Analysis
-
max time kernel
129s -
max time network
130s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
-
submitted
25-01-2024 17:54
General
-
Target
[External]hi[1].eml
-
Size
10KB
-
MD5
54a5c9517a29dee5b8cd3ea3b8d89403
-
SHA1
4373a8614f8d8fc2be0e29d75c791836de9d5908
-
SHA256
94e85ea70fcbf7f441b66e3a2f26f21a7ddd018cd3a0ef8d9e5f6af160ad5420
-
SHA512
3d7a291a11bba73e4f7f14057841671f6719efccf259f22b70cd48ca3a9296bd50aeaa9c1dfeb4b65c8843d93156c25aa078514dd58312e4f845d861abdc6f84
-
SSDEEP
192:4KQBSgmVEGFYT5228G1XZp1vnskdNRew/lqBM5JljjaHrR:oBSLEGmTd1XZznsktv/lqC3jK
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 17 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\[External]hi[1].eml1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\[External]hi[1].eml2⤵