9e3fd_goldeneye.exe
-
Size
216KB
-
MD5
9c8074fb888228dbea488d1e9bb9e3fd
-
SHA1
763ca5fd627cac8812839a2d2b6c2058ac8242b8
-
SHA256
b71f48546ba0351207f8092ed6545a69b724e3f8dadbee81423edfcc8b886228
-
SHA512
295dc7a2b861edf868e9e09311f1012b5c9213289bf4d81e3763c6d637de0dfca1b3774c3b7c4611d33b8489e1a76ce38c30721dcc61b7d237d779e61290267f
-
SSDEEP
3072:jEGh0oIl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGqlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-15_9c8074fb888228dbea488d1e9bb9e3fd_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-15_9c8074fb888228dbea488d1e9bb9e3fd_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{931C47BF-219A-43b5-BCD3-EB61A25DD7C3}.exeC:\Windows\{931C47BF-219A-43b5-BCD3-EB61A25DD7C3}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{079FFBF0-E3B4-4edb-9FEA-9C0F934D9D53}.exeC:\Windows\{079FFBF0-E3B4-4edb-9FEA-9C0F934D9D53}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31930382-3E08-4277-8914-1E6E7198D009}.exeC:\Windows\{31930382-3E08-4277-8914-1E6E7198D009}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{344E55F4-EDCF-424a-9157-8140490DEE00}.exeC:\Windows\{344E55F4-EDCF-424a-9157-8140490DEE00}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CFAE4965-E41E-4ef2-AD6C-363AD9365C77}.exeC:\Windows\{CFAE4965-E41E-4ef2-AD6C-363AD9365C77}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EE35F73D-5D36-41be-B207-5575E0D0463F}.exeC:\Windows\{EE35F73D-5D36-41be-B207-5575E0D0463F}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{65C09223-EDD6-497d-A029-E50929C39632}.exeC:\Windows\{65C09223-EDD6-497d-A029-E50929C39632}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9FC4734F-5FC1-49f6-A5B7-F87F40BD49DD}.exeC:\Windows\{9FC4734F-5FC1-49f6-A5B7-F87F40BD49DD}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{43A721E0-735C-4af9-B40C-15E4E8834F45}.exeC:\Windows\{43A721E0-735C-4af9-B40C-15E4E8834F45}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D4A9BCFD-55DF-4ca2-9971-6E44BA45D34B}.exeC:\Windows\{D4A9BCFD-55DF-4ca2-9971-6E44BA45D34B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{23F3079C-C1BD-49bf-A5C8-6748488208A9}.exeC:\Windows\{23F3079C-C1BD-49bf-A5C8-6748488208A9}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D4A9B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{43A72~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9FC47~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{65C09~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EE35F~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CFAE4~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{344E5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31930~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{079FF~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{931C4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5a24cf237de6ca4ed5092045a4f873295
SHA10fac2f5665b382611adcdd885bf93257f0d6ee8a
SHA25618d858218ee1b073f031aa6e8127e8a8d6143178aa4f225e72e5f29a80c009ed
SHA5125ccf951e25540c474df926608d7d622f234655b94d432ea532fce14b0dbd606f60ed9c2c24a946114d318c75efe5c98a55b9aae7342746dd9e57ffff7d2cc276
