Overview

overview

3

Static

static

3

Kiwi X Ext...ML.dll

windows7-x64

1

Kiwi X Ext...ML.dll

windows10-2004-x64

1

Kiwi X Ext...al.exe

windows7-x64

1

Kiwi X Ext...al.exe

windows10-2004-x64

1

Kiwi X Ext...config

windows7-x64

3

Kiwi X Ext...config

windows10-2004-x64

3

Kiwi X Ext...al.exe

windows7-x64

1

Kiwi X Ext...al.exe

windows10-2004-x64

3

Kiwi X Ext...g.json

windows7-x64

3

Kiwi X Ext...g.json

windows10-2004-x64

3

Kiwi X Ext...ay.cfg

windows7-x64

3

Kiwi X Ext...ay.cfg

windows10-2004-x64

3

Kiwi X Ext...lt.cfg

windows7-x64

3

Kiwi X Ext...lt.cfg

windows10-2004-x64

3

Kiwi X Ext...me.dll

windows7-x64

1

Kiwi X Ext...me.dll

windows10-2004-x64

1

Kiwi X Ext...me.lib

windows7-x64

3

Kiwi X Ext...me.lib

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13-02-2024 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Kiwi X External/bin/Overlay.cfg

  • Size

    125B

  • MD5

    0c02ea5a9e84e6aedda0c2319408146f

  • SHA1

    526f56e989ffbed7cdd87597302b708c2ff235ba

  • SHA256

    772d920546390d0ace6800badb1b54458a01f2def40b277891aeb6a17e988452

  • SHA512

    23837b7886e3bc91a7c367630a6ce53e27f950dacc2971283d82ccb03b2e498e2481c26afe8866ba08e347bf9f1247cb3e5deb4268d2da614eff145cec792b3a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Kiwi X External\bin\Overlay.cfg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Kiwi X External\bin\Overlay.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2736
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Kiwi X External\bin\Overlay.cfg"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    c0b5d0d3e2108d949a695e0e1f934b62

    SHA1

    8eaeae9a762b2754c1ea95b81419de538f6bdff5

    SHA256

    e4dcad63f6896e1031b83860da6baa9e70d7e60ba37e8e14bb39bdaa6c5df125

    SHA512

    a1bbd4bc95ace5adb014cbb1fcc0b636b570ecd7c75521eca9b5811a9dd72e9ec3ae8e2f0fd7dc40c1e661b4d1fc18eb803be59598300cad0fe93cc595261883

    Download Submit