kinsing | cbc44755ece5a72f74149c40c7a6505d51f291c166a7276589856c77f1d4b6eb | Triage

Analysis

max time kernel
139s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:34

Sharing

Report Analysis Logs

General

Target

751b6f04d1752a8c0a754c6f2074bda5.lnk
Size

856B
MD5

751b6f04d1752a8c0a754c6f2074bda5
SHA1

11c2bd6d08ee404fc742f8c8fcd02f01ebb0dffc
SHA256

cbc44755ece5a72f74149c40c7a6505d51f291c166a7276589856c77f1d4b6eb
SHA512

e21cec0af64c1811d3029a0ad926bcc240d039edea249b2378f5a756a1925e82c91b57e8714d03f598f0b5e3495307f8b0609aa47ab7527751b8c9d6fd73ccf6

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

cmd.exe

pid process

1608 cmd.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\751b6f04d1752a8c0a754c6f2074bda5.lnk
1⤵
- Suspicious use of FindShellTrayWindow
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...