kinsing | a29dff08ea24e6d43ebbcb090e8e3898a766918245819bfb2e46ebea3ed09c81 | Triage

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:04

Sharing

Report Analysis Logs

General

Target

74ed6fee9f5713859a6aa75494ce901e.dll
Size

57KB
MD5

74ed6fee9f5713859a6aa75494ce901e
SHA1

3aaac41035d5a27b561b95ed76d8dfcb4bdd7066
SHA256

a29dff08ea24e6d43ebbcb090e8e3898a766918245819bfb2e46ebea3ed09c81
SHA512

5f95b8fe149840a613001c8bbf8af5640e9ba2c2ce75e7401e8c0c47f687388fbddb26c824aa6e6baa753b7cd42666371c22d6e35ba3120fc318e7b85e7e8e9d
SSDEEP

1536:hr7OaFCsK5Ehd0tkrpVUEkJ+H0jYJqXoxHOTMdtg:tOaY5m2Kr0EUG0jxX6OQ3g

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 980 wrote to memory of 2360	980	rundll32.exe	rundll32.exe
PID 980 wrote to memory of 2360	980	rundll32.exe	rundll32.exe
PID 980 wrote to memory of 2360	980	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74ed6fee9f5713859a6aa75494ce901e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:980

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74ed6fee9f5713859a6aa75494ce901e.dll,#1
2⤵
PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...