Overview

overview

10

Static

static

3

7517694d1c...38.exe

windows7-x64

7

7517694d1c...38.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7517694d1c3b35c29a6697f8191d1238.exe

  • Size

    1.9MB

  • MD5

    7517694d1c3b35c29a6697f8191d1238

  • SHA1

    26bf2594f37d6ae36ae4ddaaebb58d0cbfbdf963

  • SHA256

    72e43bc7e8edbb66ca72febda92eaa2496a38fb1679ba816f1a402f305c5d631

  • SHA512

    93bbba7f5bb7f34afa83c2cd5d2f8afcd38491b56559e41ec4ff04b33838ecc894b6825d334e75cc45ff00210c8d5530877d7b43b7388dc4def4787046234425

  • SSDEEP

    49152:Qoa1taC070dCJr3Ls/+9KUhZdYqWwKPMbxi0:Qoa1taC0/B7W+9KUhZdYjX8

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7517694d1c3b35c29a6697f8191d1238.exe
    "C:\Users\Admin\AppData\Local\Temp\7517694d1c3b35c29a6697f8191d1238.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4748
    • C:\Users\Admin\AppData\Local\Temp\F1A3.tmp
      "C:\Users\Admin\AppData\Local\Temp\F1A3.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7517694d1c3b35c29a6697f8191d1238.exe F7053D6B6C9A4901FBF155A15E89C51E77F1D31684E13C688EA90D4AFE8F9791A4ED9F7FD3B9EB6F1865DD53A7A0E13DBB02B6A92B820BC608D7329D994F61F9
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\F1A3.tmp
    Filesize

    1.9MB

    MD5

    764e25301b1214ff2e24acddb0fd9996

    SHA1

    e2419e98fab9a671ddc92cd8a5c24d413724bae4

    SHA256

    68d589b6bea238a843d0b551a5991f73c9b3baa535208aae9cb34e7aac8c8968

    SHA512

    f3267ba40c3830763f9ea6175690f6f0c5c73ddbb2aa66f677fb31dac7133eb0eca7f13fa235b96e8ef4f0e0c7de26232ebf541b1513a07ea4d45418f61110b3

    Download Submit
  • memory/2620-5-0x0000000000400000-0x00000000005E6000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/4748-0-0x0000000000400000-0x00000000005E6000-memory.dmp
    Filesize

    1.9MB

    Download