kinsing | c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:55

Target

c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll
Size

276KB
MD5

f2a8dba317bc319dc46f811c604057fc
SHA1

d0bbcbd28021d080e5c58f60a639d410d55c5d3f
SHA256

c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4
SHA512

0cea40e27efdaef61a4d62b08d164a93bc151953053349d14b3fd5eea3fa7806955f45aa3e33aee134fa0124a681b84834eb3deb945613da0cc9ca60a86975b8
SSDEEP

6144:SzmPaTbk12Al0uZGvtdZysYpuUb5p9TwHlM823HNb:4mPaTbk1240vvt5UbTNwHPw

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4364 1980 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4364	1980	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3684 wrote to memory of 1980	3684	rundll32.exe	rundll32.exe
PID 3684 wrote to memory of 1980	3684	rundll32.exe	rundll32.exe
PID 3684 wrote to memory of 1980	3684	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3684

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5e845e2ddf8a5f40394d7d4840c7441c0aa26ebec93020a6ac5d380a759b5c4.dll,#1
2⤵
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 600
3⤵
- Program crash
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1980 -ip 1980
1⤵
PID:3548