Analysis
-
max time kernel
151s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14-06-2023 18:28
Behavioral task
behavioral1
Sample
KinnFMS.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
KinnFMS.exe
Resource
win10v2004-20230220-en
General
-
Target
KinnFMS.exe
-
Size
2.0MB
-
MD5
6c26d9bb63361601be7c893bedbd0c7b
-
SHA1
309786fdd909b1e93b9363c71e81798cd56ea1ef
-
SHA256
fe0d20b2db88c55aa42f20e2a44ccd2416700d6916c0adb2f7172623e64ade0a
-
SHA512
7212efd5efdfb83c2be159277bf765d41d3784307737a5ac541a3948bf9df85dcb284327c13080b01d43ad23008b8f550b72b5304e034b6d0797678120ab3c81
-
SSDEEP
49152:IAqZLZsMEIAvzfncHIjaUcgePHrXI+p2hgQoi3y5:Ib6vjncHIjSgePHz5eT3
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
KinnFMS.exepid process 1728 KinnFMS.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
KinnFMS.exepid process 1728 KinnFMS.exe 1728 KinnFMS.exe 1728 KinnFMS.exe 1728 KinnFMS.exe 1728 KinnFMS.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\KinnFMS.INIFilesize
23B
MD504604e1740b346a548b7ffcef8ab4acb
SHA1f9e8b60d1ae00a2493596f76669ad4aa89b24d74
SHA256d70a3ca1df05bb09fa0be85cadc634836c0334b069fbd0f7c817ed93eadd35b1
SHA5127196c2bd43bad33f354f8ee1e26f94244a10776e521a665aa9f0288554edc911159331179efa71411adc23ce4fb64de961f3221917befa8aab85d7f46f61abf8
-
memory/1728-54-0x0000000000400000-0x0000000000D0D000-memory.dmpFilesize
9.1MB
-
memory/1728-55-0x0000000000400000-0x0000000000D0D000-memory.dmpFilesize
9.1MB
-
memory/1728-56-0x0000000000400000-0x0000000000D0D000-memory.dmpFilesize
9.1MB
-
memory/1728-57-0x0000000000400000-0x0000000000D0D000-memory.dmpFilesize
9.1MB
-
memory/1728-58-0x0000000000400000-0x0000000000D0D000-memory.dmpFilesize
9.1MB
-
memory/1728-59-0x0000000000260000-0x0000000000261000-memory.dmpFilesize
4KB
-
memory/1728-192-0x0000000000400000-0x0000000000D0D000-memory.dmpFilesize
9.1MB
-
memory/1728-193-0x0000000000260000-0x0000000000261000-memory.dmpFilesize
4KB