Overview

overview

10

Static

static

3

74ee07e8c3...fa.exe

windows7-x64

7

74ee07e8c3...fa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74ee07e8c3d31f9c19db520fa767fefa.exe

  • Size

    72KB

  • MD5

    74ee07e8c3d31f9c19db520fa767fefa

  • SHA1

    f5ef3a6d93961399e1030738239fcb0f9bdaaa9e

  • SHA256

    b7ebb9d5356830be5c1aa87fde192e3096776c9dc7916f63b9756e300a84de62

  • SHA512

    0705a5758bce58414945557c6f228d33f92c51b8d542824749c35f440f6c1896b30132a3c101b4ee88ffe12eb6b61eed0e66f91729173c3da1c1a379dcdd79fc

  • SSDEEP

    768:/L+bL0dtaki8sQpvsWhJA2DDgZumooiszPeBItv8P5+l+S9C:/4ma+sQpvsPuDgZ5ooFDeBIZ8x+l+KC

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74ee07e8c3d31f9c19db520fa767fefa.exe
    "C:\Users\Admin\AppData\Local\Temp\74ee07e8c3d31f9c19db520fa767fefa.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\reg.exe
      reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32" /v wavemapper /t reg_sz /d "msaom32.drv" /f
      2⤵
        PID:5052
      • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
        C:\Users\Admin\AppData\Local\Temp\servicesc.exe 74ee07e8c3d31f9c19db520fa767fefa.exe
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2960

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
      Filesize

      28KB

      MD5

      d5e5cf7d25a9efd10833ebdf2e18048f

      SHA1

      a05c3eb3ba2426f0c3c4e8f7fd9fa5f2c75ed91b

      SHA256

      1a965dc6a9768bb9ffce3cca6dd79ac93d9fe30dd3a8208f9f369fa99d809bd7

      SHA512

      ba4bf57291b94bc0faa6b796bc0a5446afceab324fca9136124e2f2be58ee754fbe61240409bfd423e7c0939edb7587a6d43d36c83c6a9375a2f8f2eff223708

      Download Submit