Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25-01-2024 15:32
General
-
Target
2024-01-25_4b13ce7cc71a490b10a6b6733a73df31_mafia.exe
-
Size
479KB
-
MD5
4b13ce7cc71a490b10a6b6733a73df31
-
SHA1
4bd22156288ff4bc9da7ee9592afc1058860bae3
-
SHA256
c52b713e1a3b83756e2ec07d26d707d9ea7cb3c7fa6ad3ed8a752fa16a59f2b5
-
SHA512
6d1c6ad2ffb7af04fb28c1693c2660d0ffcbd8b0c6065123219b925b88a6d51107d2e9030e76c2ff2a180847e043b174461644f69a0efa6ad58e6706576230ea
-
SSDEEP
12288:bO4rfItL8HApB35hNqAo0CsJiHKZM/uDvQIJ75UO:bO4rQtGAr3jvo0tJiHKZ94MVUO
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_4b13ce7cc71a490b10a6b6733a73df31_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_4b13ce7cc71a490b10a6b6733a73df31_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4517.tmp"C:\Users\Admin\AppData\Local\Temp\4517.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_4b13ce7cc71a490b10a6b6733a73df31_mafia.exe BD5CBFE415AC5F31E5FBC965B1586960FF2E40E49318F3B4C3FCEBF957D2147FDB9D2ED55BB811A152866D3506A899473C1C9E7A6B190164EC7BB98DD07A2A7F2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\4517.tmpFilesize
479KB
MD5f7263819c9382800d32c333d64a5990b
SHA1120fcc457411fde0d6d5c9456f5b76665797b950
SHA25634d87e055df43cd0e9f8911b02faa63ada114141086fba420a655d5805c3c4e3
SHA512b118c9bae898f6c28ce1e1a4d0363eb28be323104b790b7a01c11e0b38935625c694022c1c2e84d4f883d96e1e8500b05d327bbb8c3a5198571e790b439dbb08