kinsing | fd17760f03a63db0ba505e6b3226df61d57e0c204c34ca0ae8a417e514ee3789

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:59

Target

74ea99b770ec897229cb68a9d3485124.dll
Size

187KB
MD5

74ea99b770ec897229cb68a9d3485124
SHA1

0b41cc1840245014269bf8e6eb8d6934f3c34f74
SHA256

fd17760f03a63db0ba505e6b3226df61d57e0c204c34ca0ae8a417e514ee3789
SHA512

751eda44efc0fe38d601560403a9455c1caf0fd6f27ffadd7d5e3ef401e36fdfab633697a8e2998985b55888eaa779a272da00b73100ac1f72f91eac9968dd07
SSDEEP

3072:kefHzBFh6U7AtrlGg2ixOJt52UsOTlv1afwC/0q3gSXPEzERxniNN1T:kefHzBFl7AtrlgJt5dTLafL8WFx4

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4920 wrote to memory of 3188	4920	rundll32.exe	rundll32.exe
PID 4920 wrote to memory of 3188	4920	rundll32.exe	rundll32.exe
PID 4920 wrote to memory of 3188	4920	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74ea99b770ec897229cb68a9d3485124.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4920

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74ea99b770ec897229cb68a9d3485124.dll,#1
2⤵
PID:3188

memory/3188-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3188-1-0x0000000002B90000-0x0000000002BD6000-memory.dmp

Filesize
280KB

Download
memory/3188-2-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3188-3-0x0000000000E30000-0x0000000000E56000-memory.dmp

Filesize
152KB

Download
memory/3188-4-0x0000000002B90000-0x0000000002BD6000-memory.dmp

Filesize
280KB

Download