Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 11:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
kiwiserverwebfox - despues de DSN.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
kiwiserverwebfox - despues de DSN.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
kiwiserverwebfox - despues de DSN.dll
-
Size
1.3MB
-
MD5
9dab291c28569935ff574affa9b27826
-
SHA1
ab4cc814929f08fb40841b30456c8419362f9fc6
-
SHA256
d89d568f194c9d7d56222a5a2cdf3ab21a3fdc3602fef3a223db7af337842067
-
SHA512
215209537bfbec32a299d4df0f3df84e3dccc72caf568f371926fd3e86243b87755136f5ee1fbd69a2db13c7419e74ebb5b9635630fbcceb2e6b10385c4238bc
-
SSDEEP
24576:wV2x1Hu4lPB5RfYumh/oDdMMH+GlSzEkeYSMJNECOPdL:wV2x1Hu4lPB5RfYumh/oDdMMH+GlSzE/
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4352 wrote to memory of 3020 4352 regsvr32.exe 81 PID 4352 wrote to memory of 3020 4352 regsvr32.exe 81 PID 4352 wrote to memory of 3020 4352 regsvr32.exe 81
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\kiwiserverwebfox - despues de DSN.dll"1⤵
- Suspicious use of WriteProcessMemory
PID:4352 -
C:\Windows\SysWOW64\regsvr32.exe/s "C:\Users\Admin\AppData\Local\Temp\kiwiserverwebfox - despues de DSN.dll"2⤵PID:3020
-