Analysis
-
max time kernel
92s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 17:23
General
-
Target
2024-01-25_1b49493a5011ca13454360b8abd8faf8_mafia.exe
-
Size
384KB
-
MD5
1b49493a5011ca13454360b8abd8faf8
-
SHA1
1cb1a211a371de96fd28b5ff5d79c17f6d896a1c
-
SHA256
9b6c8b484f9ff4466429245d612e2efd21716e98d139050bc70c1b1ee4b6ae2d
-
SHA512
449a505996d6680f08d7973f574d89e55477154bbebb47928c9bea6304eaed0ea77d18b5a1d006996d2a1d257c7562ae8fc86739449fb9ccb668dd2f9e7812fd
-
SSDEEP
6144:drxfv4co9ZL3GBGgjODxbf7hHXdMxlVNzCSyA0/6jmh/jxNWt92uZ:Zm48gODxbz5Wz5WlvuZ
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_1b49493a5011ca13454360b8abd8faf8_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_1b49493a5011ca13454360b8abd8faf8_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\F627.tmp"C:\Users\Admin\AppData\Local\Temp\F627.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-25_1b49493a5011ca13454360b8abd8faf8_mafia.exe B9D99F82C73B80CE54FC1582ADD17343DCC70FD38882EFDF70A31ADFC4211E202F07DD30C2001813E9D30E7C841D93ECEFB5671ED3516826A60C1603CFB4C3AA2⤵
- Deletes itself
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\F627.tmpFilesize
384KB
MD583616abfdea10af9a8228f1c779eb2d2
SHA190086b1f82632845904721ffac9939facfeed9e2
SHA25636d03b2819a03e12461c2a7657f2d88a187e2d13c1c61c10d7d5cdf8f0993b6a
SHA5123c2615419e3dca35aba105c31ab09e9bbb5f9be0b2b56a745be278309b476d7e3928d485b09cd0e356f41f080e540a3f99ad9b82549d17353924d7ef86be6196