Overview

overview

10

Static

static

10

KiwiX(vira)/Exec.dll

windows7-x64

1

KiwiX(vira)/Exec.dll

windows10-2004-x64

1

KiwiX(vira)/Inj.dll

windows7-x64

1

KiwiX(vira)/Inj.dll

windows10-2004-x64

1

KiwiX(vira)/Inj.exe

windows7-x64

8

KiwiX(vira)/Inj.exe

windows10-2004-x64

10

KiwiX(vira...ey.dll

windows7-x64

1

KiwiX(vira...ey.dll

windows10-2004-x64

1

KiwiX(vira)/KiwPG.dll

windows7-x64

1

KiwiX(vira)/KiwPG.dll

windows10-2004-x64

1

KiwiX(vira)/KiwiX.exe

windows7-x64

7

KiwiX(vira)/KiwiX.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2024 06:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KiwiX(vira)/KiwiX.exe

  • Size

    3.8MB

  • MD5

    b367ab5cb8286aa0d4c3aeaa7204ad2f

  • SHA1

    c5a2e63e604acd90226cb78a9de194e5ccacda0e

  • SHA256

    c7e54e2ee5dc91af44b68090111569deed21397957f9335b392dd288ec40686e

  • SHA512

    9054dfd48cc27670104ae004efcaf9960afad3dbb8b3d2d47c2d3a7e4731edb8b567f96d852a5d2f368063eb5caff537578837e78ab4dcacea669224ecce9a87

  • SSDEEP

    98304:RGB/h1uN3eETMNo0uHX/EmB2ot+YUiGuZfaWp:RG4N3eETMNoyo+Y8uZftp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KiwiX(vira)\KiwiX.exe
    "C:\Users\Admin\AppData\Local\Temp\KiwiX(vira)\KiwiX.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://rbxscript.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2424
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    87c555846ce86ca56f1a10ea07c3ed69

    SHA1

    a0036c431a66bfe723c0c35cf97cc2ac1118be60

    SHA256

    ac7f909a1fd6b1f88b5a63b9c4760ae938a97107f9367a38a01543e4fc32aee4

    SHA512

    5cc8bffbe9144f4ef413035cace1a055825a3d75e840e26d5a0b670bcc44eff3e956579b38bab2fd93b979daaea2d2723fbbbe4c620c3ee3e7c9b24c6ee42bf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    410b2d4d212071144132137fffb21994

    SHA1

    fc4cf83f759c656b890058936d7f77beb3c5e4c2

    SHA256

    6b6321d5717a5f59cff80601a219412cf1a18b5a0945e197a9a5b4099e0d4067

    SHA512

    6f62c188ea779a84c189393688e1afcd2dae225691a527b3c5b38405a40b41914b266759d2fb51bbb8d56b04daccec9c63bec0f11cfe0be1485018250ad3e7db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b67c616f22e4bcba3dbc288d2c7bf21e

    SHA1

    d98668db30904bef6f87d7781a6ef0e7dff5b665

    SHA256

    ad1b69a3442e1b43ccdf21ffb26d3f020692d2209d40a291bcb890cc63f28be6

    SHA512

    1071670949bf18fb9f0cd3699107c11c2de37dd75a36cf79ca355c94fb4220ff16c29cd430bb0f5a82783f2f922f1a9106fb1a0a8164afb641e71813ff80d747

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db57a793a6da1cb45888bf5b61ef94b9

    SHA1

    95ba7db06663266e5384a54672f44a88c892c2be

    SHA256

    e8f22163476eb6ddf47b3adb83778ad2dbb963e085389cd680932c64073d82b9

    SHA512

    75ab7d9c44db168bfc22e85c4054f24b57ee889b5e37bcff35dc8c8e8c9a424efbd121697e9554e234a73f07c2ed48366de3e102a11c64f89e7afae3aadff6d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    1ae7b72543b24c0b487a1836119ad29f

    SHA1

    9dee07822651b5b68d083120c1b9d5afff6d3875

    SHA256

    c9f5275e055cb19d8fb7ca924d95d8cca885af64247d39c1b017ae6a07bbb136

    SHA512

    322be374791a34b99a01c7c6e480bfdd138f6f2ed3a0de180c6e390f9f74dfe9e92aaf33a758bc8369b9a05e8c8a4842d6a58f3ef81339c1084689c3e001425f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB1E6.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt1584.tmp\DialogPower.mfx
    Filesize

    104KB

    MD5

    e7ee84c44aec90fdc7c8bfaa14238b1d

    SHA1

    04171b0ed715a1b0fb0cc668aedba75d88dd27d2

    SHA256

    2d0ee61ededcd628a8fa0227e2c7e6014f58f3edd7ca12101a4b80d016b282e3

    SHA512

    55d7cba57ef37f1274e67abb64786cbf91cfe1e9bb9b6e7ad4f120a3b840c861d427b2e49b1ed73276ac020d6f8e40a5e00e20dc7d489a729ed631acc1a7979c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt1584.tmp\kcedit.mfx
    Filesize

    32KB

    MD5

    a00acf3af0958898345fca9893cb6f57

    SHA1

    561717e33e2877fd0db99411265186ca468041bd

    SHA256

    b38ad01ad8a22f3f553530b000d6d061356601d308e6a79284605c30cb0674ad

    SHA512

    9435f612a23864ac7e4d22cff927b4155463fdddd8d143b805d7233dd372e9a5975c9a4170de9bcfc3adce4ab9fffdab2937f053e48743d2791753d2dc727850

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt1584.tmp\kcplugin.mfx
    Filesize

    24KB

    MD5

    f7851d2b959639cdb47b47022774f3e7

    SHA1

    a9b79f17ddd23ccfceb6dc7b8552627d7697bb0f

    SHA256

    19c2a0ed5f23954ea52f1afe135065aeb958c6230dc254b06e50acc8546c5266

    SHA512

    87e9680bb6da4e3dae9b0be5b41c2d69550788fdec3e9424656d3bf81cc354c47ac60eceef17b3755cffa8ad78dab490326123782ce0036ac088138b954dc94c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt1584.tmp\kcwctrl.mfx
    Filesize

    63KB

    MD5

    fa3aa3c51150eb5410dc3d74484d84bb

    SHA1

    3ffca600b9d8b2d580c99021c95e8c6400d9a824

    SHA256

    0666e52ea54bb2bdb81216443ea0787b8fcc6292b64d6bdf285eebf42e1bbae6

    SHA512

    81ec7ec2a5877d1b226dfb4ccc8c3946b61fb409d5c53c789e6f8c310a0dc0b3ce1681613cc110a5559540a0ab302e6c36a00d0df07acb41c5a7c35b37d4594a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt1584.tmp\mmf2d3d11.dll
    Filesize

    541KB

    MD5

    839633898178f35f6de0b385b7de0ec7

    SHA1

    5396e52c45954f0953cc8cf2095b122f7353180e

    SHA256

    5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

    SHA512

    b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt1584.tmp\mmf2d3d9.dll
    Filesize

    1.5MB

    MD5

    c85bcc9f3049b57aa8ccbb290342ff14

    SHA1

    38f5b81a540f1c995ff8d949702440b70921acc5

    SHA256

    bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

    SHA512

    5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mrt1584.tmp\mmfs2.dll
    Filesize

    768KB

    MD5

    200520e6e8b4d675b77971dfa9fb91b3

    SHA1

    0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

    SHA256

    763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

    SHA512

    8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

    Download Submit