Overview

overview

10

Static

static

10

KiwiX(vira)/Exec.dll

windows7-x64

1

KiwiX(vira)/Exec.dll

windows10-2004-x64

1

KiwiX(vira)/Inj.dll

windows7-x64

1

KiwiX(vira)/Inj.dll

windows10-2004-x64

1

KiwiX(vira)/Inj.exe

windows7-x64

8

KiwiX(vira)/Inj.exe

windows10-2004-x64

10

KiwiX(vira...ey.dll

windows7-x64

1

KiwiX(vira...ey.dll

windows10-2004-x64

1

KiwiX(vira)/KiwPG.dll

windows7-x64

1

KiwiX(vira)/KiwPG.dll

windows10-2004-x64

1

KiwiX(vira)/KiwiX.exe

windows7-x64

7

KiwiX(vira)/KiwiX.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-03-2024 06:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KiwiX(vira)/KiwiX.exe

  • Size

    3.8MB

  • MD5

    b367ab5cb8286aa0d4c3aeaa7204ad2f

  • SHA1

    c5a2e63e604acd90226cb78a9de194e5ccacda0e

  • SHA256

    c7e54e2ee5dc91af44b68090111569deed21397957f9335b392dd288ec40686e

  • SHA512

    9054dfd48cc27670104ae004efcaf9960afad3dbb8b3d2d47c2d3a7e4731edb8b567f96d852a5d2f368063eb5caff537578837e78ab4dcacea669224ecce9a87

  • SSDEEP

    98304:RGB/h1uN3eETMNo0uHX/EmB2ot+YUiGuZfaWp:RG4N3eETMNoyo+Y8uZftp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KiwiX(vira)\KiwiX.exe
    "C:\Users\Admin\AppData\Local\Temp\KiwiX(vira)\KiwiX.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2412
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4040

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\mrt3F3.tmp\DialogPower.mfx
      Filesize

      104KB

      MD5

      e7ee84c44aec90fdc7c8bfaa14238b1d

      SHA1

      04171b0ed715a1b0fb0cc668aedba75d88dd27d2

      SHA256

      2d0ee61ededcd628a8fa0227e2c7e6014f58f3edd7ca12101a4b80d016b282e3

      SHA512

      55d7cba57ef37f1274e67abb64786cbf91cfe1e9bb9b6e7ad4f120a3b840c861d427b2e49b1ed73276ac020d6f8e40a5e00e20dc7d489a729ed631acc1a7979c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt3F3.tmp\kcedit.mfx
      Filesize

      32KB

      MD5

      a00acf3af0958898345fca9893cb6f57

      SHA1

      561717e33e2877fd0db99411265186ca468041bd

      SHA256

      b38ad01ad8a22f3f553530b000d6d061356601d308e6a79284605c30cb0674ad

      SHA512

      9435f612a23864ac7e4d22cff927b4155463fdddd8d143b805d7233dd372e9a5975c9a4170de9bcfc3adce4ab9fffdab2937f053e48743d2791753d2dc727850

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt3F3.tmp\kcplugin.mfx
      Filesize

      24KB

      MD5

      f7851d2b959639cdb47b47022774f3e7

      SHA1

      a9b79f17ddd23ccfceb6dc7b8552627d7697bb0f

      SHA256

      19c2a0ed5f23954ea52f1afe135065aeb958c6230dc254b06e50acc8546c5266

      SHA512

      87e9680bb6da4e3dae9b0be5b41c2d69550788fdec3e9424656d3bf81cc354c47ac60eceef17b3755cffa8ad78dab490326123782ce0036ac088138b954dc94c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt3F3.tmp\kcwctrl.mfx
      Filesize

      63KB

      MD5

      fa3aa3c51150eb5410dc3d74484d84bb

      SHA1

      3ffca600b9d8b2d580c99021c95e8c6400d9a824

      SHA256

      0666e52ea54bb2bdb81216443ea0787b8fcc6292b64d6bdf285eebf42e1bbae6

      SHA512

      81ec7ec2a5877d1b226dfb4ccc8c3946b61fb409d5c53c789e6f8c310a0dc0b3ce1681613cc110a5559540a0ab302e6c36a00d0df07acb41c5a7c35b37d4594a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt3F3.tmp\mmf2d3d11.dll
      Filesize

      541KB

      MD5

      839633898178f35f6de0b385b7de0ec7

      SHA1

      5396e52c45954f0953cc8cf2095b122f7353180e

      SHA256

      5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

      SHA512

      b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt3F3.tmp\mmf2d3d9.dll
      Filesize

      1.5MB

      MD5

      c85bcc9f3049b57aa8ccbb290342ff14

      SHA1

      38f5b81a540f1c995ff8d949702440b70921acc5

      SHA256

      bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

      SHA512

      5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt3F3.tmp\mmfs2.dll
      Filesize

      768KB

      MD5

      200520e6e8b4d675b77971dfa9fb91b3

      SHA1

      0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

      SHA256

      763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

      SHA512

      8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

      Download Submit