32c38d159ca596fc6f8696c7462299312a8b243dd4ea75086946494f5c5cd801

Analysis

max time kernel
46s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-01-2023 11:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roshan Basnayaka CV.exe
Size

1017KB
MD5

b1d073104bbfc0210465938d4d83cab3
SHA1

3d56e396ec24127071e94226c4d5b654ffe3afc2
SHA256

32c38d159ca596fc6f8696c7462299312a8b243dd4ea75086946494f5c5cd801
SHA512

e797a37a74182b6a330874cb8616a341c5b8c6f736c9d0597e49bc8f5abf99a0bfa0b5f6a5578cb7bd6b1d557dfa7bac3d041ef30c1b42ffce1848ff8d3435f0
SSDEEP

24576:fK9SwdINS9riJ77z47hiGZXJkHrxPdIKkQ2FL:6H9r0778VdzKkQQL

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Roshan Basnayaka CV.exe

pid process

1460 Roshan Basnayaka CV.exe
1460 Roshan Basnayaka CV.exe
1460 Roshan Basnayaka CV.exe
1460 Roshan Basnayaka CV.exe
1460 Roshan Basnayaka CV.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Roshan Basnayaka CV.exe

description pid process

Token: SeDebugPrivilege 1460 Roshan Basnayaka CV.exe

pid	process
1460	Roshan Basnayaka CV.exe
1460	Roshan Basnayaka CV.exe
1460	Roshan Basnayaka CV.exe
1460	Roshan Basnayaka CV.exe
1460	Roshan Basnayaka CV.exe

description	pid	process
Token: SeDebugPrivilege	1460	Roshan Basnayaka CV.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Roshan Basnayaka CV.exe

description	pid	process	target process
PID 1460 wrote to memory of 1400	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1400	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1400	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1400	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1416	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1416	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1416	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1416	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1740	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1740	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1740	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1740	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1156	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1156	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1156	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 1156	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 872	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 872	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 872	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe
PID 1460 wrote to memory of 872	1460	Roshan Basnayaka CV.exe	Roshan Basnayaka CV.exe

C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe
"C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1460

C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe
"C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe"
2⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe
"C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe"
2⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe
"C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe"
2⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe
"C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe"
2⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe
"C:\Users\Admin\AppData\Local\Temp\Roshan Basnayaka CV.exe"
2⤵
PID:872

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1460-54-0x00000000003C0000-0x00000000004C4000-memory.dmp

Filesize
1.0MB

Download
memory/1460-55-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download
memory/1460-56-0x00000000003B0000-0x00000000003C0000-memory.dmp

Filesize
64KB

Download
memory/1460-57-0x0000000000540000-0x000000000054A000-memory.dmp

Filesize
40KB

Download
memory/1460-58-0x0000000005860000-0x0000000005912000-memory.dmp

Filesize
712KB

Download
memory/1460-59-0x0000000005A60000-0x0000000005ADC000-memory.dmp

Filesize
496KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads