kinsing | 8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5

Analysis

max time kernel
137s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:49

Target

8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5.dll
Size

2.3MB
MD5

e8609a77b7ab60b1e93bb2e6c4a3b36d
SHA1

7fcac00e8436fc935a95c2ba0822bb7c83350778
SHA256

8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5
SHA512

6306f10edf178c5786ae82162ef88799704afd8d6cf84618181e8ad0b1c5f0662ae4442037eb41ca0476be730c10ca47a410372b64a5765901f8495e51f04f5c
SSDEEP

24576:lKeoja6BJIHBpiN+++ulHOWJc1/4QBx5uCy:lK3IHBp4X+ulHOWJc1/4QBxICy

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3328 wrote to memory of 1032	3328	rundll32.exe	rundll32.exe
PID 3328 wrote to memory of 1032	3328	rundll32.exe	rundll32.exe
PID 3328 wrote to memory of 1032	3328	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5.dll,#1
2⤵
PID:1032