kinsing | 410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de

Analysis

max time kernel
133s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:43

Target

410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe
Size

269KB
MD5

82897da154eec93530858e9e0bf1a4c0
SHA1

10aee924b5633baa640b3b55068eba8de5dc305a
SHA256

410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de
SHA512

3dc49d4ddcd62ad30d5aded87c07c5a09021522a71812fbf6e457ad42cbc39acab2e932b25eac6931e4b9806bcaacea7a6c93bf0e034e8a089b66eb98409bc59
SSDEEP

6144:3GqH2r85tdvh80jwizPtNwoVYmsjAOzAxmWm1fq:3JWr85tdvh80j1YmsjQmJ1fq

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1012 4664 WerFault.exe 410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe

pid process

4664 410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe

pid	pid_target	process	target process
1012	4664	WerFault.exe	410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe

pid	process
4664	410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe

C:\Users\Admin\AppData\Local\Temp\410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe
"C:\Users\Admin\AppData\Local\Temp\410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1224
2⤵
- Program crash
PID:1012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4664 -ip 4664
1⤵
PID:3980