-
Filesize
216KB
MD559b0fbcbd62e6b2533ebbedf109afdd8
SHA1464356c0f338397bb4553c91edba280c1a310ad6
SHA256b6455ffeb445fd1e4af0c22a88cba50bc126495f0651766af8f57d9cc42687ed
SHA512aea32e8ae82601a756dbb07d92c8e14ea535cad4b14aa3146727515dc7b428e3bb0ef6942a7115002e09a9aa72b376bd59f7b1c03ecea7a39b88f9a05e286ae1
-
Filesize
216KB
MD5e3bf2084108304d674f20400856ded3a
SHA16c50299b383a4928e22509035615e91fe511a670
SHA2565f705a752e92641c1e28e7c6621db59f8eeb928522b057c2400a40d91965d54d
SHA5126dfc3170fcd3600eef751db0b27d4f0f4ce85d22ba8504c8680714be84cea0091ca06d552dd9333cb60f3916ac9839a17ebae0ed60ed61e1300ba72a2a6ec930
-
Filesize
216KB
MD54c1e0bf004b271efbe8cb63df843996f
SHA1b2786e9a082797c99663ddac91a3d6eb6cf7f4b8
SHA25648d3aba2303c7c7020bdceca4746c45fa1f92aa70eb63b7efcea4fb309d3036c
SHA5128573755050fe4fda67cc078c8af3ca71130fbfd6275e3a1aa0ec859d0493652f185ab6c3ebca12973b28a6e0ae17e90dbd2d911943d9cec966a22e70b5eaa44f
-
Filesize
216KB
MD59eb77353ce385db4c9d3d700f07d5998
SHA155c16838728db43e343e7c1dc4aa2cfd8ab8c975
SHA256708676312b3d361e1c9ddaf32f20e084d987745813ff8e57b9772f324fd3cec5
SHA5124c59ef97d793ced28d55fdaf264a0a439da28653b81ad696112c524b02d429a72f920fcf2ba08f7880afe4e1f7e6b79353cebf7d09503f624d1df5f022dc8225
-
Filesize
216KB
MD51ddd785830e404786d20355805a8e9c5
SHA11f6934df720ce0de2711d568ac0c2871dba24b6c
SHA2562d565eab8733ee036ce8ab30e596bb336216535d095b1c5b1e19524834e043d7
SHA5126126191fba846d56aa0547d587f063925b5f59fcb9453abc0798bff7333221216ee6d7723767edc71c6e771a0a3a31d5807d1e36ea9d85e99d52f027c445ef43
-
Filesize
216KB
MD51ace4569efe93c5c3eddfd571014cf51
SHA1bfb48cef546014fac49d695bca37b3f9bf6260e3
SHA2565e5ebf682a11d0a09f5db373096071bbb2ec47a11e3a6186a24ef4ff3b22b78b
SHA512139ba3fc45e29166fcce1ac25f990e42d1d3fac18235a81eb31ceb8bfbc0fbf65989a9edc3934d3cbc0fad5277f0b1e0cf9b0bf56e79b1cf0ff23ab71aab09da
-
Filesize
216KB
MD5ec23c47b018011c46437e57c51d05844
SHA189b276c067d3254ce08b81dacddaf9e053058551
SHA25648478113a4bf7c0415e35cfec81017b2c0aabe3cbc6335efbbd3965c7105b67a
SHA512b0624921557fb07f1b007c4a378c60bf7853ffaccd35ba534ac154522df66608aba8f3fb74a53d292df575c7e1f9c42d25fdad33acda1837547babdf2aa75c5d
-
Filesize
216KB
MD531fb25211717176386bce183f70faaf0
SHA1cd7768fdf3da53476a3c90eea2e4c923b151779c
SHA256de53a3edd4822df3677750e7432b784e0d2da610686173be92d6c9c069b761f2
SHA51239c986f486b882510a28f0869020a5005dae96a42752870554fa0bad987969b134d24f4d72234a5a972a255ff1672273b38f280aca8692eda6fb887fe846a5bd
-
Filesize
216KB
MD5fa6f11472cc49fb3e60273a65c989fad
SHA1d38559bf8d74f435d4809018e4f2a94855e89f74
SHA2569ea47c89e0c2af941dae610a547520eb69c5f5adb5c36d9d0f59614b5805e043
SHA5125519505527339e9c20812d030363cccb7c2f3af2ca18f88702ed26ff2ade4ea597d4f6ead7181faad5ac3abc059d027b79c21f820b0def1f8e59a89520517278
-
Filesize
216KB
MD52f4d21f2957ca414066f3958d1ba182b
SHA161549ba59902d8db480d36e14f441f3eea276f26
SHA256c111d80be3793b765578170c9c8db06195112d032164edb6c396a652a4525699
SHA512b732dc7fac78e33c6ff4a371aae97a1da6b4b7cca635c8b5abca295b5b8f094c65e9502f4534d03b136802dd07a71c16b0df9dfcc26b7ea21fb4311a6318a83b