Overview

overview

10

Static

static

3

74f42c6a3b...84.exe

windows7-x64

7

74f42c6a3b...84.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74f42c6a3baa806243b8f0c9155e2b84.exe

  • Size

    82KB

  • MD5

    74f42c6a3baa806243b8f0c9155e2b84

  • SHA1

    41aa7d0b4e0f2e2108e402ff41c0f651f45253f2

  • SHA256

    86aae9883aa73e79cb571f3eff548f3c31f225db13a01b0a9f8de92c7a384c9b

  • SHA512

    2e99d1b53e81a62bb200461781ce74e2fa6ee154bd8c24cfb2eb154ad2ac205ef2865dd48bb3e0f78b1999c034bbfaf016d57bacaa467cd3bba7b4c9631a86b2

  • SSDEEP

    1536:Q13X0P/eR9hYpfQgUSr+5djCbkQhn5YPphNolGKv:Q1nE3US65lCbT+hhGos

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe
    "C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe
      C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\74f42c6a3baa806243b8f0c9155e2b84.exe
    Filesize

    82KB

    MD5

    3876dc34a7eac6ddbb23139241763139

    SHA1

    566a995771a689589b36e982885c9bf5bd976491

    SHA256

    31826913c5df5d20638113c04484b34db78529bbb486aa04da325175172dd321

    SHA512

    3e8e78fa3b5bf89f8365995e11aa0a04c1f7da48b22003a3e571d1d9e9d9edf66104cffac0dbf7738c43d7036eea894477ec5729d1e563851820a78ebd150b5d

    Download Submit
  • memory/1896-13-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1896-25-0x00000000014F0000-0x000000000150B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/1896-20-0x0000000000400000-0x000000000040E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1896-16-0x00000000001C0000-0x00000000001EF000-memory.dmp
    Filesize

    188KB

    Download
  • memory/3172-0-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/3172-1-0x00000000001C0000-0x00000000001EF000-memory.dmp
    Filesize

    188KB

    Download
  • memory/3172-11-0x0000000000400000-0x000000000041B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/3172-2-0x0000000000400000-0x000000000041B000-memory.dmp
    Filesize

    108KB

    Download