kinsing | cab5eb46a11d8a95a682fbaad2671166315b302e9df02fa7b576659bb07dd0ea

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74fdda4a76f11d157f9fdb17e6923802.exe
Size

88KB
MD5

74fdda4a76f11d157f9fdb17e6923802
SHA1

56661a50fbd238af9be343a201d31109beb428cb
SHA256

cab5eb46a11d8a95a682fbaad2671166315b302e9df02fa7b576659bb07dd0ea
SHA512

3294a0b1addf4735bbab39871b0672f905ac98a63a292f0a3663fbdda46532fe3981cec2afdcebdcc3d818b1741bdf607a370102846e85a482e603f4b80bb756
SSDEEP

1536:smqOzQmQwq+IcIjq5fcxsurqq6Qca7gQBLWwTL9NnC5OLgDaG52kMYgJsR9d:tzVQwnI1skqqjcacQZWwTL9Nn0OLgDac

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

74fdda4a76f11d157f9fdb17e6923802.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation	74fdda4a76f11d157f9fdb17e6923802.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\74fdda4a76f11d157f9fdb17e6923802.exe
"C:\Users\Admin\AppData\Local\Temp\74fdda4a76f11d157f9fdb17e6923802.exe"
1⤵
- Checks computer location settings
PID:4384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\test.exe
Filesize
15B

MD5
5ba1fd6c92b8732f07b7e18ef8958ff5

SHA1
59aa97523d7da88f723463cd53036bcb71758d65

SHA256
88a2a33269c6699da8da7c736965b21a88f4b687d3f739d55258296322d21f15

SHA512
e331d1e52e67f3609fb5e7c181f0d61d71c15e023225cf7e561917f3350a319597e60fadb1d51d75ba642076bf2490fbe1faa02a428cfed5d3fbd56fe0c3df4d

Download Submit
memory/4384-13-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download