Analysis
-
max time kernel
143s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 15:50
General
-
Target
2024-01-25_cf54fc1fcf9695bbcb56576934a887e4_mafia.exe
-
Size
468KB
-
MD5
cf54fc1fcf9695bbcb56576934a887e4
-
SHA1
862e6950320bf99e43a16f07cc784b90263be6f6
-
SHA256
9b9809600b3472bbeb29f4966fc99df18c2ac9716746f0ef6fcb429c793a80bf
-
SHA512
d0fb8f92a9340d855c890e64fd939edae34348657d1667cec07248c67ebd9ac129bfedf08cc995a2e595370552786c190564a109dd34ad5ed3662e65869e57fd
-
SSDEEP
12288:qO4rfItL8HG2L8KPmAUd2A6dVY1tFk4hwwhg7bWmeEVGL:qO4rQtGG48KPm7d2AY0txiumeEVGL
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_cf54fc1fcf9695bbcb56576934a887e4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_cf54fc1fcf9695bbcb56576934a887e4_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6C56.tmp"C:\Users\Admin\AppData\Local\Temp\6C56.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_cf54fc1fcf9695bbcb56576934a887e4_mafia.exe BCB71E878A11A9D180130D1AD28F9A76852A30573A203CFACEC59FC9A62417420AC78A4E661F756D0771E0296628B70F7F316100CEF0BFF78DFE60725A38F5892⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\6C56.tmpFilesize
468KB
MD5a65815358826296b052b0aa2c9b5e8f8
SHA18e244c0245bd5abbe5bd01d5edacd1a445ac1d9c
SHA256a0cd8969b06d6d9b29fca388b5b282391933b3e8966730bc16fd79c89108df8e
SHA512627a7d4ed0808ec56434290a05667bef86cf3d166bb5d6750fd0ad8a2c4b214b6261e6f8747ae184bbe1e991ccc0311ea588375abcc0ddb7f1b13b8359b1b932