Overview

overview

10

Static

static

3

4899397070...cc.exe

windows7-x64

6

4899397070...cc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4899397070cb1ff124ff7457b43e872fd6c3d06d854bfffb4d8cdc112f9db6cc.exe

  • Size

    26KB

  • MD5

    f2cd6007528300a8009ed1a42b1c2e95

  • SHA1

    94050956f9e353a5f9046945d7319cca5b312abe

  • SHA256

    4899397070cb1ff124ff7457b43e872fd6c3d06d854bfffb4d8cdc112f9db6cc

  • SHA512

    284a090449cc06f5eb0394431b213c6e8958a8fe5c884b89c7ab259c3f5fc9be84d024479d85603c05dc1d3801441e1a8a394963573a9b4ef0025acff61d136d

  • SSDEEP

    768:61ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:8fgLdQAQfcfymN

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4899397070cb1ff124ff7457b43e872fd6c3d06d854bfffb4d8cdc112f9db6cc.exe
    "C:\Users\Admin\AppData\Local\Temp\4899397070cb1ff124ff7457b43e872fd6c3d06d854bfffb4d8cdc112f9db6cc.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4512
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        3⤵
          PID:3944
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:3436

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        251KB

        MD5

        56e508339984e36e9c97830b83585181

        SHA1

        afd30df8b41553d9d7ef18f576ee7ef18ced4452

        SHA256

        22c6e725220677df66e6d50263bcb238c7142f816725af54c371bc55975379bd

        SHA512

        6f4a7833fc4800b835ad4c1f5ddbf1955ba5df930cc63f3dfcf7664d2915accd384c0353a0290e5d3389b1500a118007d8270ff3092769e7afb261001702bcef

        Download Submit

      • C:\Program Files\dotnet\dotnet.exe
        Filesize

        165KB

        MD5

        e3802a43bc1898362010b4c7d9677a92

        SHA1

        90032ba39b656afed50b7082ad916548d6dd5e33

        SHA256

        dbd95cfd04c7d28f06208822092844550fcd281d1178e27b0968b4e74e39b1c8

        SHA512

        1386257692c7e6773d01437466e202917c5c0bbcc0a6fa4effd60d2441045934cf57f4b1c3d6f604b6160b111a775ef0567c378f8efed83dcab620c173c43b36

        Download Submit

      • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        Filesize

        481KB

        MD5

        1db5b390daa2d070657fbdb4f5d2cc55

        SHA1

        77e633e49df484b827080753514cc376749b0ceb

        SHA256

        d5fbaf5c0d8e313d4dad23b28cac4256c5dbed6ab3b0d797e2971f30c5e095ad

        SHA512

        68aa0152f5aae79a146c1813915fd16ec5454b285bd1781370923f97d6c147d53684192f7f4161e5c1a340959ec432ecaac127b0abe7d08f70c387e08ee4f617

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-3803511929-1339359695-2191195476-1000\_desktop.ini
        Filesize

        9B

        MD5

        17dd96321b176e3561b64c6ca18fcc3e

        SHA1

        eeeb96d6ade3aae107d13dee64261ae3abe01ca9

        SHA256

        eea67eaefd0090abf13b8b67f5d4692e6d8364edb3627775a60c6d67962187e0

        SHA512

        d7cb68c3d7da341df9c36b5e778876fee0df4e60d546e0c6af1994a4dfae20ca576dc879d5f4f311b38cc780411aa905d347857e11b6c099282ff7cc8be1fe36

        Download Submit

      • memory/1996-27-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-23-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-0-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-18-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-988-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-1151-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-1491-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-12-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-4702-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1996-5-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download