kinsing | c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:57

Target

c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll
Size

250KB
MD5

35391ece3b7a7b067d5f3778e72bcf4e
SHA1

7a3ad3ec63679f4d164edb0a4e70c5e37c2fa5ed
SHA256

c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d
SHA512

a8bd058c267752635cce9b5865f99a2ececccc5fb9970f32dd92fb46de31866a0c13937192b244345ad2099a5a08a207bc17c65246fe0f8a968bb6184f486baa
SSDEEP

3072:TYVp+k+WzTgEhOCbe4vul5f6epCHu6HuUh51hvkLk8+ebUStoAVxyhUoc:TYVpx+TEhOoeCulTwHEE51hk9Ptojm

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

832 3744 WerFault.exe rundll32.exe

pid	pid_target	process	target process
832	3744	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1556 wrote to memory of 3744	1556	rundll32.exe	rundll32.exe
PID 1556 wrote to memory of 3744	1556	rundll32.exe	rundll32.exe
PID 1556 wrote to memory of 3744	1556	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c958f694f25f48d033d0774dde60f0a5990ad2d8bd5f64a569428c6c71d0b56d.dll,#1
2⤵
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 612
3⤵
- Program crash
PID:832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3744 -ip 3744
1⤵
PID:1736