Malware Analysis Report

2024-10-23 21:10

Sample ID 240125-v2jy1scefp
Target tmp
SHA256 f55ba30f85670ecf19bcb9a54a2faf3c5af09da22f55a498e5f370c2bdfa2105
Tags
kinsing loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f55ba30f85670ecf19bcb9a54a2faf3c5af09da22f55a498e5f370c2bdfa2105

Threat Level: Known bad

The file tmp was found to be: Known bad.

Malicious Activity Summary

kinsing loader

Kinsing

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-25 17:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-25 17:29

Reported

2024-01-25 17:31

Platform

win7-20231215-en

Max time kernel

118s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-25 17:29

Reported

2024-01-25 17:31

Platform

win10v2004-20231222-en

Max time kernel

91s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Kinsing

loader kinsing

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

N/A