Overview

overview

10

Static

static

3

2024-01-25...uk.exe

windows7-x64

5

2024-01-25...uk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_98d7da39fafb24d903e8cf1d50408b9a_ryuk.exe

  • Size

    2.1MB

  • MD5

    98d7da39fafb24d903e8cf1d50408b9a

  • SHA1

    70e35c3e25b1fca399edb942f32fabc1f5dbe267

  • SHA256

    79ea36ef3757d6eb13e014f7339aa5ab4cc4a96fde15afbe470542d7d72e9586

  • SHA512

    345078ad218ab50abfff8d152cc7dc39d329ccd5002a49c425c2795807998c5805440b1c8eeaac22915bb1f8bb9598d183eb20f93b042aa73c11e28f95e74383

  • SSDEEP

    49152:ugp6n0bEQ0zm8zhNr6M4olFmOpmRS1fcTIzc+pFzz+/2fNR:cNm8zrCg1M+pFtFR

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_98d7da39fafb24d903e8cf1d50408b9a_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_98d7da39fafb24d903e8cf1d50408b9a_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3056-1-0x0000000140000000-0x0000000140229000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/3056-0-0x00000000001A0000-0x0000000000200000-memory.dmp
    Filesize

    384KB

    Download
  • memory/3056-10-0x00000000001A0000-0x0000000000200000-memory.dmp
    Filesize

    384KB

    Download
  • memory/3056-7-0x00000000001A0000-0x0000000000200000-memory.dmp
    Filesize

    384KB

    Download
  • memory/3056-12-0x0000000140000000-0x0000000140229000-memory.dmp
    Filesize

    2.2MB

    Download