Overview

overview

10

Static

static

10

KIWI CE V3...nj.exe

windows7-x64

8

KIWI CE V3...nj.exe

windows10-2004-x64

8

KIWI CE V3...V3.exe

windows7-x64

5

KIWI CE V3...V3.exe

windows10-2004-x64

5

KIWI CE V3...ix.exe

windows7-x64

1

KIWI CE V3...ix.exe

windows10-2004-x64

1

KIWI CE V3...32.bat

windows7-x64

1

KIWI CE V3...32.bat

windows10-2004-x64

1

KIWI CE V3...64.bat

windows7-x64

1

KIWI CE V3...64.bat

windows10-2004-x64

1

KIWI CE V3...ldo.js

windows7-x64

1

KIWI CE V3...ldo.js

windows10-2004-x64

1

KIWI CE V3...me.bat

windows7-x64

1

KIWI CE V3...me.bat

windows10-2004-x64

1

KIWI CE V3...ua.exe

windows7-x64

1

KIWI CE V3...ua.exe

windows10-2004-x64

1

KIWI CE V3...32.exe

windows7-x64

1

KIWI CE V3...32.exe

windows10-2004-x64

1

KIWI CE V3...64.exe

windows7-x64

1

KIWI CE V3...64.exe

windows10-2004-x64

1

KIWI CE V3...es.bat

windows7-x64

1

KIWI CE V3...es.bat

windows10-2004-x64

1

KIWI CE V3...ss.exe

windows7-x64

1

KIWI CE V3...ss.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    99s
  • max time network
    88s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 14:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    KIWI CE V3/!FIXInj.exe

  • Size

    37KB

  • MD5

    ad8378c96a922dcfe813935d1eec9ae4

  • SHA1

    0e7ee31880298190258f5282f6cc2797fccdc134

  • SHA256

    9a7b8171f8c6bd4bb61b7d8baf7dab921983ab7767705c3f1e1265704599ab98

  • SHA512

    d38a7581ef5c3dcc8752fc2465ad698605bbd38bf380201623265e5ef121510d3f34116438727e60b3832e867e2ed4fd52081d58690690ff98b28cde80f6af5f

  • SSDEEP

    384:3A8syikT2zIuMXY1uyZD7jKuo3HCsmY3orAF+rMRTyN/0L+EcoinblneHQM3epzi:wyY1lN7uuoSNYYrM+rMRa8NuByFt

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KIWI CE V3\!FIXInj.exe
    "C:\Users\Admin\AppData\Local\Temp\KIWI CE V3\!FIXInj.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\KIWI CE V3\!FIXInj.exe" "!FIXInj.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      PID:2372

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2356-0-0x00000000749F0000-0x0000000074F9B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2356-1-0x00000000749F0000-0x0000000074F9B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2356-2-0x0000000001EA0000-0x0000000001EE0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2356-4-0x00000000749F0000-0x0000000074F9B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2356-5-0x00000000749F0000-0x0000000074F9B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2356-6-0x0000000001EA0000-0x0000000001EE0000-memory.dmp

          Filesize

          256KB

          Download