Overview

overview

3

Static

static

3

Kiwi-X-Ext...-X.zip

windows7-x64

1

Kiwi-X-Ext...-X.zip

windows10-2004-x64

1

Kiwi-X-Ext...lt.cfg

windows7-x64

3

Kiwi-X-Ext...lt.cfg

windows10-2004-x64

3

Kiwi-X-Ext...ML.dll

windows7-x64

1

Kiwi-X-Ext...ML.dll

windows10-2004-x64

1

Kiwi-X-Ext...al.exe

windows7-x64

1

Kiwi-X-Ext...al.exe

windows10-2004-x64

1

Kiwi-X-Ext...al.exe

windows7-x64

1

Kiwi-X-Ext...al.exe

windows10-2004-x64

3

Kiwi-X-Ext...g.json

windows7-x64

3

Kiwi-X-Ext...g.json

windows10-2004-x64

3

Kiwi-X-Ext...ay.cfg

windows7-x64

3

Kiwi-X-Ext...ay.cfg

windows10-2004-x64

3

Kiwi-X-Ext...DME.md

windows7-x64

3

Kiwi-X-Ext...DME.md

windows10-2004-x64

3

Kiwi-X-Ext...me.dll

windows7-x64

1

Kiwi-X-Ext...me.dll

windows10-2004-x64

1

Kiwi-X-Ext...me.lib

windows7-x64

3

Kiwi-X-Ext...me.lib

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Kiwi-X-External-Kiwi-X/Default.cfg

  • Size

    257B

  • MD5

    feb5bc5a9216c55659a8cb3c144eb46d

  • SHA1

    36b4333ca73104623c0c763a0f3d013de3a239b8

  • SHA256

    954d4eaa4bf3d20a80eb60505e6ef3f502de7293ea719da86857a18a7a882ffd

  • SHA512

    5df5a454b3e10e8072adb8813f4c6fc22c738b7fffc81374c541b8dc4f7f5e651cbfa2003b1be045c2b2fe66030885c2a564f575e238ce296aba355dc4f60563

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Kiwi-X-External-Kiwi-X\Default.cfg
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Kiwi-X-External-Kiwi-X\Default.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Kiwi-X-External-Kiwi-X\Default.cfg"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    bc2d4c69e58f208330d7e0deec744738

    SHA1

    0c04637d5b19807b34f8fd2b247958151b6361cb

    SHA256

    1d117ad76f0e8c1f755f0f32ac0241c0d989bfee31cab65b3679b6767ebf9cbc

    SHA512

    15ab4de9f5f2f350debf192e6187c36a93f88bc777109e791c1140241b33580b933a4166ad33265b1e57bbbafe427a3900a07208ed6f804e50d951b652613769

    Download Submit