Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 15:38
General
-
Target
2024-01-25_7ef1c6c1868a0543a2b4b2244d228aba_mafia.exe
-
Size
479KB
-
MD5
7ef1c6c1868a0543a2b4b2244d228aba
-
SHA1
920181badb77e14884e551cba813d96da56f6010
-
SHA256
2b8b9b07e0e6ee074f6f4f9bb8bab7ba81fd5da22834618df8af13124c28816c
-
SHA512
4f45cb93af92049d6aef9a21382f5ddcda70da368c14a7c2327eba3a661b9a0736a98030a702526922d9cc214c785bbe1791c616cce0c1dd81f3dfd1ba1e961f
-
SSDEEP
12288:bO4rfItL8HA5tetqlOJSExTtJq3wnW37JlgUaa75UO:bO4rQtGA5VOpTMh37LgUaaVUO
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_7ef1c6c1868a0543a2b4b2244d228aba_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_7ef1c6c1868a0543a2b4b2244d228aba_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6FC1.tmp"C:\Users\Admin\AppData\Local\Temp\6FC1.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_7ef1c6c1868a0543a2b4b2244d228aba_mafia.exe DB7A2E0C092C31DFCAFA8F86FB899CEA034B80B5B0F774A1A372ACB3B3A128FBEB95754F87BF8F43073EE811985F8B03A5F5F0A5B8D701223AB0CF22C8DCD94E2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\6FC1.tmpFilesize
479KB
MD51a5bcb1ccdf2b9797c12a12c0fca2a98
SHA163958b39edd070922310d4af60c7a959510127eb
SHA25662d6ff2944f1c679207f628a3c857df6002fbdc583d3d6d257337c82377c38a1
SHA51221f45da9306864cdf6d6694e45f7d15d7f3b6cce3db6c68b7451d409267a4007dffd8e7f00a51ebc04bd06fbf90bda13b4521e280fee38c19bc2cbcb334f6b36