Analysis
-
max time kernel
101s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25-01-2024 16:02
General
-
Target
tmperxm73dr.exe
-
Size
12KB
-
MD5
83dd5287d978f55bcef28ea792565858
-
SHA1
dc763dc35e8444fb5f3b22db2adb86413dd7fc09
-
SHA256
cebdd43547cad62d146a612856a18e92545e92dcbc8c9dd6940a6ab270aa41b5
-
SHA512
8eeaa7dd80a765bee6f4ed698964f0b92d14ab84d43b3a298b0bb58b7b9338f8f82d418500ac67d8067bf081eb11e3feb97c24b92f92b4b6cb43cbe6b6b80c2d
-
SSDEEP
192:M2Pv10CrU8RNLoYL1RNoXPJioK86qh7x758J9L8YimVM6+/ve4gNhD:ZPvVjz52Pj16qJx7+9LfJipjgNh
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmperxm73dr.exe"C:\Users\Admin\AppData\Local\Temp\tmperxm73dr.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4300-0-0x00007FF819730000-0x00007FF81A0D1000-memory.dmpFilesize
9.6MB
-
memory/4300-1-0x0000000000BF0000-0x0000000000C00000-memory.dmpFilesize
64KB
-
memory/4300-2-0x00007FF819730000-0x00007FF81A0D1000-memory.dmpFilesize
9.6MB
-
memory/4300-3-0x000000001C830000-0x000000001CCFE000-memory.dmpFilesize
4.8MB
-
memory/4300-4-0x000000001CDA0000-0x000000001CE3C000-memory.dmpFilesize
624KB
-
memory/4300-5-0x00007FF819730000-0x00007FF81A0D1000-memory.dmpFilesize
9.6MB
-
memory/4300-6-0x0000000000BF0000-0x0000000000C00000-memory.dmpFilesize
64KB
-
memory/4300-7-0x00007FF819730000-0x00007FF81A0D1000-memory.dmpFilesize
9.6MB