kinsing | d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f

Analysis

max time kernel
93s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:52

Target

d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f.dll
Size

81KB
MD5

8259f5443dddb580a06dc5eed44c854e
SHA1

a1b161514e9188c2ba61ad0ed9365814a2bcef65
SHA256

d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f
SHA512

20db4e820dffd0b7d4301937792b15701a67db5b9b9b2fb47c2198cd451d5f86b4883b928b1af3b3d3d9a0c3bbb23147b678f3eb0b3f47ed48118bbbb6af5fba
SSDEEP

1536:UPkgGEKs3PC22cx9ikjlf18Drjf+KYW17Bx78fL2N4C7OWQ+DEOUH4zaGjH:kdxfV9ikjlkrjfJYWtwC7VQ2vzak

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1604 wrote to memory of 636	1604	rundll32.exe	rundll32.exe
PID 1604 wrote to memory of 636	1604	rundll32.exe	rundll32.exe
PID 1604 wrote to memory of 636	1604	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1604

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f.dll,#1
2⤵
PID:636