Overview

overview

10

Static

static

1

Cloudflare...64.msi

windows7-x64

6

Cloudflare...64.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    25-01-2024 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cloudflare_WARP_Release-x64.msi

  • Size

    108.3MB

  • MD5

    5f57c00031a58c5d30e5226e64e991c8

  • SHA1

    1380eea1e1dc7217d4879c6a59c9586a0790cf6f

  • SHA256

    02fb082aeea497f81a0944f5662853a34a97d6a3ea2806870aafb71cde22a3ee

  • SHA512

    1f7f6ec2e4fe3dfbadc5e91de8d00152829521bf7440e975f765445fdf27b061b320928e6e7812cefd0a6bda78ba1e66f00e8237290bf659e00bec201253f963

  • SSDEEP

    3145728:7gskdv4RghBUtn4iEu19Od0wBpoxDlkfhbw1:k7x4R0+iiD19s04g+

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Cloudflare_WARP_Release-x64.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4204
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads