Analysis
-
max time kernel
137s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/01/2024, 17:43
General
-
Target
2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe
-
Size
412KB
-
MD5
21310de8491318d13f60ab90a082e518
-
SHA1
8ac84cdefbfdb6d248b1ffee2d79386d64cc0ed2
-
SHA256
3b700349cbc4d267b6772b0d3c7ce232d68013a0868842c40e093a7c94b68b40
-
SHA512
5c07e8556d78d944cb873e33800df3581dc14fca1c4631239723663cf42c5c61d75cd6e1a8118a3169f6d3eb0861bf1c8c954904fa3dce9c635ba04cac47cd77
-
SSDEEP
12288:U6PCrIc9kph5MRjl7oXIxvJ+TRchwzNLV9/:U6QIcOh5Uj+TRc4N59
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\A0D.tmp"C:\Users\Admin\AppData\Local\Temp\A0D.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2024-01-25_21310de8491318d13f60ab90a082e518_mafia.exe FE77976F7E9C26A212107EB6CCED419257B9EF14EC432AD672EAB77B3AA99C22FF60DAF1C63D70AE0E3A4B8A7D9618C43D4DEB7EDB1DDAE10FF644D3E5A775CA2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
MD577f4e34bb51ce8e16e266811d93c18ee
SHA19045f193ef78acaf3afca3b3f9126af5b25e5149
SHA256a5288edabb82085272468640f36ae766e69c58be2d1f9432bdf68e620ed957e6
SHA51222fce5fa45b9d0c52ad09b31d76532d542314ee5ab820dd52c4ef0ef15d242abaf5c783313d97eeb97480f670584ac8c5ceff4c3f074d64ff398923b439fd2c0