Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 15:53
General
-
Target
2024-01-25_e7d367c5c4961ac8efaf42489c0ae6c9_mafia.exe
-
Size
479KB
-
MD5
e7d367c5c4961ac8efaf42489c0ae6c9
-
SHA1
9a9a71d03c7f55e2b3c77b73de717bcd593d8184
-
SHA256
3fcb4edce19efdce7b77c1131570490326b9a91f06566b162703c5f54f0aac33
-
SHA512
48c384c9bb2e918b6a37bc7e18389a00d6515b4df226874ffc3ac1a7b12cfb475973e0b49c2039fc9e46465b3872e17187d35ce46307425d1ebeaf2ba6483291
-
SSDEEP
12288:bO4rfItL8HA6DynexxZgIgOKv8/CRIdE9maQGVu75UO:bO4rQtGA6pSIgO1qysQGVuVUO
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_e7d367c5c4961ac8efaf42489c0ae6c9_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_e7d367c5c4961ac8efaf42489c0ae6c9_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4759.tmp"C:\Users\Admin\AppData\Local\Temp\4759.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_e7d367c5c4961ac8efaf42489c0ae6c9_mafia.exe C45B7D7A195A9C3A7F6AD774B033748B00D4B9798D0D850F9D5DF8D9BBD00225F6B242038D09D82C2DDB4CE4BAE52ED4B052570FB22DBD19AE9A3E905A98E3C42⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\4759.tmpFilesize
479KB
MD518672c467052024909408ad5e64b754f
SHA137a6ee7c7093f7efc42479145bdc1794aa49646f
SHA256447a9fabca6101b7f1a696220d0d96fb4bfc89c63360bf1d194a247e91d45b5e
SHA512721ffe12196d2a1b5d91387b9f0b4e54c10b45fe81e00f6396933d574db2657b784a5c658b67366c4a0071b80de44d77b297bb4b72fd9a31cb0ff6cba6e22c46