kinsing | aaff12ff60520346cc72bb89fb2b879edfaf187e32e821a1486c6b5771eaa687

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
Size

1.4MB
MD5

fd8e566d88637434734ccd92a7d865fa
SHA1

0f11ce240cfddb9e83388678a1a0217a568ccd2c
SHA256

aaff12ff60520346cc72bb89fb2b879edfaf187e32e821a1486c6b5771eaa687
SHA512

610bfc4851358f281e88fb351724d54f6b4eea23723930ce7d0fa46b04d405d6457b90b58f9112539912e22a55d8ea3d26f52d94c90124cd13864b5fd01a0bcc
SSDEEP

24576:0T+hNLKhKnnxzIFlHmDbCnBdsZBlTLQxczp07vZORwm24kXqgKdfDjIzQW8bY03U:0SzLKhKnnmFlHOWnTQT3zxRj24kXGdfM

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\IME\Archive.dll	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
3704	SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.11258.1591.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3704

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads