Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25-01-2024 16:42
General
-
Target
2024-01-25_4a71aa67d2648f36c72f5089b1deb323_mafia.exe
-
Size
414KB
-
MD5
4a71aa67d2648f36c72f5089b1deb323
-
SHA1
6aeef6113d1a0cc94437eb24ed37a2af49442fcc
-
SHA256
8ce8230346042343bfd0aa98b525a104fada1e47b782d4ee14ffc575f571cfc2
-
SHA512
8cfa119c117b9dc42c015e7482cb850cf3aeba788cfe06d77fc64ff520c076cf200c823ec206549444300b3aaf2bd40d77622eb81a15b0fc89c1078ffed5dd4e
-
SSDEEP
12288:Wq4w/ekieZgU6O6rbn+rrQ2aF2uE/OtjKlx:Wq4w/ekieH6N7+vQ9Wr
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_4a71aa67d2648f36c72f5089b1deb323_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_4a71aa67d2648f36c72f5089b1deb323_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\51F8.tmp"C:\Users\Admin\AppData\Local\Temp\51F8.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_4a71aa67d2648f36c72f5089b1deb323_mafia.exe 8DF83B98385A367099F6EF186EAC7E4CA81E805D788D7D89879FAB8804EF1A77B1477FCC05E9BA8758EDDDA3C89FFF6247FAF0D1B9EDA3D11FA6951F983EEC432⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\51F8.tmpFilesize
414KB
MD5ea5b91854cb6a68dad908696bd9664b1
SHA1b909d43dc829c7beabf5e743fcb49ef98625f029
SHA256177e214a8dae5f3bcf4e075e6a9a6bde00f05ed3346515a653877c25347e1c9e
SHA512b13dcc49e71b8d95eae4bfa1b3379d854f985f5189e4f3cc10dec79a4c1ba4619000211e0f32e391f8e0f5f59c1ac40508148679ec10ad8926a9a52052ddb6e7