Overview

overview

10

Static

static

3

Palworld_0.1.2.0.exe

windows7-x64

7

Palworld_0.1.2.0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Palworld_0.1.2.0.exe

  • Size

    1.8MB

  • MD5

    a54ca6afa4c942162ff41803719537f0

  • SHA1

    3252a867a4c6c2622fec6a11dc8310b851ec97a5

  • SHA256

    7d4b7a47dae660ee06d4bb012162fc939c224f0fd15846e0d317175ad1487e32

  • SHA512

    059247140fbdb8b6d5088392758e55d515a484c629bb65762881a8af78785fca680e0e5c7013ad43a7ab2818d4304910b7b44f224e04db582b881b0d9c8ba774

  • SSDEEP

    24576:Y4nXubIQGyxbPV0db26eEMzRVIkyuwygzt18FvyF2PnJSw2+kpSsBKUxqK4JJqrZ:Yqe3f6hZthB6E2xX2+JskUxq1JJdzu

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Palworld_0.1.2.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Palworld_0.1.2.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\Users\Admin\AppData\Local\Temp\is-5ENIH.tmp\Palworld_0.1.2.0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5ENIH.tmp\Palworld_0.1.2.0.tmp" /SL5="$D0184,896512,0,C:\Users\Admin\AppData\Local\Temp\Palworld_0.1.2.0.exe"
      2⤵
      • Executes dropped EXE
      PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-5ENIH.tmp\Palworld_0.1.2.0.tmp
    Filesize

    1.9MB

    MD5

    fdca7ac056544e8332283a47f0c02f2e

    SHA1

    573424f3eff76b5d6d76c6da7e6d6c31644dd44d

    SHA256

    9e64f3bbe446e06155d4ec10a8cc0273165edda8b0a63d8a97c27bc2c81e0451

    SHA512

    6fd4e81ef18da1a4389b9c1f6293f84250603a357c0644d527d6e0fdbe4d625125c0f1d5da7ed8d2c295c07b264cfaf41e37186f2a5f5f0ee525df41df43c597

    Download Submit
  • memory/1164-6-0x0000000000A40000-0x0000000000A41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1164-9-0x0000000000400000-0x0000000000722000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1164-12-0x0000000000A40000-0x0000000000A41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1820-2-0x0000000000400000-0x00000000004E8000-memory.dmp
    Filesize

    928KB

    Download
  • memory/1820-0-0x0000000000400000-0x00000000004E8000-memory.dmp
    Filesize

    928KB

    Download
  • memory/1820-8-0x0000000000400000-0x00000000004E8000-memory.dmp
    Filesize

    928KB

    Download