Overview
overview
10Static
static
3Kiddions_m...nu.exe
windows7-x64
10Kiddions_m...nu.exe
windows10-2004-x64
10Kiddions_m...d.html
windows7-x64
1Kiddions_m...d.html
windows10-2004-x64
1Kiddions_m...typing
ubuntu-18.04-amd64
1Kiddions_m...typing
debian-9-armhf
1Kiddions_m...typing
debian-9-mips
1Kiddions_m...typing
debian-9-mipsel
1Kiddions_m...ry.pdf
windows7-x64
1Kiddions_m...ry.pdf
windows10-2004-x64
1Kiddions_m...ck.exe
windows7-x64
7Kiddions_m...ck.exe
windows10-2004-x64
7Kiddions_m...ng.pdf
windows7-x64
1Kiddions_m...ng.pdf
windows10-2004-x64
1Kiddions_m...er.pdf
windows7-x64
1Kiddions_m...er.pdf
windows10-2004-x64
1Kiddions_m...er.pdf
windows7-x64
1Kiddions_m...er.pdf
windows10-2004-x64
1Kiddions_m...ic.pdf
windows7-x64
1Kiddions_m...ic.pdf
windows10-2004-x64
1Kiddions_m...ne.pdf
windows7-x64
1Kiddions_m...ne.pdf
windows10-2004-x64
1Kiddions_m...rt.pdf
windows7-x64
1Kiddions_m...rt.pdf
windows10-2004-x64
1Kiddions_m...ed.pdf
windows7-x64
1Kiddions_m...ed.pdf
windows10-2004-x64
1Kiddions_m...an.pdf
windows7-x64
1Kiddions_m...an.pdf
windows10-2004-x64
1Kiddions_m...on.pdf
windows7-x64
1Kiddions_m...on.pdf
windows10-2004-x64
1Kiddions_m...ne.pdf
windows7-x64
1Kiddions_m...ne.pdf
windows10-2004-x64
1Analysis
-
max time kernel
185s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02-12-2022 06:51
Behavioral task
behavioral1
Sample
Kiddions_menu/Kiddions_menu.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Kiddions_menu/Kiddions_menu.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Kiddions_menu/Readme.md/lib/pdf/reader/afm/MustRead.html
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Kiddions_menu/Readme.md/lib/pdf/reader/afm/MustRead.html
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Kiddions_menu/Readme.md/scripts/require-strict-typing
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral6
Sample
Kiddions_menu/Readme.md/scripts/require-strict-typing
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral7
Sample
Kiddions_menu/Readme.md/scripts/require-strict-typing
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral8
Sample
Kiddions_menu/Readme.md/scripts/require-strict-typing
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral9
Sample
Kiddions_menu/Readme.md/spec/data/20070313 - 2nd Laptop Battery.pdf
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
Kiddions_menu/Readme.md/spec/data/20070313 - 2nd Laptop Battery.pdf
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
Kiddions_menu/Readme.md/spec/data/Genshin Impact hack.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
Kiddions_menu/Readme.md/spec/data/Genshin Impact hack.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
Kiddions_menu/Readme.md/spec/data/TJ_and_char_spacing.pdf
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
Kiddions_menu/Readme.md/spec/data/TJ_and_char_spacing.pdf
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
Kiddions_menu/Readme.md/spec/data/TJ_starts_with_a_number.pdf
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
Kiddions_menu/Readme.md/spec/data/TJ_starts_with_a_number.pdf
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
Kiddions_menu/Readme.md/spec/data/ascii85_filter.pdf
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
Kiddions_menu/Readme.md/spec/data/ascii85_filter.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
Kiddions_menu/Readme.md/spec/data/cairo-basic.pdf
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
Kiddions_menu/Readme.md/spec/data/cairo-basic.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
Kiddions_menu/Readme.md/spec/data/cairo-multiline.pdf
Resource
win7-20220901-en
Behavioral task
behavioral22
Sample
Kiddions_menu/Readme.md/spec/data/cairo-multiline.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
Kiddions_menu/Readme.md/spec/data/cairo-unicode-short.pdf
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
Kiddions_menu/Readme.md/spec/data/cairo-unicode-short.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral25
Sample
Kiddions_menu/Readme.md/spec/data/clearscan-with-image-removed.pdf
Resource
win7-20220812-en
Behavioral task
behavioral26
Sample
Kiddions_menu/Readme.md/spec/data/clearscan-with-image-removed.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
Kiddions_menu/Readme.md/spec/data/clearscan.pdf
Resource
win7-20220812-en
Behavioral task
behavioral28
Sample
Kiddions_menu/Readme.md/spec/data/clearscan.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral29
Sample
Kiddions_menu/Readme.md/spec/data/column_integration.pdf
Resource
win7-20221111-en
Behavioral task
behavioral30
Sample
Kiddions_menu/Readme.md/spec/data/column_integration.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral31
Sample
Kiddions_menu/Readme.md/spec/data/content_stream_begins_with_newline.pdf
Resource
win7-20220812-en
Behavioral task
behavioral32
Sample
Kiddions_menu/Readme.md/spec/data/content_stream_begins_with_newline.pdf
Resource
win10v2004-20220812-en
General
-
Target
Kiddions_menu/Readme.md/spec/data/Genshin Impact hack.exe
-
Size
34.7MB
-
MD5
40c648be1cdb914d5f2532158b6949fe
-
SHA1
911d373736159ba5e8155f219304ad2d5e22ca5c
-
SHA256
4932fff36f5d65e1921ac16656ed579e851a5df412565efb09720a14d6d622af
-
SHA512
8e2e6dd69bc73edcc343cdcb5af635a9e8c7a2a2309944487cd503cf59a74bfb0c1030c719f9e2192a51ded6b390ef0dd07ef8b8c670d32ef862e40c83029de5
-
SSDEEP
786432:g+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KLVy45S31gDvl5dQF3MGsc:mXGMK4XR3bLSCU/+Iy45SSDvTIMGL
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Genshin Impact hack.exepid process 660 Genshin Impact hack.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Genshin Impact hack.exedescription pid process target process PID 564 wrote to memory of 660 564 Genshin Impact hack.exe Genshin Impact hack.exe PID 564 wrote to memory of 660 564 Genshin Impact hack.exe Genshin Impact hack.exe PID 564 wrote to memory of 660 564 Genshin Impact hack.exe Genshin Impact hack.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Kiddions_menu\Readme.md\spec\data\Genshin Impact hack.exe"C:\Users\Admin\AppData\Local\Temp\Kiddions_menu\Readme.md\spec\data\Genshin Impact hack.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Kiddions_menu\Readme.md\spec\data\Genshin Impact hack.exe"C:\Users\Admin\AppData\Local\Temp\Kiddions_menu\Readme.md\spec\data\Genshin Impact hack.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI5642\python311.dllFilesize
5.5MB
MD59a24c8c35e4ac4b1597124c1dcbebe0f
SHA1f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA5129d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b
-
\Users\Admin\AppData\Local\Temp\_MEI5642\python311.dllFilesize
5.5MB
MD59a24c8c35e4ac4b1597124c1dcbebe0f
SHA1f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA5129d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b
-
memory/564-54-0x000007FEFBB31000-0x000007FEFBB33000-memory.dmpFilesize
8KB
-
memory/660-55-0x0000000000000000-mapping.dmp