201ad024aec65bff251565de0d5c366ddf9569b5a78820bd831a3764917b9c59

Analysis

max time kernel
91s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kiddions/KiddionsV2.exe
Size

8.3MB
MD5

8ff98e2147316eb4fd3cef7eaa9f24b7
SHA1

53baaae552a2b0d71c43623592685e8b7d33f522
SHA256

f0f11202a1ed2c0cfd3f697b8f928d77bd187b2911b186a5a095a9189a07afea
SHA512

de5efe8949507344db174975a40a2d3793108282cebd662f927c11382acb3e37634e2368131206920df4c7a430a408e878d900b12ddee91dbf7bdf6ec555ebe4
SSDEEP

196608:mrP12cEziRLjv+bhqNVoB8Ck5c7GpNlpq41J2Uavbk9qtlDfqWp:W7rL+9qz88Ck+7q3p91JnqfqWp

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2592	KiddionsV2.exe
2592	KiddionsV2.exe
2592	KiddionsV2.exe
2592	KiddionsV2.exe
2592	KiddionsV2.exe
2592	KiddionsV2.exe
2592	KiddionsV2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a4d9-72.dat	upx
behavioral1/memory/2592-74-0x000007FEF5B60000-0x000007FEF6238000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2592	2636	KiddionsV2.exe	30
PID 2636 wrote to memory of 2592	2636	KiddionsV2.exe	30
PID 2636 wrote to memory of 2592	2636	KiddionsV2.exe	30

C:\Users\Admin\AppData\Local\Temp\kiddions\KiddionsV2.exe
"C:\Users\Admin\AppData\Local\Temp\kiddions\KiddionsV2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Users\Admin\AppData\Local\Temp\kiddions\KiddionsV2.exe
  "C:\Users\Admin\AppData\Local\Temp\kiddions\KiddionsV2.exe"
  2⤵
  - Loads dropped DLL
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26362\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
f0c73f7454a5ce6fb8e3d795fdb0235d

SHA1
acdd6c5a359421d268b28ddf19d3bcb71f36c010

SHA256
2a59dd891533a028fae7a81e690e4c28c9074c2f327393fab17329affe53fd7b

SHA512
bd6cf4e37c3e7a1a3b36f42858af1b476f69caa4ba1fd836a7e32220e5eff7ccc811c903019560844af988a7c77cc41dc6216c0c949d8e04516a537da5821a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26362\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
7d4d4593b478b4357446c106b64e61f8

SHA1
8a4969c9e59d7a7485c8cc5723c037b20dea5c9d

SHA256
0a6e2224cde90a0d41926e8863f9956848ffbf19848e8855bd08953112afc801

SHA512
7bc9c473705ec98ba0c1da31c295937d97710cedefc660f6a5cb0512bae36ad23bebb2f6f14df7ce7f90ec3f817b02f577317fdd514560aab22cb0434d8e4e0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26362\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
1d75e7b9f68c23a195d408cf02248119

SHA1
62179fc9a949d238bb221d7c2f71ba7c1680184c

SHA256
67ebe168b7019627d68064043680674f9782fda7e30258748b29412c2b3d4c6b

SHA512
c2ee84a9aeac34f7b51426d12f87bb35d8c3238bb26a6e14f412ea485e5bd3b8fb5b1231323d4b089cf69d8180a38ddd7fd593cc52cbdf250125ad02d66eea9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26362\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
d6ad0f2652460f428c0e8fc40b6f6115

SHA1
1a5152871abc5cf3d4868a218de665105563775e

SHA256
4ef09fa6510eeebb4855b6f197b20a7a27b56368c63cc8a3d1014fa4231ab93a

SHA512
ceafeee932919bc002b111d6d67b7c249c85d30da35dfbcebd1f37db51e506ac161e4ee047ff8f7bf0d08da6a7f8b97e802224920bd058f8e790e6fa0ee48b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26362\api-ms-win-core-timezone-l1-1-0.dll

Filesize
19KB

MD5
eab486e4719b916cad05d64cd4e72e43

SHA1
876c256fb2aeb0b25a63c9ee87d79b7a3c157ead

SHA256
05fe96faa8429992520451f4317fbceba1b17716fa2caf44ddc92ede88ce509d

SHA512
c50c3e656cc28a2f4f6377ba24d126bdc248a3125dca490994f8cace0a4903e23346ae937bb5b0a333f7d39ece42665ae44fde2fd5600873489f3982151a0f5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26362\python312.dll

Filesize
1.8MB

MD5
2f1072ddd9a88629205e7434ed055b3e

SHA1
20da3188dabe3d5fa33b46bfe671e713e6fa3056

SHA256
d086257a6b36047f35202266c8eb8c1225163bd96b064d31b80f0dbe13da2acf

SHA512
d8dddc30733811ed9a9c4ae83ac8f3fc4d8ba3fa8051d95242fbd432fd5bf24122373ac5eea9fec78f0daf7c1133365f519a13cf3f105636da74820a00a25e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26362\ucrtbase.dll

Filesize
1021KB

MD5
4e326feeb3ebf1e3eb21eeb224345727

SHA1
f156a272dbc6695cc170b6091ef8cd41db7ba040

SHA256
3c60056371f82e4744185b6f2fa0c69042b1e78804685944132974dd13f3b6d9

SHA512
be9420a85c82eeee685e18913a7ff152fcead72a90ddcc2bcc8ab53a4a1743ae98f49354023c0a32b3a1d919bda64b5d455f6c3a49d4842bbba4aa37c1d05d67

Download Submit
memory/2592-74-0x000007FEF5B60000-0x000007FEF6238000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads