kinsing | 0254c6ccdc4030d81e563ffc16efe1f89bffc1bb92ab0b43d74b8516cfaa3868

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 17:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sorteado!!.com.exe
Size

30KB
MD5

e355f8895da5c1de6d0251ad57b9dc70
SHA1

69578eaa573347b82a8df00a3a841d0964231254
SHA256

0254c6ccdc4030d81e563ffc16efe1f89bffc1bb92ab0b43d74b8516cfaa3868
SHA512

7952f8c08b6c79f7b9f0f0a2e84a1af54c45af74beee36f8fba929956ca2f4cc9e89832ea5556483142c4761c8c2395f0133a65985e1284fdb87573c164316d9
SSDEEP

384:9MgRgl6cN8yWpuULHo0Nu7kcRfL+D/dKHSlGDhu8YfUwYaVIUPfWRSwWpC1uYFz0:tcNI9vu7kIG/GSlGDhLa2QC1uYki9y

Score

10^/10

kinsing loader persistence

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MsnMsgr = "C:\\Windows\\MsnMsgrs.exe -alev"	sorteado!!.com.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\Canaval2004!.jpg.pif	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\msinfo\fr-fr\multas.pif	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\office16\vadias peladas!!.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\de-de\caspa.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\fr-fr\puteiros!!.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\ResidentEvil2.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\comoserrico!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\Canaval2004!.jpg.pif	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\he-il\multas.pif	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\msinfo\Canaval2004!.jpg.pif	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\msinfo\rede globo tv!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\cs-cz\caspa.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\es-mx\minhavida!.zip.exe	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\he-il\Carnaval em Salvador!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\lt-lt\importante!!!!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\pl-pl\clica ai logo meu.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\pl\caspa.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.0\fr\importante!!!!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\en-us\minhavida!.zip.exe	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\ro-ro\comoserrico!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\vsto\10.0\1033\minhavida!.zip.exe	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\et-ee\celulares!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\pt-pt\vota!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\zh-cn\traficoemSP!.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\celulares!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.0\cs\multas.pif	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.0\de\comoserrico!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\es-es\importante!!!!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\el-gr\rocha.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\languagemodel\vida!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\cs\comoserrico!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\bg-bg\importante!!!!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\main\importante!!!!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\textconv\rede globo tv!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\clicktorun\comoserrico!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\pl-pl\vota!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\tr-tr\cafe!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\triedit\barrio.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.0\zh-hans\aninha gatinha!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\nb-no\barrio.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\msinfo\vadias peladas!!.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\vsto\aninha gatinha!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\zh-hant\caspa.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\paula!.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\et-ee\rede globo tv!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\aninha gatinha!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\stationery\caspa.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\zh-hant\aninha gatinha!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\ar-sa\VivaNaBaia!.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.0\de\caspa.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\zh-hans\traficoemSP!.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\pt-pt\rede globo tv!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\vsto\10.0\aninha gatinha!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\ar-sa\cafe!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\ko\Canaval2004!.jpg.pif	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.0\comoserrico!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\da-dk\Canaval2004!.jpg.pif	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\es-es\comoserrico!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\et-ee\cafe!!.zip.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\es\MulataDandoOcujpg.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\pt-br\minhavida!.zip.exe	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\8.0.0\tr\paula!.scr	sorteado!!.com.exe
File created	\??\c:\program files\common files\microsoft shared\ink\clica ai logo meu.scr	sorteado!!.com.exe
File created	\??\c:\program files\dotnet\shared\microsoft.windowsdesktop.app\6.0.25\fr\minhavida!.zip.exe	sorteado!!.com.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\vaca.zip	sorteado!!.com.exe
File created	C:\Windows\flipe.zip	sorteado!!.com.exe
File created	C:\Windows\MsnMsgrs.exe	sorteado!!.com.exe
File opened for modification	C:\Windows\MsnMsgrs.exe	sorteado!!.com.exe
File created	C:\Windows\voce.zip	sorteado!!.com.exe
File created	C:\Windows\agua!.zip	sorteado!!.com.exe

C:\Users\Admin\AppData\Local\Temp\sorteado!!.com.exe
"C:\Users\Admin\AppData\Local\Temp\sorteado!!.com.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\microsoft shared\ResidentEvil2.zip.scr

Filesize
30KB

MD5
e355f8895da5c1de6d0251ad57b9dc70

SHA1
69578eaa573347b82a8df00a3a841d0964231254

SHA256
0254c6ccdc4030d81e563ffc16efe1f89bffc1bb92ab0b43d74b8516cfaa3868

SHA512
7952f8c08b6c79f7b9f0f0a2e84a1af54c45af74beee36f8fba929956ca2f4cc9e89832ea5556483142c4761c8c2395f0133a65985e1284fdb87573c164316d9

Download Submit
memory/4904-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-2595-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-2599-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-2602-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-2604-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-2606-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-2609-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-2611-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads