kinsing | bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:32

Target

bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0.exe
Size

1.1MB
MD5

c9ebd15d274183485c36bf5f08624bc5
SHA1

33130d5d3c1d8414fc2ec1773ac9d49cc8e0a589
SHA256

bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0
SHA512

ee3a0436d6548cb3c79e4b7bfd0e4c62011002adec2c8a0c1302c39f78f45ebf0ff24646058c8da6ffafb40269caab2c52b81f091cb588ff57b46a9a14dcf4bc
SSDEEP

24576:uxR3RFMeR1Ei1iQiYWLg77R0uSF+5JwXgb1081v3iYYKLJxNk:O7R1Eui2Z77R0JF+bmgb1+cxC

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4132 3480 WerFault.exe bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0.exe

pid	pid_target	process	target process
4132	3480	WerFault.exe	bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0.exe

C:\Users\Admin\AppData\Local\Temp\bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0.exe
"C:\Users\Admin\AppData\Local\Temp\bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0.exe"
1⤵
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 628
2⤵
- Program crash
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3480 -ip 3480
1⤵
PID:5048

memory/3480-0-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/3480-1-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download