Analysis
-
max time kernel
142s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 15:41
General
-
Target
2024-01-25_8ba2147338c5dbfc554251e793cd8f7a_mafia.exe
-
Size
428KB
-
MD5
8ba2147338c5dbfc554251e793cd8f7a
-
SHA1
2037e42dc95375e8f0dae160fbb58950e02326a1
-
SHA256
82d4b045f699fd1bd1d199f17734eb223bfaadf8cfc6c8ddd18eb6184b169b99
-
SHA512
180f1c31f09ac77562176873e4679ee98b985db7017271b6d2893ed58cebf3527f9549c4ae2a45d08a307cc70a51aadd7dc9bcde8b2f94d295a5334680d05624
-
SSDEEP
12288:Z594+AcL4tBekiuKzEr7LN/3tUO5zX1t70EEDGCS3LOl:BL4tBekiuVrIO5zXgEnJi
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_8ba2147338c5dbfc554251e793cd8f7a_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_8ba2147338c5dbfc554251e793cd8f7a_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\A122.tmp"C:\Users\Admin\AppData\Local\Temp\A122.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_8ba2147338c5dbfc554251e793cd8f7a_mafia.exe 911B610109828A8DEB7F15C80585BFC7F4E24C33FFDEA8AB1745BE48210967A9505A275564B690BFCDA43CC06EE380712BF9D18898A94D3F0F87FD036E5034FE2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\A122.tmpFilesize
428KB
MD5c59f146d529ce18984fcf7e42f5ada14
SHA1bcbe6b40bcadbcb24fc5ccbb5b93c64c17937d75
SHA256619efda9ad5bc8500ae54db3afeadb5aa3aba773f56368c16b9c148e5660827b
SHA512f2fa6699f96b853fec87fc6fab155def3083aaa8560857c82aa92d8f9296859d960aad84c3de6076e7b7bf553640f1907cd7ce5a4b0bd6d60815f39e348e4422