Analysis
-
max time kernel
93s -
max time network
205s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15-09-2024 08:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
wanakiwi.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
28 signatures
300 seconds
Behavioral task
behavioral2
Sample
wanakiwi.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
300 seconds
General
-
Target
wanakiwi.exe
-
Size
770KB
-
MD5
7a1e8f601cbf8d88f77f0a5b69498763
-
SHA1
4d5c0c0d507f0a2ed2a830eac84d45f98dc6a935
-
SHA256
6a1f0ff9bf79c8a4d4209f441db87ed7f160b049ba130673e92ce9af142ffd6b
-
SHA512
18d29ed47f7a84113cfd7444ba4ac365456601be990f072e10c55d5da15ea43113025163f6d4248336cf456fa802d6a8c6d0927b878831dde5af0d9d8344c502
-
SSDEEP
12288:uVxSbrvynJLlZZgiCHCvLmUaNCU9KgJa0H07c4kJul:SxSbrvynBBve9CkAp
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wanakiwi.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe 4512 wanakiwi.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4512 wanakiwi.exe