Malware Analysis Report

2024-10-19 08:26

Sample ID 240125-wax71achbq
Target 751f9932ffe0735827f2b5fd43d19b4b
SHA256 4719fc177baf3e94f1e54097cb64d1c021315834f459f82c928ff43d6b738ce3
Tags
kinsing loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4719fc177baf3e94f1e54097cb64d1c021315834f459f82c928ff43d6b738ce3

Threat Level: Known bad

The file 751f9932ffe0735827f2b5fd43d19b4b was found to be: Known bad.

Malicious Activity Summary

kinsing loader

Kinsing

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-25 17:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-25 17:43

Reported

2024-01-25 17:46

Platform

win7-20231215-en

Max time kernel

140s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe

"C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\2404UUUG.bat" "C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe""

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\2404UUUG.bat

MD5 182bcd65c8ab93477d157c5a7d51de6d
SHA1 db0115f6188ce94922e1ccc3284b242ad76a349d
SHA256 e8799507fafb5446bf1b15be837968c21398cb0ccb91984ccfa96102c234fb19
SHA512 bd21ee179c6e416de4f29f3d5e5ef8e89448b3ae13e53ee341965a237244ffb755358890283bd57d74de26745dfefd717116723864e5898c0326e9625fd10299

memory/2404-3-0x0000000000400000-0x0000000000426000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-25 17:43

Reported

2024-01-25 17:46

Platform

win10v2004-20231215-en

Max time kernel

140s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe"

Signatures

Kinsing

loader kinsing

Processes

C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe

"C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4256VCHO.bat" "C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe""

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\4256VCHO.bat

MD5 182bcd65c8ab93477d157c5a7d51de6d
SHA1 db0115f6188ce94922e1ccc3284b242ad76a349d
SHA256 e8799507fafb5446bf1b15be837968c21398cb0ccb91984ccfa96102c234fb19
SHA512 bd21ee179c6e416de4f29f3d5e5ef8e89448b3ae13e53ee341965a237244ffb755358890283bd57d74de26745dfefd717116723864e5898c0326e9625fd10299

memory/4256-3-0x0000000000400000-0x0000000000426000-memory.dmp