kinsing | 85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f

Analysis

max time kernel
92s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:55

Target

85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll
Size

292KB
MD5

62ef645f3831cae277c8d6dbcc2112e9
SHA1

c4aa5f36c64889a5a2d49d5d1092585b25247f59
SHA256

85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f
SHA512

752df371b48ee1deb201f2008d8340147fc991bab3ffedb4f17c35219c7b1b0adbd7d215439798a388f945d9ba75209edc862a0776eb0f2333078a497c84c6dc
SSDEEP

6144:xgejiEdVHdmqrL9MRlx3tjAspuUb5p9TwHlM82xp:HjHVH3r2Rlx3WUbTNwHP4

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4104 1892 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4104	1892	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 836 wrote to memory of 1892	836	rundll32.exe	rundll32.exe
PID 836 wrote to memory of 1892	836	rundll32.exe	rundll32.exe
PID 836 wrote to memory of 1892	836	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85ab547e342b097997561652cfd1c1f6adf66f4b0552ecb16423e398f483a24f.dll,#1
2⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 616
3⤵
- Program crash
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1892 -ip 1892
1⤵
PID:4588