Overview

overview

10

Static

static

7

7520300cb3...2b.exe

windows7-x64

7

7520300cb3...2b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7520300cb3727b7a4a3576dcf611d52b.exe

  • Size

    1.3MB

  • MD5

    7520300cb3727b7a4a3576dcf611d52b

  • SHA1

    5b34cc94b619be6b06a300011338df8f323d98c0

  • SHA256

    6cc955a94103a3a92f1ca35a717a24edf2e08d0b6a6352f63e45aa786d8990b1

  • SHA512

    5999c5ddcc925f6be81374aefd919c3c878c70611ebf1b22049f070ec80690489a94848742577aeee83861fe80e5ff1b17f61e14ad1b418a35a891498bc854c7

  • SSDEEP

    24576:bLQ425dc0mCrvS1Jt9hP9NtpiCZG+dOfDZY/Ep/xFKBv0Zn218U9/9Us:nQNuCTSTP9fU+dOrS/ER1ZnsR9j

Score
10/10
kinsingloaderupx

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe
    "C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe
      C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe
    Filesize

    1.3MB

    MD5

    d56afb40c92f1529be0d481ff807f4cd

    SHA1

    cd9a39eb2a68006731f5d452e8e2118053cc7e51

    SHA256

    c5c4c84195d2f6386165347aa698b720f832f8dd9d0db390040e7848c18f4e15

    SHA512

    ab78d6fe59999b292d490a89a4974d718277a5727ce2a99cea3532655a0195cd953c30f0fe6429ccc3f226cf21b777dcd89c2ee481a8d5172f6e6fdb496be92d

    Download Submit

  • memory/1448-1-0x0000000001CF0000-0x0000000001E21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1448-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/1448-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1448-12-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3208-15-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3208-14-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3208-13-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3208-21-0x0000000005560000-0x0000000005782000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3208-20-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3208-28-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download