kinsing | 76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:47

Target

76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a.dll
Size

2.5MB
MD5

4141b3d7d91fae89b3a0eac775530963
SHA1

d84531ea772568d23a7a02d80d496a96c0fa01ce
SHA256

76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a
SHA512

d63d917dad797a81f6024cb316364f5c0b7fe4ef56c7d0293ef3f3a84890a37b9f4a4a9ccd4056e967df5c83ba6ad1140c010707107084e4deca90eadfd003d9
SSDEEP

24576:ZSN4tLocHLaC03NOK+TVl5HIA2zhMRBIl8:3tz03NOK+TVTHIA2zhMRBIl8

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 456 wrote to memory of 4132	456	rundll32.exe	rundll32.exe
PID 456 wrote to memory of 4132	456	rundll32.exe	rundll32.exe
PID 456 wrote to memory of 4132	456	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:456

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a.dll,#1
2⤵
PID:4132