Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 15:54
General
-
Target
ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce.dll
-
Size
2.6MB
-
MD5
ec6cbdc93d75a0879d073cef92f72507
-
SHA1
dc78f4a068b69b1b72ee3a6dac58d581301cd960
-
SHA256
ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce
-
SHA512
c4af31e58eef51837872017736f224db16465ba841d4a225996d4d73aa273a6be41df80e3b1d019ad785f3b6e86da7058617aa499aba22bf3c8da0b39797cc27
-
SSDEEP
49152:hFLFvOT/MSiIJlpstDJwFvJbb5FjhPVq4Q32GC6Q5DBZyIEDRH+Lm095dk:nFmT/MSiIvpstDybbLjJk4QGGC6QAIEg
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffaab25bb7910b0cb315d3ddcbe83ff5b5ea94f280065595bec6c29db30cdcce.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 6523⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 648 -ip 6481⤵