Overview

overview

10

Static

static

3

drdivx2-2.0.1-b3.exe

windows7-x64

7

drdivx2-2.0.1-b3.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

10

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

10

$R0.dll

windows7-x64

1

$R0.dll

windows10-2004-x64

10

安装说明.url

windows7-x64

1

安装说明.url

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    drdivx2-2.0.1-b3.exe

  • Size

    3.8MB

  • MD5

    84ff716ffec57072db7c675970036a09

  • SHA1

    b321a081cd8bc69f6e218bf776ac35e772b9af6b

  • SHA256

    466905e88c78ba532c3f9ca6be4fe8e44840b3ac6e46df5132950ea07e3552f7

  • SHA512

    af3f5bd6b8d1269e43ed895748377908f9a5689c5f5911cba1b787890b2a5188d0594cf91c8c336d6541e4287669ed7d811024eb511e0bb12ac03972f1376633

  • SSDEEP

    98304:QZVwNE0Fr2oyVkCT/WdZlAaoo0qKR583So1hZVYF0X+j8oeD+CCCdn:ZN7r2bauWdb70qKR58Cglpuj8SCCE

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\drdivx2-2.0.1-b3.exe
    "C:\Users\Admin\AppData\Local\Temp\drdivx2-2.0.1-b3.exe"
    1⤵
    • Loads dropped DLL
    PID:4996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy126.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    83304a78d2b6ea45ea8404f4cd78721f

    SHA1

    d5c5d19653c751c08579dd094bcc9fef1841af00

    SHA256

    92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

    SHA512

    94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsy126.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    83c5a8e90cd10cb31a9215eb4421341f

    SHA1

    52ddbbfa955936f87516c52b2bb679a6b4363e22

    SHA256

    da006773e11871b8834036c30acab8fabcce2c9e9f52bb2b425f947bdf33f7c6

    SHA512

    46c20fd762a643028f3c4287ed3dbd762bc1cd17ee5ad1d90cbad23f15901fbab14b726d7f3e45eeb370fb6a2ee5268a2e9ebaae7ab6067c855361d24fc806a4

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsy126.tmp\SplashScreen.ini
    Filesize

    154B

    MD5

    4612b3d4d23f35b3aba250ec393b03ef

    SHA1

    9f78e14c0ecdd5396d386bc9c84b746745363ac7

    SHA256

    fc40704e16de729aa9b481575b10f66b0107bb4a90d6597d64ed0c32d135e168

    SHA512

    4fa7705066e6d76afdbd09ebf81df47310bb364c93797dfb2701d8b6314f1122d405afe86dc08dd8a462a3949f2853dec91afc1b164c92d902ec6b3f0dbbef69

    Download Submit