Analysis
-
max time kernel
142s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 15:50
General
-
Target
2024-01-25_d11a721d2e7ff43b4e201e31561cf3ff_mafia.exe
-
Size
486KB
-
MD5
d11a721d2e7ff43b4e201e31561cf3ff
-
SHA1
e2721ea2bdcfcacfbfadd2e77b4dcc1b2d4a2077
-
SHA256
4c3ff9c740e5b7af1d9fb91ae4c57938fa9878b7da152c90cc2210ab77c44a3d
-
SHA512
7041efa40a64806d280bcf9761baf4983d7ce98451dcb34310c7328175ca35d7bde66467cb6014922e6e277f6c501f765d290431a5e11ac26f4a7fa317f36239
-
SSDEEP
12288:3O4rfItL8HPLKkyFjrw8Akll5V7rKxUYXhW:3O4rQtGPGkwk8P5V3KxUYXhW
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d11a721d2e7ff43b4e201e31561cf3ff_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_d11a721d2e7ff43b4e201e31561cf3ff_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\87BE.tmp"C:\Users\Admin\AppData\Local\Temp\87BE.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_d11a721d2e7ff43b4e201e31561cf3ff_mafia.exe 7F488455DBB8911A2633530AB00D4D8E85BD84999F0E46734E9DFD2F190F2AACB4E98C389987FD683CED51DE16DCB5C032D7A5719ECEA22271A27A5A18949DEA2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\87BE.tmpFilesize
486KB
MD5e89ce5d2ab87fb696438062f16e6dd21
SHA1eb48f61d5f89bed3ea0aa6e94fef74f3ce28c0cd
SHA2567b838734de1ffb39d336cd93132cf7ac5635bd4929f97c0772c1d16d872b0570
SHA512fcdd206e965c72c009a92a9866eb808a1be66423fb483fc28708a3e2d9a184208b2dcc00d1ff2fb0fd99214e65fc2b4f56a40a5910b16b4511bb74e4c4f7a5e8