Analysis
-
max time kernel
139s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 15:51
General
-
Target
2024-01-25_d8bb1b2795acdaa5142bf49e4ccb9c69_mafia.exe
-
Size
486KB
-
MD5
d8bb1b2795acdaa5142bf49e4ccb9c69
-
SHA1
25cca7921d7387dc3292b82e0c7f3cd1e8300e6d
-
SHA256
9de031a929f8b34f20bd53bab2261f8947a47bfeed1e45bddb9271f4f05eecc9
-
SHA512
75cf397fc927d0ce87e5df4476f4e6f7c911bd02c11c30e0e88b3c9cfce4262034ae778e9bc7421dd73bf42e4e3be151e45e85b8f7337506ccb919630ab9e20b
-
SSDEEP
12288:3O4rfItL8HPCIzXLDRT5OTvml8CK7rKxUYXhW:3O4rQtGPCQLDRT5OqyCK3KxUYXhW
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d8bb1b2795acdaa5142bf49e4ccb9c69_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_d8bb1b2795acdaa5142bf49e4ccb9c69_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7B4A.tmp"C:\Users\Admin\AppData\Local\Temp\7B4A.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_d8bb1b2795acdaa5142bf49e4ccb9c69_mafia.exe 3AC244625F3B8A0EE3B331A3DFC855BF83DBD2C93EE173ABF0142B5B0581CAE875A4F051222619F4815451AD67F0993D31E78ECD82DDA96B2A58B1A9AC8B5AE52⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\7B4A.tmpFilesize
486KB
MD58d51db94a61e4e475d6fc1f11b39adbd
SHA11bfb4106624c609ee93c695269293118d810a895
SHA256c0e5795cdb1dbdac79ec940527e44dcc7ae854758c3816b4de49d359e9ca0494
SHA5120bdeee29b4cb2c0714c11259e063173f5eb7a115fb6f7ce1fb705c154da304c769c52a76a3a0e5e872d0646693e6eceae48ea18fa83592b52a7211d24c6c8010