kinsing | 49120084b513287ae224f654854a88ed3a8bff124efa63d57db3f81d16adb846

Analysis

max time kernel
89s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

translations/qtbase_ar.qm
Size

156KB
MD5

a7e4d0ba0fc5df07f62cc66ec9878979
SHA1

21fd131b23bdd1bba7bbb86f3ed5c83876f45638
SHA256

e03fe68d83201543698fd7fe267dd5dfc5bfd195147e74ff2f19ac3491401263
SHA512

d9e6b10506fcf20b5b783f011908083d9df6c5df88e21b10d07f53a01ad6506a4b921c85335a25bae54e27bad7d01b6e240d58fdeeaabc7ff32014ec120c2ecf
SSDEEP

1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4436 OpenWith.exe

pid	process
4436	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\translations\qtbase_ar.qm
1⤵
- Modifies registry class
PID:3932

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads