Overview

overview

10

Static

static

3

2024-01-25...ia.exe

windows7-x64

7

2024-01-25...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_8e7b1936d575359c907ecea9825f3b30_mafia.exe

  • Size

    486KB

  • MD5

    8e7b1936d575359c907ecea9825f3b30

  • SHA1

    0944a8ec2d229beab245ee347387191c9b953fb2

  • SHA256

    d0cbfbfd4c33f649c5098282d19449b48531318b2ea786a7013ee082823da344

  • SHA512

    a7d4d94988b68117d3df42d055a6e3aac94573c3a6c93a36f4683ca94e87df6313f7e0af70b46196cc71b163e501747a7cf3a640e6528719d4ba5dd2167eb4aa

  • SSDEEP

    12288:3O4rfItL8HP2cb9c+F+Ka4FVocp7rKxUYXhW:3O4rQtGP2gplHocp3KxUYXhW

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_8e7b1936d575359c907ecea9825f3b30_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_8e7b1936d575359c907ecea9825f3b30_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3248
    • C:\Users\Admin\AppData\Local\Temp\824F.tmp
      "C:\Users\Admin\AppData\Local\Temp\824F.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_8e7b1936d575359c907ecea9825f3b30_mafia.exe 4F47409BBEF1A0C996585802680EA857A8F7FCE75C5E24CAD9D73860C3D42D271F96FC46E4F235DF524A2F59160384ABAAE106FCBEF133DD9F0FA57BF59FC26E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\824F.tmp
    Filesize

    486KB

    MD5

    6c8d43c4b1a040e9bbbba220afeaa1dd

    SHA1

    f24f3db96311468e1f30f3ce6cefb80042eb2828

    SHA256

    be2521b22dc01957d8140b7d96a4d574160e338801c7ac1bfd2f05bfef9d8d68

    SHA512

    1f25662252e472587965072dc657c0c36bd2d5832837dbae172813ecc810997a3bd7fd6178a587ffcd71d566e91171533eb150db2a08a29ecaa2bbec51b19c36

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\824F.tmp
    Filesize

    428KB

    MD5

    29a33a28b5f4fd86c2599d843bd1f02b

    SHA1

    9cdfd9079f1b75ca38b22a59be0b595cbc3d0ffe

    SHA256

    16219bdd5086c3e1be4e46badc8b39b0ea1686bbaa7b0cbebccb67136e9d90da

    SHA512

    ebffba3487657342b63a77b189467ab53db9ba8d8367704a7ea8a4afdb4046909ce70ef3fd61be2e4d255e669716d4f88aac9e3a81a7e6f7315939fd45aceaf8

    Download Submit