Analysis
-
max time kernel
92s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25-01-2024 17:25
General
-
Target
2024-01-25_36bb35a7250c89e6184cf473503e4da7_mafia.exe
-
Size
411KB
-
MD5
36bb35a7250c89e6184cf473503e4da7
-
SHA1
ac14efb1900c3031ff906aea55255b253c0c98be
-
SHA256
3ab789cc658c33edace9ef1754b0e1b488c39362e0738111c148f9e648c1aecd
-
SHA512
408005fd4d7f36a01d6173e78020b7058519539211960e7fc22b8380f7c21caf56cc020e68aa289e9a40131e1c6f8c1d63fa8f7907533de48127e56b1f55dbb2
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFVrm1Wi4RdVpNnEeA7spzqizQKcqHI:gZLolhNVyEKm1WiEv3nTzqscqHI
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_36bb35a7250c89e6184cf473503e4da7_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_36bb35a7250c89e6184cf473503e4da7_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\50EF.tmp"C:\Users\Admin\AppData\Local\Temp\50EF.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-25_36bb35a7250c89e6184cf473503e4da7_mafia.exe B9D10D13B5E96B3A5CDFED6B71110F6B5249CDA26F8CB36BB012809CA8793E94EE9838E6275F5B6A4231F7EFE2D3209CAC6A4124533ED926734906360DEC49E52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD50235a8da9dd2e3f687135fe921baa31f
SHA100129b8c8aec2dfb987c3e5a805e52069f6da69e
SHA256d0de34361487fa49327390a29d9e7538184ea1ae272aa1873caa2295b48ceb71
SHA5121a6fce569c360249267db4b7081cab944026b61d508741beb9d225216dde3200b6c24cfb6890ffca593b2061f9982ca57c8dc63b349c1442676d03dc6b7d3dfd