Analysis
-
max time kernel
1610s -
max time network
1613s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
09/04/2023, 20:24
Behavioral task
behavioral1
Sample
kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/Kiwi-V2-main/Bunifu_UI_v1.5.3.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/Kiwi-V2-main/Bunifu_UI_v1.5.3.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/Kiwi-V2-main/Guna.UI2.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/Kiwi-V2-main/Guna.UI2.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/Kiwi-V2-main/kiwi.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/Kiwi-V2-main/kiwi.exe
Resource
win10v2004-20230220-en
General
-
Target
kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/kiwi-x-bloxflip-predictor-main/Kiwi-V2-main/kiwi.exe
-
Size
23.0MB
-
MD5
e52c9053670a8458424abca9d8d9b7a0
-
SHA1
12c2694c30057559646f72d809bb0996fcad0aec
-
SHA256
a7b92f86cd3a510d086cd9ddbab7ff9526b5592cd38a7bf161e7c911caeffe68
-
SHA512
a67661c2caa938f1fba17476fb5f9614e958694512d6e88b40a71b6d2196ea6f565d7b9208f6500d5b3ef964f9472ecad00bd1c10ff9d7aa4e13293862a0e710
-
SSDEEP
393216:BZAlUljz3kBEW/m3pc+/oTW8amuFKWD2NJ/2dOYG:BWlUljz3aKJCW8du92DvY
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1496 kiwi.exe -
resource yara_rule behavioral5/files/0x000500000001868a-1086.dat upx behavioral5/files/0x000500000001868a-1087.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1156 wrote to memory of 1496 1156 kiwi.exe 28 PID 1156 wrote to memory of 1496 1156 kiwi.exe 28 PID 1156 wrote to memory of 1496 1156 kiwi.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\kiwi-x-bloxflip-predictor-main\kiwi-x-bloxflip-predictor-main\kiwi-x-bloxflip-predictor-main\Kiwi-V2-main\kiwi.exe"C:\Users\Admin\AppData\Local\Temp\kiwi-x-bloxflip-predictor-main\kiwi-x-bloxflip-predictor-main\kiwi-x-bloxflip-predictor-main\Kiwi-V2-main\kiwi.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Users\Admin\AppData\Local\Temp\kiwi-x-bloxflip-predictor-main\kiwi-x-bloxflip-predictor-main\kiwi-x-bloxflip-predictor-main\Kiwi-V2-main\kiwi.exe"C:\Users\Admin\AppData\Local\Temp\kiwi-x-bloxflip-predictor-main\kiwi-x-bloxflip-predictor-main\kiwi-x-bloxflip-predictor-main\Kiwi-V2-main\kiwi.exe"2⤵
- Loads dropped DLL
PID:1496
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD54239e31edc5084ae40fa34008f3cf86b
SHA121ee91b212ffff948a495024681833f38e68c9eb
SHA2563e459da530dff61d2911c52dc74faf768d95eb9d4de6b8f6f2786942ecea218b
SHA512c18c55cc5a6295fb36a7ae17ceda2b4668a8dc64c4ee834f9f6532ff1f09fd27646b4686c5015e3d5a6b1d5d1cda5e8f0a141b3abd0c40a7861adb688c3267ff
-
Filesize
1.6MB
MD54239e31edc5084ae40fa34008f3cf86b
SHA121ee91b212ffff948a495024681833f38e68c9eb
SHA2563e459da530dff61d2911c52dc74faf768d95eb9d4de6b8f6f2786942ecea218b
SHA512c18c55cc5a6295fb36a7ae17ceda2b4668a8dc64c4ee834f9f6532ff1f09fd27646b4686c5015e3d5a6b1d5d1cda5e8f0a141b3abd0c40a7861adb688c3267ff