kinsing | 0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:45

Target

0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e.dll
Size

2.2MB
MD5

293a955a16806151883d5054340b82e9
SHA1

5a5f304877ebdaad180223348e8e541f09f6285b
SHA256

0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e
SHA512

7855625e33ab793d872725c35ac4a52e627d868f4474f0fe7e0fc4b6475282c437856b2a62715c37428675a29778ed7b7bb9bdc9f6b0666ec9c579be229511ee
SSDEEP

49152:TJd0bM5Fym/8RgJWYM97tQjFozL19wNa/Wg7:VCbM56yJTjFKp9JWg7

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1092 3852 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1092	3852	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3188 wrote to memory of 3852	3188	rundll32.exe	rundll32.exe
PID 3188 wrote to memory of 3852	3188	rundll32.exe	rundll32.exe
PID 3188 wrote to memory of 3852	3188	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b55ced84cec2a31f943014ca95597715db401580ed0d15dd742f33806fd894e.dll,#1
2⤵
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 564
3⤵
- Program crash
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3852 -ip 3852
1⤵
PID:5072