Analysis
-
max time kernel
139s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 17:36
General
-
Target
2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe
-
Size
384KB
-
MD5
b4715b39b9bfc74068291b3ee47d481e
-
SHA1
37057fc67738c9c453b71065e93f6dbba14cc8a7
-
SHA256
7d7b51f9e4ad6a2e7525a2b5ea7a081fc5a05091a38be2f9abc64ca65ab7f7b1
-
SHA512
6d83d2bc5fc9c17d431f67a4028adea1d4d4a3698757cec5b913ed86b2fc873bb1e13c4699aabecd2ea88934ff61e39e0bff134489af79101de5ab29e6117116
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHWlCPjFIc7SNZIX2zxxEisZ0gZ:Zm48gODxbzclemMwxiisZ0gZ
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4E3F.tmp"C:\Users\Admin\AppData\Local\Temp\4E3F.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-25_b4715b39b9bfc74068291b3ee47d481e_mafia.exe FF800E9FD03FF6AF3E263641BFF29F8D8257DB9BD3D48121677D5B567A2FB69C6A5E5034650A4AF26D4703520649EF269ED397933950845778BFC7B7DD130C782⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5b77118d0178777a3e02c36e24b6aebb0
SHA12c48fcd73b765c1e60a791b39626a3ab2a30edde
SHA2563a7a440b272c2cbc5780480e041cc07c6273bd851632d13fedf12f488f128d2c
SHA51279956bb457d239da6a4de268c0ebfb5d04f474cb9b97e6aae226126c9d1f97aff3e67db34c813722dfb6779f358e59a63faad2384ca6b14ceba425389a0e6079