kinsing | 6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f

Analysis

max time kernel
111s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:58

Target

6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll
Size

240KB
MD5

6a2ecd5487743d4129c23bbebe95e2e3
SHA1

431d87b53a8da69dfc60de90d2fa3f63a6c9fd15
SHA256

6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f
SHA512

5d2bb8ecb90228158c3b5a1f36bd05d7ff0b7c19c301aa20d8340dd3e3f2b3991b6f8a2d031a628af821aa5c6c5492e8201078182915aee7a1237c0b6a2ab39f
SSDEEP

3072:YmybuLkbiPXYu+MY3XpLd8VnQtyCCxEvRWCWa+NTPdJu6lhAOkSSs:YmpLkifY/MWXYQ3ntAm6D6

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2628 2708 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2628	2708	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1116 wrote to memory of 2708	1116	rundll32.exe	rundll32.exe
PID 1116 wrote to memory of 2708	1116	rundll32.exe	rundll32.exe
PID 1116 wrote to memory of 2708	1116	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1116

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c2708c5d7dc071ae5b76d1d5d0196ecedef12fe596229ac191535c57627148f.dll,#1
2⤵
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 608
3⤵
- Program crash
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2708 -ip 2708
1⤵
PID:3008