Analysis
-
max time kernel
96s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25-01-2024 15:52
General
-
Target
2024-01-25_e17d89c8a82507d43b6bc95cc9d70b2f_mafia.exe
-
Size
476KB
-
MD5
e17d89c8a82507d43b6bc95cc9d70b2f
-
SHA1
4349a65552c6a8176477958d855e9906cb5a293a
-
SHA256
2e605bf4f1c2a3637fae222e35126a6b5f6965577cca309cfbf19a3bda80282e
-
SHA512
aab62b8b6b68670735732463ab2504e472ca7daead7a4792b842a1e1cb9a6b90c96ceeb91b1949f742df1c34a48b3593d6d5114c4b165033c56791976afc9f55
-
SSDEEP
12288:aO4rfItL8HRs44/vqWMebTrH7xReHZxYUgq7K9wlsDpVFd:aO4rQtGRCvLMebTr1wjjgq+9wlsDpVFd
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_e17d89c8a82507d43b6bc95cc9d70b2f_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_e17d89c8a82507d43b6bc95cc9d70b2f_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\41AC.tmp"C:\Users\Admin\AppData\Local\Temp\41AC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_e17d89c8a82507d43b6bc95cc9d70b2f_mafia.exe 26E55ED9947FCF4CFF2B789C89D803ADE37CCB5AD0C3C0FB4463AE84A9923240F4AB46FC330D54E01A57191EE8590E9B3FC4195B0BD9E15EB78C16E434C64A6A2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\41AC.tmpFilesize
476KB
MD5bba763c6b2d4b6682bea7dffabb7ab78
SHA1d87a36e523f2949b78f7e65e4815902e4e21aedc
SHA256d962af3c25f9e0539980b84ab047b00ae8cb83eb0b973c248b89c43b1e7c1fd0
SHA51237a44ca338ee20e1392bb21fc1cd4af69f5f2835c77a41dbae0055fe190c88ffd9bc7115168c2ba5f022d756ecbda2b1f401468a007d00e284cfeb9f2b3d6db9