Overview

overview

5

Static

static

3

Curriculum Vitae.exe

windows7-x64

5

Curriculum Vitae.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-06-2024 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Curriculum Vitae.exe

  • Size

    664KB

  • MD5

    0c48596b2ee50230aa406dfa7edb9d68

  • SHA1

    75e442909af9a288b0cb18ed2fb831296475a9b7

  • SHA256

    659460bd481e4c381f51fa9d78a7c0829227027ded6aa9ebaea73df0228f7686

  • SHA512

    ce2df9c3b743f0ef836d670fd7b243d275b80540bb7291b767e7d511d4139213bfe28dcc2661fd0e0cf5ba9fbb75bb362c1c832518008642335e9da69838d67e

  • SSDEEP

    12288:QGZI7VA5qpl1jpjELig917TzizqAnWqu7DJ9OiM55MNhYsyuUqyJMR:QmKjJmWzRnWquKRGssymOW

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Users\Admin\AppData\Local\Temp\Curriculum Vitae.exe
      "C:\Users\Admin\AppData\Local\Temp\Curriculum Vitae.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2212
      • C:\Users\Admin\AppData\Local\Temp\Curriculum Vitae.exe
        "C:\Users\Admin\AppData\Local\Temp\Curriculum Vitae.exe"
        3⤵
          PID:2988
        • C:\Users\Admin\AppData\Local\Temp\Curriculum Vitae.exe
          "C:\Users\Admin\AppData\Local\Temp\Curriculum Vitae.exe"
          3⤵
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          PID:2516
      • C:\Windows\SysWOW64\TSTheme.exe
        "C:\Windows\SysWOW64\TSTheme.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:2500

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1196-18-0x0000000009190000-0x000000000A4B2000-memory.dmp

      Filesize

      19.1MB

      Download

    • memory/1196-25-0x0000000009190000-0x000000000A4B2000-memory.dmp

      Filesize

      19.1MB

      Download

    • memory/2212-1-0x00000000008F0000-0x000000000099C000-memory.dmp

      Filesize

      688KB

      Download

    • memory/2212-2-0x00000000744E0000-0x0000000074BCE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2212-3-0x0000000000470000-0x0000000000486000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2212-5-0x00000000005A0000-0x00000000005B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2212-4-0x0000000000590000-0x000000000059E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2212-6-0x00000000043B0000-0x000000000443A000-memory.dmp

      Filesize

      552KB

      Download

    • memory/2212-12-0x00000000744E0000-0x0000000074BCE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2212-0-0x00000000744EE000-0x00000000744EF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2500-19-0x00000000000C0000-0x00000000000FF000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2500-20-0x00000000000C0000-0x00000000000FF000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2500-26-0x00000000000C0000-0x00000000000FF000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2500-24-0x00000000004A0000-0x0000000000544000-memory.dmp

      Filesize

      656KB

      Download

    • memory/2500-23-0x00000000000C0000-0x00000000000FF000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2500-22-0x0000000002040000-0x0000000002343000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/2516-8-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/2516-7-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/2516-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2516-17-0x0000000000370000-0x0000000000395000-memory.dmp

      Filesize

      148KB

      Download

    • memory/2516-21-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/2516-16-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/2516-15-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/2516-14-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/2516-11-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/2516-13-0x00000000009A0000-0x0000000000CA3000-memory.dmp

      Filesize

      3.0MB

      Download