Overview

overview

10

Static

static

3

28866aeeee...96.exe

windows7-x64

1

28866aeeee...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28866aeeee3377081ac0b841779e92c749357fa06cf842946c54432544cf0696.exe

  • Size

    1.6MB

  • MD5

    e26a57dc48f2ac48102f783fa152c49f

  • SHA1

    cc22c45017ea1e4c15472f751ee2f1df03eabb6d

  • SHA256

    28866aeeee3377081ac0b841779e92c749357fa06cf842946c54432544cf0696

  • SHA512

    e57ae9c4efb6175294e55f52d01f8a291dffe8fe8cb2b76af2598dbb6b71068fe88f4a128b5314f6fd4867bcefc0d8d018c20fb73edce3fd97c99d13cb9bbd99

  • SSDEEP

    49152:/e4skx6HWygF+1Z1OZrPnOOgMq6jfsLO:/e4F0HWygS1iUMq6sC

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28866aeeee3377081ac0b841779e92c749357fa06cf842946c54432544cf0696.exe
    "C:\Users\Admin\AppData\Local\Temp\28866aeeee3377081ac0b841779e92c749357fa06cf842946c54432544cf0696.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1504
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    1.3MB

    MD5

    8f2bdb0c323411d888858413e02c554c

    SHA1

    7066f9bf49459569fe1a1df218edc438e208d196

    SHA256

    8cfc772b91efd814a16c864debf36dbcd9b0dc90077df7693f94e2e203c9fbe1

    SHA512

    f43fb34c9e7ba0d235bf0a7277905a2f13e1385e5bcb451bc596f2959e22014abcbbc0b33235371f70171b5f5daefc90b25f9406281d99d02b03a578a7681d8f

    Download Submit
  • memory/748-13-0x0000000140000000-0x00000001401E9000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/748-16-0x0000000140000000-0x00000001401E9000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1504-0-0x0000000000400000-0x0000000000596000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1504-1-0x0000000000670000-0x00000000006D7000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1504-6-0x0000000000670000-0x00000000006D7000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1504-7-0x0000000000670000-0x00000000006D7000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1504-15-0x0000000000400000-0x0000000000596000-memory.dmp
    Filesize

    1.6MB

    Download