Analysis
-
max time kernel
135s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-es -
resource tags
-
submitted
25-01-2024 17:25
General
-
Target
Meet.exe
-
Size
469.8MB
-
MD5
4f44f506dc54a3e6ecc2da93bc5966f5
-
SHA1
2a6671f8be6d2d5c09093f9a2715eb7a4aaba44b
-
SHA256
debd455391888928a84ae3fbc58d6bf40eb739c5caffe3d68c5c5e2734970186
-
SHA512
2821ec7493bd3cfb16bb59d06abf3907072a9ac50c3783208776c6c1e321eadc1b7640d398c113cb96ada33205981b6d43f17ce9ee3924ca2a72b28e50f42fbd
-
SSDEEP
6291456:3LN6SRoiJjOen+zQtaEeaszZv1xKRl35DCSpWgUPNlP/ikfuc5MYyGFNCx:3LN6SLJjOen3t+32pDZl6NxBlDY
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Meet.exe"C:\Users\Admin\AppData\Local\Temp\Meet.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Meet.exeC:\Users\Admin\AppData\Local\Temp\Meet.exe2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1312-0-0x00007FF6C5770000-0x00007FF6C6770000-memory.dmpFilesize
16.0MB
-
memory/4952-1-0x00007FF6C5770000-0x00007FF6C6770000-memory.dmpFilesize
16.0MB