Overview
overview
10Static
static
10KIWI CE V3...nj.exe
windows7-x64
8KIWI CE V3...nj.exe
windows10-2004-x64
8KIWI CE V3...V3.exe
windows7-x64
5KIWI CE V3...V3.exe
windows10-2004-x64
5KIWI CE V3...ix.exe
windows7-x64
1KIWI CE V3...ix.exe
windows10-2004-x64
1KIWI CE V3...32.bat
windows7-x64
1KIWI CE V3...32.bat
windows10-2004-x64
1KIWI CE V3...64.bat
windows7-x64
1KIWI CE V3...64.bat
windows10-2004-x64
1KIWI CE V3...ldo.js
windows7-x64
1KIWI CE V3...ldo.js
windows10-2004-x64
1KIWI CE V3...me.bat
windows7-x64
1KIWI CE V3...me.bat
windows10-2004-x64
1KIWI CE V3...ua.exe
windows7-x64
1KIWI CE V3...ua.exe
windows10-2004-x64
1KIWI CE V3...32.exe
windows7-x64
1KIWI CE V3...32.exe
windows10-2004-x64
1KIWI CE V3...64.exe
windows7-x64
1KIWI CE V3...64.exe
windows10-2004-x64
1KIWI CE V3...es.bat
windows7-x64
1KIWI CE V3...es.bat
windows10-2004-x64
1KIWI CE V3...ss.exe
windows7-x64
1KIWI CE V3...ss.exe
windows10-2004-x64
1Analysis
-
max time kernel
63s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
29-04-2024 14:12
Behavioral task
behavioral1
Sample
KIWI CE V3/!FIXInj.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
KIWI CE V3/!FIXInj.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
KIWI CE V3/!Kiwi CE V3.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral4
Sample
KIWI CE V3/!Kiwi CE V3.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
KIWI CE V3/InjectFix.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
KIWI CE V3/InjectFix.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
KIWI CE V3/lua53/lua53/src/32.bat
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
KIWI CE V3/lua53/lua53/src/32.bat
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
KIWI CE V3/lua53/lua53/src/64.bat
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral10
Sample
KIWI CE V3/lua53/lua53/src/64.bat
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
KIWI CE V3/lua53/lua53/src/ldo.js
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral12
Sample
KIWI CE V3/lua53/lua53/src/ldo.js
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
KIWI CE V3/lua53/lua53/src/make_uname.bat
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
KIWI CE V3/lua53/lua53/src/make_uname.bat
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
KIWI CE V3/lua_extra/lua.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
KIWI CE V3/lua_extra/lua.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
KIWI CE V3/lua_extra/luac32.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral18
Sample
KIWI CE V3/lua_extra/luac32.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
KIWI CE V3/lua_extra/luac64.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
KIWI CE V3/lua_extra/luac64.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
KIWI CE V3/packfiles.bat
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
KIWI CE V3/packfiles.bat
Resource
win10v2004-20240419-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
KIWI CE V3/process.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral24
Sample
KIWI CE V3/process.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
General
-
Target
KIWI CE V3/!Kiwi CE V3.exe
-
Size
16.3MB
-
MD5
bfcedc7b86fff9e36e0889a8b321a3b1
-
SHA1
b0a6af2ce0580f1d629886ec26b1ffa4eab43d8f
-
SHA256
df2108aaa31cab9f7b965f7c1652a446693cb529c96ea852869c85e037c438b2
-
SHA512
0478733da658c4269abe0075c467b6f176cbefd7c4c188ef66c6d959dc5443ed94fa182e705b67682f33254c43f3e745e6b2cec2f877fade1f3f1ef3e4f6f5e6
-
SSDEEP
393216:y3Z8A06vEQ3ITvzx46SxiILGREuV3WjRI85:y3ZIzx46YNL6W9Ie
Malware Config
Signatures
-
Drops file in System32 directory 50 IoCs
description ioc Process File opened for modification C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\DDRAW.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL !Kiwi CE V3.exe File opened for modification C:\Windows\system32\DUI70.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\KERNELBASE.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\RPCRT4.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\wininet.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\CRYPTBASE.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\DUser.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\USP10.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\kernel32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\psapi.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\normaliz.DLL !Kiwi CE V3.exe File opened for modification C:\Windows\system32\USER32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\advapi32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\CFGMGR32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\dwmapi.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\oleaut32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\ole32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\wsock32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\uxtheme.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\msvcrt.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\shell32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\ws2_32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\msimg32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\SETUPAPI.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\NSI.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\winmm.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\explorerframe.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\GDI32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\opengl32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\GLU32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\MSCTF.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\CLBCatQ.DLL !Kiwi CE V3.exe File opened for modification C:\Windows\SYSTEM32\ntdll.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\DCIMAN32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\propsys.dll !Kiwi CE V3.exe File opened for modification C:\Windows\SYSTEM32\sechost.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\imm32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\comdlg32.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\LPK.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\DEVOBJ.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\hhctrl.ocx !Kiwi CE V3.exe File opened for modification C:\Windows\system32\iertutil.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\version.dll !Kiwi CE V3.exe File opened for modification C:\Windows\system32\SHLWAPI.dll !Kiwi CE V3.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll !Kiwi CE V3.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3068 !Kiwi CE V3.exe 3068 !Kiwi CE V3.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 3068 !Kiwi CE V3.exe Token: SeTcbPrivilege 3068 !Kiwi CE V3.exe Token: SeTcbPrivilege 3068 !Kiwi CE V3.exe Token: SeLoadDriverPrivilege 3068 !Kiwi CE V3.exe Token: SeCreateGlobalPrivilege 3068 !Kiwi CE V3.exe Token: SeLockMemoryPrivilege 3068 !Kiwi CE V3.exe Token: 33 3068 !Kiwi CE V3.exe Token: SeSecurityPrivilege 3068 !Kiwi CE V3.exe Token: SeTakeOwnershipPrivilege 3068 !Kiwi CE V3.exe Token: SeManageVolumePrivilege 3068 !Kiwi CE V3.exe Token: SeBackupPrivilege 3068 !Kiwi CE V3.exe Token: SeCreatePagefilePrivilege 3068 !Kiwi CE V3.exe Token: SeShutdownPrivilege 3068 !Kiwi CE V3.exe Token: SeRestorePrivilege 3068 !Kiwi CE V3.exe Token: 33 3068 !Kiwi CE V3.exe Token: SeIncBasePriorityPrivilege 3068 !Kiwi CE V3.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3068 !Kiwi CE V3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\KIWI CE V3\!Kiwi CE V3.exe"C:\Users\Admin\AppData\Local\Temp\KIWI CE V3\!Kiwi CE V3.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3068