kinsing | 75f2d494b58f3d664c705d82f26d2d8ea152026b0fa28125079a60f52b7bc52f

Analysis

max time kernel
141s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:40

Target

74fdd5068d0b721dabb78b4811369d2e.exe
Size

722KB
MD5

74fdd5068d0b721dabb78b4811369d2e
SHA1

78b1cadd787d468ab0d607380f3d2859c3e34c8b
SHA256

75f2d494b58f3d664c705d82f26d2d8ea152026b0fa28125079a60f52b7bc52f
SHA512

f7733edab9899b1bc3bcfc27ac2db0865ec894f7f32d586df659c7ade28c55df2416444487caab7a83ab536772a73f8784607c458851fa4662d623fd8f6c9c1b
SSDEEP

12288:KqSaqGrh5jdU0g+QJglzUo2Lz05tu1ME4UW7C40XCIrD8imU9CknGOZIZe7z6GDI:KBctw+7G/LY2uYW7UXCu5mU9DGOZqeXo

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Suspicious use of SetThreadContext 1 IoCs

Processes:

74fdd5068d0b721dabb78b4811369d2e.exe

description pid process target process

PID 4552 set thread context of 3716 4552 74fdd5068d0b721dabb78b4811369d2e.exe 74fdd5068d0b721dabb78b4811369d2e.exe

description	pid	process	target process
PID 4552 set thread context of 3716	4552	74fdd5068d0b721dabb78b4811369d2e.exe	74fdd5068d0b721dabb78b4811369d2e.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

74fdd5068d0b721dabb78b4811369d2e.exe

description	pid	process	target process
PID 4552 wrote to memory of 3716	4552	74fdd5068d0b721dabb78b4811369d2e.exe	74fdd5068d0b721dabb78b4811369d2e.exe
PID 4552 wrote to memory of 3716	4552	74fdd5068d0b721dabb78b4811369d2e.exe	74fdd5068d0b721dabb78b4811369d2e.exe
PID 4552 wrote to memory of 3716	4552	74fdd5068d0b721dabb78b4811369d2e.exe	74fdd5068d0b721dabb78b4811369d2e.exe
PID 4552 wrote to memory of 3716	4552	74fdd5068d0b721dabb78b4811369d2e.exe	74fdd5068d0b721dabb78b4811369d2e.exe
PID 4552 wrote to memory of 3716	4552	74fdd5068d0b721dabb78b4811369d2e.exe	74fdd5068d0b721dabb78b4811369d2e.exe

C:\Users\Admin\AppData\Local\Temp\74fdd5068d0b721dabb78b4811369d2e.exe
"C:\Users\Admin\AppData\Local\Temp\74fdd5068d0b721dabb78b4811369d2e.exe"
2⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\hsjsh.ini
Filesize
18B

MD5
8a0f1059302e8256b9d04d9486689724

SHA1
cc2a34dd591eccbd6c1a62ad255927e204486e36

SHA256
3cd6a555e2380c2b74ba8b2d7c4d1428e95e71a7293862b4cbb77a3c33c4efb8

SHA512
b7d5128315e38e3581f8b1276264708460fd95ca5ecd17bf6b869d1c23b4899ac6e43b10360473c99d8ef259bca2be395bf7660f44f219450d40aa0c095bd830

Download Submit
memory/3716-0-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/3716-1-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/3716-3-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/3716-4-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/3716-5-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/3716-13-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/3716-15-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/4552-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download