Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 11:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
kiwiserverwebfox - despues de DSN.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
kiwiserverwebfox - despues de DSN.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
kiwiserverwebfox - despues de DSN.dll
-
Size
1.3MB
-
MD5
9dab291c28569935ff574affa9b27826
-
SHA1
ab4cc814929f08fb40841b30456c8419362f9fc6
-
SHA256
d89d568f194c9d7d56222a5a2cdf3ab21a3fdc3602fef3a223db7af337842067
-
SHA512
215209537bfbec32a299d4df0f3df84e3dccc72caf568f371926fd3e86243b87755136f5ee1fbd69a2db13c7419e74ebb5b9635630fbcceb2e6b10385c4238bc
-
SSDEEP
24576:wV2x1Hu4lPB5RfYumh/oDdMMH+GlSzEkeYSMJNECOPdL:wV2x1Hu4lPB5RfYumh/oDdMMH+GlSzE/
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1972 wrote to memory of 2520 1972 regsvr32.exe 28 PID 1972 wrote to memory of 2520 1972 regsvr32.exe 28 PID 1972 wrote to memory of 2520 1972 regsvr32.exe 28 PID 1972 wrote to memory of 2520 1972 regsvr32.exe 28 PID 1972 wrote to memory of 2520 1972 regsvr32.exe 28 PID 1972 wrote to memory of 2520 1972 regsvr32.exe 28 PID 1972 wrote to memory of 2520 1972 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\kiwiserverwebfox - despues de DSN.dll"1⤵
- Suspicious use of WriteProcessMemory
PID:1972 -
C:\Windows\SysWOW64\regsvr32.exe/s "C:\Users\Admin\AppData\Local\Temp\kiwiserverwebfox - despues de DSN.dll"2⤵PID:2520
-