Overview

overview

10

Static

static

1

message (2).eml

windows7-x64

5

message (2).eml

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    message (2).eml

  • Size

    5KB

  • MD5

    ee9ed75383c431a6064df34eff8d43e6

  • SHA1

    d0085d1bec1afcdf2240f8f4051a7e298bba3d29

  • SHA256

    10c38be3bffb1c10aa3798f10eba606902a0f117815c0ca3299293150859d43f

  • SHA512

    8667200aa003a73e2ad09db4c8f901fc71084300d3f46035fa7aea7c30c889517a3304d4a3ccef77bddc83a3d0501d2ca88135c3b6c2d6e122676a927e3ff31d

  • SSDEEP

    96:oD4IOtlnn2xdDB1qnHcOAnYUZAJJQ/F7zYI1Ej5n0Vmra7kTvWzk:oEZ4tBkrgGS/F7Wt0adTvR

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\message (2).eml"
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:2256
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads