7868bcad5d6fb3605a31d72a474de560168986869a8af73ce0d5c5b4ef362504 | Triage

Analysis

max time kernel
39s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2024 07:08

Sharing

Report Analysis Logs

General

Target

Kiwi.exe
Size

1.4MB
MD5

9fbcb78bd23ae2c25a8ca4c0389a34c5
SHA1

72b05e65bde2521c817a305bc735a4adadd750f8
SHA256

7868bcad5d6fb3605a31d72a474de560168986869a8af73ce0d5c5b4ef362504
SHA512

54abcdcf35448ca86a74043ec03afa21864a7f50b80753a6c9992b1b3b24281651db785891881525b1ba24f1dfb2b592d5468c20f8c1a94d28d52d82c1f00ccd
SSDEEP

24576:VyUZWuMKkf2pWH+0bPCKoWwAQbWmhzDXGI2MiyXWkkxo:tk3PfQbWmhXXGIRXW

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3160	Kiwi.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 668	3160	Kiwi.exe	7
PID 3160 wrote to memory of 668	3160	Kiwi.exe	7

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Kiwi.exe
"C:\Users\Admin\AppData\Local\Temp\Kiwi.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads