Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 17:27
General
-
Target
7517ac4bbdde7bd77fe83fe6af2b2657.exe
-
Size
412KB
-
MD5
7517ac4bbdde7bd77fe83fe6af2b2657
-
SHA1
da89c51abd0eed3afa21fc09b33313edea8a4aa6
-
SHA256
f17ad2d39f922fa8f2f888954e6783349afbdaa205f60318cfec4561e1d9fc9d
-
SHA512
e15c49dab3bd5fb97981891569071e543b555c9f21d9c2e3be5a88b17e4b42feae1492390b32542f782f5e603863cc155ffecb9a5118a83f5a2cb0f6e161de00
-
SSDEEP
6144:g7f6p0X4qumAxSRLnoPhL20gKc1ilJPZNkCLNr3Kr/u2x58uncuCKWYyYCcFV4ry:Pp06UI9gKcaLLSdCKqYCemfxDIz
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Drops file in Drivers directory 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7517ac4bbdde7bd77fe83fe6af2b2657.exe"C:\Users\Admin\AppData\Local\Temp\7517ac4bbdde7bd77fe83fe6af2b2657.exe"1⤵
- Drops file in Drivers directory
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\program files\Realplayer\application\make.exe"c:\program files\Realplayer\application\make.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Realplayer\application\make.exeFilesize
412KB
MD5ec5cfe12beb54a371b18c98e7234902c
SHA16bd6fc3a3c01e97ba35c0c3582b802af791136ac
SHA25680a14f6948ba211d54eb9112b984b3971d6969d168d52723a48d3db5644be55c
SHA5124b7e36128d98bb7308aedc3e2100c8deb1e13dc15c8e25d4b0d13dc1ab5534d08b52a2eed67dbfcea72012ea50edb803558c9f847f2ed623ca5b19b48c6bb9d5