Overview

overview

10

Static

static

3

0e07d5a472...a6.exe

windows7-x64

1

0e07d5a472...a6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e07d5a472de258c39b1c89ea60829d8faf9e289694ee23aa16b6464009beca6.exe

  • Size

    1.3MB

  • MD5

    59fbf759f16dd7663a492939956e152f

  • SHA1

    ae4977a735634c1bdd248fd4ab993086860f25ec

  • SHA256

    0e07d5a472de258c39b1c89ea60829d8faf9e289694ee23aa16b6464009beca6

  • SHA512

    f868cf23d31671c50563412d75f2e2dd90eb8cd87716846168771d7c3dff955ff7a4270526ce2855eb72eb7789db36e46fc4be46f36381aa5e022142ca0e7186

  • SSDEEP

    12288:J4eOI3B+aJvSj6kfVrlo2rby2xYAa/gP8inwfPSXFXkVYVLcZE/:Sej3BHvSHfMqGAYAaoOfeUSLOo

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e07d5a472de258c39b1c89ea60829d8faf9e289694ee23aa16b6464009beca6.exe
    "C:\Users\Admin\AppData\Local\Temp\0e07d5a472de258c39b1c89ea60829d8faf9e289694ee23aa16b6464009beca6.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1296
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:3680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    72KB

    MD5

    0a8217125080605ef80ceac95b09b7cc

    SHA1

    0ed6d097eddb0132810b76c3d28906588cb86db6

    SHA256

    bccf18f171f31118c0e88a07052c8ec45ef8acb0e880b83c34453e32924e49d4

    SHA512

    a8d83fe6616c3daa10c28b61983a360e43b0aa0e46743a241685da0e2d0417db118ab76f1338402a35a6105eb5a1d5d1542e83960ac3dc215f87eb18c08f9e22

    Download Submit
  • memory/1296-0-0x0000000000400000-0x00000000005F6000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1296-6-0x00000000008C0000-0x0000000000927000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1296-1-0x00000000008C0000-0x0000000000927000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1296-7-0x00000000008C0000-0x0000000000927000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1296-13-0x0000000000400000-0x00000000005F6000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/3680-15-0x0000000140000000-0x00000001401E9000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/3680-16-0x0000000140000000-0x00000001401E9000-memory.dmp
    Filesize

    1.9MB

    Download