Overview

overview

8

Static

static

3

A Installe...up.exe

windows7-x64

7

A Installe...up.exe

windows10-2004-x64

4

A Installe...er.bat

windows7-x64

1

A Installe...er.bat

windows10-2004-x64

1

A Installe...er.bat

windows7-x64

1

A Installe...er.bat

windows10-2004-x64

1

A Installe...at.exe

windows7-x64

1

A Installe...at.exe

windows10-2004-x64

6

A Installe...79.exe

windows7-x64

8

A Installe...79.exe

windows10-2004-x64

8

NPFInstall.exe

windows7-x64

4

NPFInstall.exe

windows10-2004-x64

4

x64/NPFInstall.exe

windows7-x64

4

x64/NPFInstall.exe

windows10-2004-x64

4

A Installe...64.exe

windows7-x64

4

A Installe...64.exe

windows10-2004-x64

4

GoldHEN-beta.zip

windows7-x64

1

GoldHEN-beta.zip

windows10-2004-x64

1

GoldHEN-be...en.bin

windows7-x64

3

GoldHEN-be...en.bin

windows10-2004-x64

3

pppwn GUI/....5.exe

windows7-x64

7

pppwn GUI/....5.exe

windows10-2004-x64

7

pppwn.pyc

windows7-x64

3

pppwn.pyc

windows10-2004-x64

3

pppwn GUI/...on.zip

windows7-x64

1

pppwn GUI/...on.zip

windows10-2004-x64

1

Unpacked/p...r2.dll

windows7-x64

1

Unpacked/p...r2.dll

windows10-2004-x64

1

Unpacked/p....5.exe

windows7-x64

7

Unpacked/p....5.exe

windows10-2004-x64

1

Unpacked/p...n_.exe

windows7-x64

7

Unpacked/p...n_.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28-05-2024 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GoldHEN-beta/goldhen.bin

  • Size

    289KB

  • MD5

    90ccd6f7cb8c5d8a2c0957d2814d0d6b

  • SHA1

    282205c213262a0befad51a9dbf89ffc3c5221e8

  • SHA256

    313a1ef8b52c5f2f5fccee32287c182220fe6737b903db0c01b42d31e8854bdb

  • SHA512

    c303b9e7af725ddf55a6c65e261fa565cb6200f704157ba7285f9fab7560605d969cd9e062c39b221ca1e34eed51732b7660764548093e82ab7e9427136cbbb9

  • SSDEEP

    6144:KiFeclBdD+MBaqyAhg9D2EnUXSMAb+bsv/en/r3eoEVsivzfR:KKBvxpyAe2wYSj+GOr2trfR

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\GoldHEN-beta\goldhen.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\GoldHEN-beta\goldhen.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\GoldHEN-beta\goldhen.bin"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2596

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    45dfce452d41a4997d0cfe9ad965a3a7

    SHA1

    cf18359789b6e3f7fae13bf6749a362c020f9d5a

    SHA256

    f4b8d1012b2461ca2dc22eef0ab1e496ec7aaf269297f87b6d13bbbbf9fba5ea

    SHA512

    b89667dce554ea270c272994007ef1f55037ae1fac9a644abd302d6a926d190ea926297aa5b9612de6cbad32b230862edf3a6b6c47bbbf11d0fd1cc0c77e1021

    Download Submit