kinsing | df01a9db51da6307b2882563d5667540bbd38be2d70b283fa57d0aca23ae2b70

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75233361f8d5a0995275105cb989100c.exe
Size

784KB
MD5

75233361f8d5a0995275105cb989100c
SHA1

e2a5289518fc54a9df1b412f7f7ecf02d0ff03f1
SHA256

df01a9db51da6307b2882563d5667540bbd38be2d70b283fa57d0aca23ae2b70
SHA512

e46f4c204b25d17a45406dad11794a80e2ed38bc622d160a33253e3e4b8cff7345d7f77eefe3f3766ae9862a0cea6d1e92479133e8726bff27310584d50c6ecf
SSDEEP

12288:T+/b0mtirCORKXydUf0BPCaCRHy1zkqbCWGxiva8tUaZdMgSSICq5QIlA:TsxLyyf0BPCauqbChsi8t/dMgm5QIlA

Score

10^/10

kinsing xmrig loader miner upx

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/2128-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2128-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2456-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2456-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2456-23-0x0000000005340000-0x00000000054D3000-memory.dmp	xmrig
behavioral2/memory/2456-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/2456-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2456	75233361f8d5a0995275105cb989100c.exe

Executes dropped EXE 1 IoCs

pid	Process
2456	75233361f8d5a0995275105cb989100c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2128-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000800000002320b-11.dat	upx
behavioral2/memory/2456-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2128	75233361f8d5a0995275105cb989100c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2128	75233361f8d5a0995275105cb989100c.exe
2456	75233361f8d5a0995275105cb989100c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2456	2128	75233361f8d5a0995275105cb989100c.exe	89
PID 2128 wrote to memory of 2456	2128	75233361f8d5a0995275105cb989100c.exe	89
PID 2128 wrote to memory of 2456	2128	75233361f8d5a0995275105cb989100c.exe	89

C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe
"C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe
  C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe

Filesize
784KB

MD5
f87beab244c0a61a9ef08bb493885562

SHA1
e267e2a8b2bf97e3fe176053e48cd7df6e98edf7

SHA256
4e9c5f0fa52719ddac5a743957d6e45d3cccde993548bd8e6ac337d66733a4ff

SHA512
56a397ad20d6ac4c187878e6796be536f686b8589e6bc42cc0c6b950c8642911650ec04519f6365e496c2bda49f4ce606fd56adecb166ae4217b52784b72c3d0

Download Submit
memory/2128-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2128-1-0x00000000019C0000-0x0000000001A84000-memory.dmp

Filesize
784KB

Download
memory/2128-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2128-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2456-16-0x0000000001AD0000-0x0000000001B94000-memory.dmp

Filesize
784KB

Download
memory/2456-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2456-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2456-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2456-23-0x0000000005340000-0x00000000054D3000-memory.dmp

Filesize
1.6MB

Download
memory/2456-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2456-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download