Overview

overview

10

Static

static

7

750fc1e956...96.exe

windows7-x64

7

750fc1e956...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    750fc1e9564d60b5c828375a9fc3ad96.exe

  • Size

    133KB

  • MD5

    750fc1e9564d60b5c828375a9fc3ad96

  • SHA1

    53283f0e09c78f995f5dd99a12988fb23f4cbf54

  • SHA256

    17f59059ae0e742931a9d320e3a42c0237fc224b64eec4d653d3b5fa255d5d59

  • SHA512

    0c377a519ed8c19d96412a6ee6efc7c9da9919776fef20d848b1cd5b59d2aaf0e167d9b814479992c95cab3c5802917a2d27eececefbf2f6ff59abf2875ad1d1

  • SSDEEP

    1536:SKcR4mjD9r823FGHiTsNmkYAuiaT3EPGV6TFvTZBUPBn9zqwd6qbjFQ4veUx3Nw6:SKcWmjRrz39wNmnYB1KPNR7BPwscAvX

Score
10/10
kinsingloaderpersistencespywarestealerupx

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\750fc1e9564d60b5c828375a9fc3ad96.exe
    "C:\Users\Admin\AppData\Local\Temp\750fc1e9564d60b5c828375a9fc3ad96.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:516
    • C:\Users\Admin\AppData\Local\Temp\YoAT5XUe1unn2mG.exe
      C:\Users\Admin\AppData\Local\Temp\YoAT5XUe1unn2mG.exe
      2⤵
      • Executes dropped EXE
      PID:4416
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    352KB

    MD5

    eed2b535513e4414b835b8aa120a02d2

    SHA1

    451d903ded800e838c9282417d6359b1aa045a75

    SHA256

    c853a5be2b321bf01a1a72a314afaba5884a432520c7a8729e397aadee098209

    SHA512

    2a727c21a2fa6b9ba7f240e23ab23de592d6db223d26c8f3ec6e0b30177468c930d1f4cf186b40e6863be7658885399023738e6a288c388e35716235e4c3fd58

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\YoAT5XUe1unn2mG.exe
    Filesize

    103KB

    MD5

    6e5a78d1702531b72ef60b5fae57a752

    SHA1

    0ce7e1172989a55d9cc07e204af0b00b22d2ea7c

    SHA256

    a00a877acefcad45953343ad56a22152f7aaba5fcf2a10215d84169d47fbcd1d

    SHA512

    23b3094d77f876b6ff9286aea1f5e61bb6909f2b66abda02be21862956712fc33ed241a0d40d0f30aa52eecb240b139468606cffa4e11ee87b6b27bd05d8f0a3

    Download Submit
  • C:\Windows\CTS.exe
    Filesize

    29KB

    MD5

    70aa23c9229741a9b52e5ce388a883ac

    SHA1

    b42683e21e13de3f71db26635954d992ebe7119e

    SHA256

    9d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2

    SHA512

    be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5

    Download Submit
  • memory/516-0-0x0000000000390000-0x00000000003A7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/516-8-0x0000000000390000-0x00000000003A7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/4764-9-0x0000000000F30000-0x0000000000F47000-memory.dmp
    Filesize

    92KB

    Download