Resubmissions

12/08/2024, 06:02

240812-grwm6ssfqc 7

12/08/2024, 05:19

240812-fz37jsxbqk 7

Analysis

  • max time kernel
    147s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/08/2024, 06:02

General

  • Target

    Heaven.Will.Be.Mine/Heaven Will Be Mine/HeavenWillBeMine.exe

  • Size

    635KB

  • MD5

    42b6538cdaaf017a408b1bf04e0cf28b

  • SHA1

    ef28a03d80df05954786689f95fe7a942099f335

  • SHA256

    76aabbd06c5dc729ec68d9bed383e2a18711bb286f62e5136d3682c6c852ddd0

  • SHA512

    a8575c03c6e20e3dc9602b5bd4fa13b7dd7f5bcc7f816dc6e95b561e00f5f504931891b3ded3147d6a05eaa217e5e8e00739b3473f0bfc9ed3b65a9785bd9de8

  • SSDEEP

    6144:V9fYunoPZRR1/FJ416Q7dbMdKVfl1llT+HYsSO/wF3a89QnQnPC8g/O4FIoCBuA1:E+oTnFJ48kQ+PFO/wjQnQPI20uu1K9

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Heaven.Will.Be.Mine\Heaven Will Be Mine\HeavenWillBeMine.exe
    "C:\Users\Admin\AppData\Local\Temp\Heaven.Will.Be.Mine\Heaven Will Be Mine\HeavenWillBeMine.exe"
    1⤵
      PID:2688
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x404 0x4b4
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2948

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2688-1-0x0000025414FC0000-0x00000254150C0000-memory.dmp

      Filesize

      1024KB

    • memory/2688-0-0x00000254156B0000-0x00000254157B0000-memory.dmp

      Filesize

      1024KB

    • memory/2688-3-0x0000025414FC0000-0x00000254150C0000-memory.dmp

      Filesize

      1024KB

    • memory/2688-2-0x00000254156B0000-0x00000254157B0000-memory.dmp

      Filesize

      1024KB