kinsing | 305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:02

Target

305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231.dll
Size

257KB
MD5

e4a0068ecc898d06b5088f4695c7e2b5
SHA1

53be78c7a24fe555189ce0f0a1a7517de9debf9c
SHA256

305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231
SHA512

23fc17d1bce3bbe3f4ebf524acbd342f57743754b9db67c10fe97fe8e24923483f2165025e1d9257e7eaa4354533a7bc7366fa6e0882f9ffc89bf36b3020a03e
SSDEEP

6144:rQfmwXth8+ll5Ut6IFyzMcrTjGZ5nEy/NA:Ar8+lPUt6pwcrTjGrvA

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2376 wrote to memory of 1864	2376	rundll32.exe	rundll32.exe
PID 2376 wrote to memory of 1864	2376	rundll32.exe	rundll32.exe
PID 2376 wrote to memory of 1864	2376	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2376

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231.dll,#1
2⤵
PID:1864