kinsing | 9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:02

Target

9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll
Size

89KB
MD5

cad9cfa9fa79ee92cd9816ceed717a89
SHA1

8fc30714703df3d16e5d7e3088b7f27117a1dca9
SHA256

9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741
SHA512

36a40c52261f4a8ddf5621e263a60b06b1c73dbb49e6d875e608215eff5a9b0dc1e2d90d3b08991e97363b9f9c67d828f3f5912e02efe635737d174d570f3bb6
SSDEEP

1536:FvsmGlMjaO5Yj0byTLe+bmWgZCJg2lojCj9hy4szP2RQcY:FvLGlgej0byTLe5IojKxszP1z

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1112 wrote to memory of 2108	1112	rundll32.exe	rundll32.exe
PID 1112 wrote to memory of 2108	1112	rundll32.exe	rundll32.exe
PID 1112 wrote to memory of 2108	1112	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll,#1
2⤵
PID:2108