Overview

overview

10

Static

static

7

75206e7ddd...d3.exe

windows7-x64

10

75206e7ddd...d3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75206e7dddfbd0380a246fa714e8c6d3.exe

  • Size

    784KB

  • MD5

    75206e7dddfbd0380a246fa714e8c6d3

  • SHA1

    91839ed67fe4261f39786ee1ba0f474e5beae9e7

  • SHA256

    02924ebd122b1c606b6796bdf1acd196a2a80bee75ecbb826f02f428e71cc58d

  • SHA512

    c0f2fe4502613fdfd066b7b47e480d8810fdc966b53c7f8d7e1e251e6cda4150a414e145fbea4d95fd9f16028ec27ff054182f25b8b09d1f5e7d5686b78bc4cd

  • SSDEEP

    12288:Vd0reE0N0+Q/Pa+HWBrNUCWEzukNEaZgnU93DrXn9e0V7X2+yi:w6IBXxQUS/gniDrXnhVj

Score
10/10
kinsingxmrigloaderminerupx

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 7 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe
    "C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe
      C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe
    Filesize

    784KB

    MD5

    edde437d90499a7e06dca8276397030c

    SHA1

    4cde556c2f0c5af1c7edcedae85751d3b4214872

    SHA256

    2400f953a291c0de0d65dccc8d313321a0d9d644f0d1f214a9b7605a234618b2

    SHA512

    9fb5e07d4693b2e00bf425d098a8d9c43ade8cb34c589d89e370846595ac42ac4cbb8075f1c5d9b78a64905ef44d3d35b986e519af3be2d7314fb4ed167d22c7

    Download Submit

  • memory/884-0-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/884-1-0x00000000018E0000-0x00000000019A4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/884-2-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/884-12-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4884-13-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4884-14-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4884-16-0x0000000001AC0000-0x0000000001B84000-memory.dmp

    Filesize

    784KB

    Download

  • memory/4884-20-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4884-21-0x0000000005330000-0x00000000054C3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4884-30-0x00000000005A0000-0x000000000071F000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4884-31-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download