Overview

overview

10

Static

static

3

74ee13f7ec...28.exe

windows7-x64

1

74ee13f7ec...28.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74ee13f7ec4865bf8b36e9a27bce7228.exe

  • Size

    385KB

  • MD5

    74ee13f7ec4865bf8b36e9a27bce7228

  • SHA1

    4792ddfb9f9f74b5d352e4d609af096d2fd02ec8

  • SHA256

    14acefa72d83dcd433357ddd2457d3d9b27aaaca78553dfe46aeb0da2b29e336

  • SHA512

    d35ec830bf7cef2bc346556d7f7f89b5694d2722951bda94b715355642070d986100589c12e16800d8c0d9c02eb0d3a60a8bdca787d6d913246471158c221d1c

  • SSDEEP

    12288:jde79813dOjMP1xPujLWScJQ+ZXKU3V5p0aoYB:j951V7SwQ+J3TwYB

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74ee13f7ec4865bf8b36e9a27bce7228.exe
    "C:\Users\Admin\AppData\Local\Temp\74ee13f7ec4865bf8b36e9a27bce7228.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Users\Admin\AppData\Local\Temp\74ee13f7ec4865bf8b36e9a27bce7228.exe
      C:\Users\Admin\AppData\Local\Temp\74ee13f7ec4865bf8b36e9a27bce7228.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\74ee13f7ec4865bf8b36e9a27bce7228.exe
    Filesize

    385KB

    MD5

    e391b35a5a82a788abe4b94d8ff8b2c9

    SHA1

    ccb8f9b25ecd9c03df1c6745dec146be8cbec64a

    SHA256

    3c43c8b40242b7a4c6f61c0f3fbddb287978ee32af71631f526474b507c03199

    SHA512

    adc145378a69c4e12225a92ad8c813f9d5b31bcf5f7d73d1023de4e65ec339a6e8a915cb9f5a60c2d5fd1823363d6dcdbed97965fa0876cc6b51a46b9f7d086c

    Download Submit
  • memory/784-0-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/784-1-0x00000000014D0000-0x0000000001536000-memory.dmp
    Filesize

    408KB

    Download
  • memory/784-2-0x0000000000400000-0x000000000045F000-memory.dmp
    Filesize

    380KB

    Download
  • memory/784-11-0x0000000000400000-0x000000000045F000-memory.dmp
    Filesize

    380KB

    Download
  • memory/2428-16-0x0000000001600000-0x0000000001666000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2428-14-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2428-20-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/2428-22-0x0000000004F00000-0x0000000004F5F000-memory.dmp
    Filesize

    380KB

    Download
  • memory/2428-32-0x0000000000400000-0x000000000040E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2428-37-0x0000000000400000-0x000000000040E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/2428-38-0x000000000C620000-0x000000000C65C000-memory.dmp
    Filesize

    240KB

    Download