Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:33

General

  • Target

    751abbc5a0f05d1b820100cb82287e01.exe

  • Size

    3.3MB

  • MD5

    751abbc5a0f05d1b820100cb82287e01

  • SHA1

    6ca1803f032645ccadee25198bc6426e7699def9

  • SHA256

    b484d80a99b9fcd1f060955d2ee645c2a3ad04ad7c51f29121ba28b21e524557

  • SHA512

    1634e4a48d4cefade4c2e39669ff2805ec98993976651562ad5541ee187ae0d19f931de9963a5a43984633b7ebcbdfd33c1c84e757b879ae50fcdddc36625372

  • SSDEEP

    98304:leo85rX27B2nUTRUDMVHiJy5ORUxkye6BRWLyDlb:lZHdaeUII8OYR

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\751abbc5a0f05d1b820100cb82287e01.exe
    "C:\Users\Admin\AppData\Local\Temp\751abbc5a0f05d1b820100cb82287e01.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram C:\Arquivos de programas\Windows32.exe RPC
      2⤵
      • Modifies Windows Firewall
      PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2792-0-0x0000000000F60000-0x0000000000F61000-memory.dmp

    Filesize

    4KB

  • memory/2792-2-0x0000000000F60000-0x0000000000F61000-memory.dmp

    Filesize

    4KB