kinsing | 7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:01

Target

7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll
Size

453KB
MD5

ce7fd7a4b05f2a4bf072e083976eca45
SHA1

f1c6e2e0850d89c3b8b72e2bac30a28725953e8a
SHA256

7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5
SHA512

60e41c0ee4318932b13a5a1f2ded649a9a0e29972634254da95c4085cb6998aa5651114220b933355426deb8808c703e75388744854c13f3936db0fca486085e
SSDEEP

6144:2rmi88sG/URINLixJwxcTBABnCLa50cnQ3rWadlIGkLEqUDTQ45:2rGG/U+RixuxY402tnQ3rFIP45

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3880 wrote to memory of 3356	3880	rundll32.exe	rundll32.exe
PID 3880 wrote to memory of 3356	3880	rundll32.exe	rundll32.exe
PID 3880 wrote to memory of 3356	3880	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3880

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll,#1
2⤵
PID:3356