Overview

overview

10

Static

static

10

2024-01-25...er.exe

windows7-x64

7

2024-01-25...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-25_53eb70165f5fc2b0c5841693c4176abc_cryptolocker.exe

  • Size

    64KB

  • MD5

    53eb70165f5fc2b0c5841693c4176abc

  • SHA1

    6d375ae056a0ac10ff4f184b5924767dcf9775c6

  • SHA256

    61402873e79d37fac22cc1a27bad70ba1fe5e2ca1c81051ff74e066a866317db

  • SHA512

    0750a9e8f210667ea75cc9cb106a130a217115dbc26ecec6612290d0dc0e36f19be7b54d94acf115abca724686f5856f125a8699ef170154bf1bc6c0b4f4d1df

  • SSDEEP

    768:T6LsoEEeegiZPvEhHSG+g0mum/kLyMro2GtOOtEvwDpjh:T6QFElP6n+g0fmddpMOtEvwDpj

Score
10/10
kinsingloaderupx

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_53eb70165f5fc2b0c5841693c4176abc_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_53eb70165f5fc2b0c5841693c4176abc_cryptolocker.exe"
    1⤵
      PID:3584
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        2⤵
        • Program crash
        PID:2392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3584 -ip 3584
      1⤵
        PID:212

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3584-0-0x0000000000500000-0x0000000000510000-memory.dmp
        Filesize

        64KB

        Download