kinsing | 6793520c4013dd1f9da6c6f7050b0c09c559fcbf1beb1cb9a2e2251ee59b4d10

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:45

Target

7500be4ac94f6645ed400658f7fd5e60.exe
Size

196KB
MD5

7500be4ac94f6645ed400658f7fd5e60
SHA1

03339a2458153a443e60e55ad7a4bd9593d493a6
SHA256

6793520c4013dd1f9da6c6f7050b0c09c559fcbf1beb1cb9a2e2251ee59b4d10
SHA512

b93edcac6008d33e6beb0ec9d00ace59157f7b8e610d0c2dbaf1ba56960ece2d1ca2063c3f2c1c85a49ee5ff0a0f46c2537b144107ffe74df92a744b43d9f608
SSDEEP

3072:q954C8BOQWz9MbFFglevtwsRFftUbApd6nxw4xwahkdBKZpZ3ts/7EJRES:IZb+ZFg4RFftUEpd6nxpBkkZ3tAYJRP

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Suspicious use of SetThreadContext 1 IoCs

Processes:

7500be4ac94f6645ed400658f7fd5e60.exe

description pid process target process

PID 1376 set thread context of 1716 1376 7500be4ac94f6645ed400658f7fd5e60.exe 7500be4ac94f6645ed400658f7fd5e60.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4868 1716 WerFault.exe 7500be4ac94f6645ed400658f7fd5e60.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

7500be4ac94f6645ed400658f7fd5e60.exe

pid process

1376 7500be4ac94f6645ed400658f7fd5e60.exe

description	pid	process	target process
PID 1376 set thread context of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe

pid	pid_target	process	target process
4868	1716	WerFault.exe	7500be4ac94f6645ed400658f7fd5e60.exe

pid	process
1376	7500be4ac94f6645ed400658f7fd5e60.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

7500be4ac94f6645ed400658f7fd5e60.exe

description	pid	process	target process
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe
PID 1376 wrote to memory of 1716	1376	7500be4ac94f6645ed400658f7fd5e60.exe	7500be4ac94f6645ed400658f7fd5e60.exe

C:\Users\Admin\AppData\Local\Temp\7500be4ac94f6645ed400658f7fd5e60.exe
"C:\Users\Admin\AppData\Local\Temp\7500be4ac94f6645ed400658f7fd5e60.exe"
2⤵
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 224
3⤵
- Program crash
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1716 -ip 1716
1⤵
PID:4636

memory/1716-2-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1716-4-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1716-5-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download