Analysis
-
max time kernel
91s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 16:31
General
-
Target
2024-01-25_37f3aabe720a5d8a36fa8d50f06441b2_mafia.exe
-
Size
476KB
-
MD5
37f3aabe720a5d8a36fa8d50f06441b2
-
SHA1
a8f6df76c46ea2629644cfb21213667b9a961829
-
SHA256
798ad29ebed8924172b4b21512c47e3d912d455f8ef468d9e38327bd345f7cc1
-
SHA512
8e7b9e2f29357c8ddee88fefb6f2662a87ab701b882751a867a333b2a130987b67590f64bb7a4baf2d7756b7adb0d81396d521eb2dd8f64362b10f0304ac0e84
-
SSDEEP
12288:aO4rfItL8HRxtcB13qSpHO9pel9lvxaO7K9wlsDpVFd:aO4rQtGRxtcHqS80vD+9wlsDpVFd
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_37f3aabe720a5d8a36fa8d50f06441b2_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_37f3aabe720a5d8a36fa8d50f06441b2_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\42F4.tmp"C:\Users\Admin\AppData\Local\Temp\42F4.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_37f3aabe720a5d8a36fa8d50f06441b2_mafia.exe 745F1DF17649534B8D8AD1582C134F3C759A0D6F75C80E15B071461D9D654FFBF8331AB69D84138C210D2EAE82B53BE19A9E4D3C9C16EFCBC57E0E3E7E5E8FD52⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\42F4.tmpFilesize
476KB
MD5fe255172a5265886317cc77b48083c16
SHA146fb43f79bb88fbc631a4b85f76088abd3b463f9
SHA256c3bb92a97d88a2357f12ee15c8caba229a153c6827dc9118865d9a735a7afadb
SHA512acc3519c73be11f2a8a1b7d4c240abab9afaeca394dda8cb5a7f915ae37a6ade5ebbf516f0ee90af6c5050cc8040fbfd2f45d4f9ff64dcba915ce45f6591ab96