Overview

overview

10

Static

static

3

751b894bd7...8b.exe

windows7-x64

7

751b894bd7...8b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    751b894bd7388d3c08ff766e7c205b8b.exe

  • Size

    1.4MB

  • MD5

    751b894bd7388d3c08ff766e7c205b8b

  • SHA1

    e165945eb86812200b5f1b91e13ae00b16e041cf

  • SHA256

    8d605c6f77fc8fc86fad54cdd64405f1e2793b8ff1165f54e6e2858f4bd16201

  • SHA512

    aebc677097ba86540c31f9388f4640809427d80c35c07b7c4bfaa527ecf62add73b1b3b2eef9a4dd4f1ecd8227940bd81227376e674668a37a9dbdba28401bc8

  • SSDEEP

    24576:qKeyxTAJj7PZFK30B3I9ILWDdhV1uBKqu/PJCBrxF/1vvz6D4SF66X:qKeyRAwEB3w7DbuBK18xF/1vvz6D4E6i

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\751b894bd7388d3c08ff766e7c205b8b.exe
    "C:\Users\Admin\AppData\Local\Temp\751b894bd7388d3c08ff766e7c205b8b.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Program Files (x86)\xjprkj\akncyodadt.exe
      "C:\Program Files (x86)\xjprkj\akncyodadt.exe"
      2⤵
      • Executes dropped EXE
      PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\xjprkj\akncyodadt.exe
    Filesize

    1.4MB

    MD5

    0f765341c9bf69e5103ff0d8db96ffe4

    SHA1

    5061110b138e058c729b46b2744f7003daf6c0f1

    SHA256

    3d8e27d1f4d35be1e6bbf0cd3b0291f219c39e30781b654908736bfb5bf739df

    SHA512

    a4f9cf78581edbfd5cdb6b637a78bd2c31535c219170a88691d2b7a638534de3019acfdccba6f0ed098864ec2c7d2c702cfd4eed5edde4ca7f0d2e8d1b6d18fc

    Download Submit
  • memory/2412-0-0x0000000000400000-0x0000000000494000-memory.dmp
    Filesize

    592KB

    Download
  • memory/2412-1-0x0000000000400000-0x0000000000494000-memory.dmp
    Filesize

    592KB

    Download
  • memory/2412-6-0x0000000000400000-0x0000000000494000-memory.dmp
    Filesize

    592KB

    Download
  • memory/5112-7-0x0000000000400000-0x0000000000494000-memory.dmp
    Filesize

    592KB

    Download
  • memory/5112-8-0x0000000000400000-0x0000000000494000-memory.dmp
    Filesize

    592KB

    Download