Overview

overview

10

Static

static

3

2024-01-25...ia.exe

windows7-x64

7

2024-01-25...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_ab9d1c0d98fbff2fa8fefd8d3697444d_mafia.exe

  • Size

    476KB

  • MD5

    ab9d1c0d98fbff2fa8fefd8d3697444d

  • SHA1

    c3454b95ca04dde5f2037c676c824a01ab329247

  • SHA256

    8895dbea4ec06906292f2d8ba3973f96b4cfa51fa4c4a73b76a229c1885abd7e

  • SHA512

    63d7e0a8dac29cae8a51c828b82205138c08d804db27896e5c97bdc82b90453e9d75ae855efab9ae6eeda9c4bac44b26c2375cacfce1983e3622991e92b5fcaa

  • SSDEEP

    12288:aO4rfItL8HRWorFv9SPskAmb3J9zPsitI7K9wlsDpVFd:aO4rQtGRWoBvERAmTXzPRK+9wlsDpVFd

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_ab9d1c0d98fbff2fa8fefd8d3697444d_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ab9d1c0d98fbff2fa8fefd8d3697444d_mafia.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3892
    • C:\Users\Admin\AppData\Local\Temp\71C5.tmp
      "C:\Users\Admin\AppData\Local\Temp\71C5.tmp" --helpC:\Users\Admin\AppData\Local\Temp\2024-01-25_ab9d1c0d98fbff2fa8fefd8d3697444d_mafia.exe C09B7ADEB262848AB613A4E07109E8505ACDED3061309E4CC3574FD28DACFA93675AC895539898796ED743A360EF0E338C15F8B8E81E865265121A8349625FA1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\71C5.tmp
    Filesize

    476KB

    MD5

    4244c15725404a98b61a2b23d778d875

    SHA1

    f39d1d191505075b3fbc8c339c4b4629050bc3f2

    SHA256

    316bf4fcf4b8d7acdd899760a373cee50a6594d984c8c84de9f74c4644510783

    SHA512

    71068405268b9ba91b138d54b202a40103ec95346e0b0bbaf8180ae326531ecdd218084823441d123a7a1c80dc9d1c1ca0c7af222a47e357da78d51b7ffd6d6c

    Download Submit