Resubmissions

12/08/2024, 06:02

240812-grwm6ssfqc 7

12/08/2024, 05:19

240812-fz37jsxbqk 7

Analysis

  • max time kernel
    121s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 05:19

General

  • Target

    Heaven.Will.Be.Mine/Heaven Will Be Mine/HeavenWillBeMine_Data/sharedassets0.assets

  • Size

    11.3MB

  • MD5

    b3ae61ea5edb1570d0631ffc12b8f0e3

  • SHA1

    d18c5de7c5e6a5b4b4299e49f4a04bf49e79cc5f

  • SHA256

    6c6e97a3e84a9f02bbe786a6923e4ece32c726f911c56863c51918518b9ef125

  • SHA512

    3fbd884db2c9bcb7132dfd05c4b83c0b7c2989a997e310ada5ad0c617169086b29ec03ba3e7318b7b3359088ce56dacf435ca931a09301c48e66513fc887026d

  • SSDEEP

    98304:wkS1YrnEgEykBSQI2W5F+lDBLwf+oRcvwu3707iQMMvozFVrw1J7OsBnDnqJXZ0C:wkSi7VF2pl1GcERserNM0tk

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Heaven.Will.Be.Mine\Heaven Will Be Mine\HeavenWillBeMine_Data\sharedassets0.assets"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:788
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Heaven.Will.Be.Mine\Heaven Will Be Mine\HeavenWillBeMine_Data\sharedassets0.assets
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Heaven.Will.Be.Mine\Heaven Will Be Mine\HeavenWillBeMine_Data\sharedassets0.assets"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    c62bd84bcab8ebd069808c38f7abad34

    SHA1

    f428bb6875440324cdf5fe4082e0bd926c17e3d5

    SHA256

    60c151b9465c76db58e9ded5e115278b50c3fcfd49338155e661a45a3d069bcf

    SHA512

    4bf2f13d1852bc7aac130256ccae19e6273c1e93a53e653a2c28a7ecda1235ba533a14eb4da94a6aaf9f05e80250dcb4f1a89f92018965e2311e53ac8b8e5f8b