Overview

overview

10

Static

static

3

9f7ffa4261...41.dll

windows7-x64

1

9f7ffa4261...41.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll

  • Size

    89KB

  • MD5

    cad9cfa9fa79ee92cd9816ceed717a89

  • SHA1

    8fc30714703df3d16e5d7e3088b7f27117a1dca9

  • SHA256

    9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741

  • SHA512

    36a40c52261f4a8ddf5621e263a60b06b1c73dbb49e6d875e608215eff5a9b0dc1e2d90d3b08991e97363b9f9c67d828f3f5912e02efe635737d174d570f3bb6

  • SSDEEP

    1536:FvsmGlMjaO5Yj0byTLe+bmWgZCJg2lojCj9hy4szP2RQcY:FvLGlgej0byTLe5IojKxszP1z

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll,#1
      2⤵
        PID:2108

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads