Analysis
-
max time kernel
91s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25-01-2024 15:42
General
-
Target
2024-01-25_8fe2a4be916d351252c72fd4cb679b61_mafia.exe
-
Size
443KB
-
MD5
8fe2a4be916d351252c72fd4cb679b61
-
SHA1
199ea83a8d7951055375664e4b6fefb4cb5b5ded
-
SHA256
2921a4fbf332d91feb82c8ad173316501b84dfdb490c655f09ea10db3e50957a
-
SHA512
63df2420e3c11f7f2014d45b6aa89c0b591af5a6c44d0cf77a5cc8d7a2b736f5db6c6362342d60a87e582e11ac7d6aa790d36773d75802ec75a3607aefd10edb
-
SSDEEP
12288:Wq4w/ekieZgU6pAa2/vk88InZc9zKNlMa:Wq4w/ekieH6pApv38InZcZOP
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_8fe2a4be916d351252c72fd4cb679b61_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_8fe2a4be916d351252c72fd4cb679b61_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\47D6.tmp"C:\Users\Admin\AppData\Local\Temp\47D6.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_8fe2a4be916d351252c72fd4cb679b61_mafia.exe CEA63F5F35A297A3F9633DCAA4091FCCB61E4EB8295F1555B62A6E9C26E0F5A6DA4AAA8E77D18DEE487B5CC86800E1E4576FDE97D36CF0DCEF9A5A7FCE19A25C2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\47D6.tmpFilesize
443KB
MD54a4e3218d9800e02b04d361b73f5541c
SHA1a0bc2fb117235690dd60f1efd7d3e7ad8a745546
SHA2562c600858179f68fb45f78ae407f9e906aac50f9b9809d04650de62a665a082bc
SHA5124d149ad36cee1366c7cf350b081a0a4a89a4448ffca09296b39980518efa0012b5c3b674f894b0f3b093f68825bda3968b26bccaf153f1c9eb0be27e9c58b479