Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2024-01-25...ia.exe

windows7-x64

7

2024-01-25...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    89s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 15:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_accae716ab53d878a75ef4f7069822dd_mafia.exe

  • Size

    468KB

  • MD5

    accae716ab53d878a75ef4f7069822dd

  • SHA1

    8ccd7d16695ee0ddec1acf6497f4383a37a1c71b

  • SHA256

    4d21a64e2ffaa4047163ea06b6233a4fa9131adaf592ff714e88278d738e3c8b

  • SHA512

    339c2c88cbd7174bf577e811d213a80cac8252e9ea13c8e89d01ff53b491063cbaaa2bcf7a37b231ce0fb6e52f6716911a18122f7881006b2dd3176feac59e90

  • SSDEEP

    12288:qO4rfItL8HGpA9QGikSKzRAx9Lpw0ru7bWmeEVGL:qO4rQtGGpA9QbuW1diumeEVGL

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_accae716ab53d878a75ef4f7069822dd_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_accae716ab53d878a75ef4f7069822dd_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Users\Admin\AppData\Local\Temp\4F78.tmp
      "C:\Users\Admin\AppData\Local\Temp\4F78.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_accae716ab53d878a75ef4f7069822dd_mafia.exe B514DC2980624438E3DE8AA3193387CBEF2879CDF532D662F6CCFE562E9C62637A8D37FD39648BEEAC48A07EE077EC078E01984849E9B86C7F7E0EF5347FDD06
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4F78.tmp
    Filesize

    468KB

    MD5

    45712dff0e11a25675a983577190ad0c

    SHA1

    ab32b3d7a7c85a34014b4c2ec87c29bff48e6986

    SHA256

    a2aef75aa5470152b2ec4ac59332bd30a4a66413bc3f5812968ac98d53146263

    SHA512

    b4ce4e3ce9843c623d6ee601212a850be59fc41a0a6b4b7b9fd1f2c64738bef9f31e580b8f45e4d7d08af355fd1f74637548d83101378f81b0e54efc692def65

    Download Submit