kinsing | 944021660ccd13d1702dbb2ac36ef1cf669d5fcadf0124ececd648cdcec48b4e

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74eebfbecb09dec824a6d66c30293d0a.exe
Size

622KB
MD5

74eebfbecb09dec824a6d66c30293d0a
SHA1

7cbe4f91d04949f6efb4053e88d561554fa75236
SHA256

944021660ccd13d1702dbb2ac36ef1cf669d5fcadf0124ececd648cdcec48b4e
SHA512

1126c04f79ba126dfd4f551954c2018c9cbe5afca95e12cefeb3e8f5babbfa41958ea44baf7a70906e3b7651dab633731e1b116229235c0a53ee7d47ff3b88eb
SSDEEP

12288:jX3LIeYB3OutWcgYLi6yYzvF3Z4mxxB0UGpzXTNlLuT:jX3L7oztWcgYllQmXB0UAjNluT

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Executes dropped EXE 1 IoCs

Processes:

Server.exe

pid process

2056 Server.exe

pid	process
2056	Server.exe

Drops file in Program Files directory 3 IoCs

Processes:

74eebfbecb09dec824a6d66c30293d0a.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe	74eebfbecb09dec824a6d66c30293d0a.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe	74eebfbecb09dec824a6d66c30293d0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat	74eebfbecb09dec824a6d66c30293d0a.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3596 2056 WerFault.exe Server.exe

pid	pid_target	process	target process
3596	2056	WerFault.exe	Server.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

74eebfbecb09dec824a6d66c30293d0a.exeServer.exe

description	pid	process	target process
PID 1136 wrote to memory of 2056	1136	74eebfbecb09dec824a6d66c30293d0a.exe	Server.exe
PID 1136 wrote to memory of 2056	1136	74eebfbecb09dec824a6d66c30293d0a.exe	Server.exe
PID 1136 wrote to memory of 2056	1136	74eebfbecb09dec824a6d66c30293d0a.exe	Server.exe
PID 2056 wrote to memory of 2784	2056	Server.exe	IEXPLORE.EXE
PID 2056 wrote to memory of 2784	2056	Server.exe	IEXPLORE.EXE
PID 1136 wrote to memory of 4328	1136	74eebfbecb09dec824a6d66c30293d0a.exe	cmd.exe
PID 1136 wrote to memory of 4328	1136	74eebfbecb09dec824a6d66c30293d0a.exe	cmd.exe
PID 1136 wrote to memory of 4328	1136	74eebfbecb09dec824a6d66c30293d0a.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\74eebfbecb09dec824a6d66c30293d0a.exe
"C:\Users\Admin\AppData\Local\Temp\74eebfbecb09dec824a6d66c30293d0a.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1136

C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe
"C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2056

C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
3⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 652
3⤵
- Program crash
PID:3596

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat""
2⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2056 -ip 2056
1⤵
PID:4996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat
Filesize
184B

MD5
b74ab14d22b26c544101fa272703fb3e

SHA1
a90fe18cca184ea375b1fc8c9985df0db25a2709

SHA256
cf9727a38944cc5ceb9c5b06622bcfecb17416432c0bdcb65c4e40fc0ecf9957

SHA512
a94a94952632c2b38776949ede59679bf3ee383643a3f3faf4d5116bc1b168a055a1ad12ae4aec7d80ad4828cc990cabfcf9b8a1dc91cc64cff6cf22e11cf8c2

Download Submit
C:\Program Files\Common Files\microsoft shared\MSInfo\Server.exe
Filesize
622KB

MD5
74eebfbecb09dec824a6d66c30293d0a

SHA1
7cbe4f91d04949f6efb4053e88d561554fa75236

SHA256
944021660ccd13d1702dbb2ac36ef1cf669d5fcadf0124ececd648cdcec48b4e

SHA512
1126c04f79ba126dfd4f551954c2018c9cbe5afca95e12cefeb3e8f5babbfa41958ea44baf7a70906e3b7651dab633731e1b116229235c0a53ee7d47ff3b88eb

Download Submit
memory/1136-0-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/1136-1-0x0000000002320000-0x0000000002374000-memory.dmp

Filesize
336KB

Download
memory/1136-9-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/1136-18-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/1136-21-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/1136-20-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/1136-22-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/1136-19-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/1136-65-0x0000000003A20000-0x0000000003A21000-memory.dmp

Filesize
4KB

Download
memory/1136-64-0x0000000003A00000-0x0000000003A01000-memory.dmp

Filesize
4KB

Download
memory/1136-63-0x00000000039E0000-0x00000000039E1000-memory.dmp

Filesize
4KB

Download
memory/1136-62-0x00000000039A0000-0x00000000039A1000-memory.dmp

Filesize
4KB

Download
memory/1136-61-0x0000000003980000-0x0000000003981000-memory.dmp

Filesize
4KB

Download
memory/1136-60-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/1136-59-0x0000000003950000-0x0000000003951000-memory.dmp

Filesize
4KB

Download
memory/1136-58-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/1136-57-0x0000000003A30000-0x0000000003A31000-memory.dmp

Filesize
4KB

Download
memory/1136-56-0x0000000003A10000-0x0000000003A11000-memory.dmp

Filesize
4KB

Download
memory/1136-55-0x00000000039F0000-0x00000000039F1000-memory.dmp

Filesize
4KB

Download
memory/1136-54-0x00000000039D0000-0x00000000039D1000-memory.dmp

Filesize
4KB

Download
memory/1136-53-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/1136-52-0x00000000039C0000-0x00000000039C1000-memory.dmp

Filesize
4KB

Download
memory/1136-51-0x0000000003990000-0x0000000003991000-memory.dmp

Filesize
4KB

Download
memory/1136-50-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/1136-49-0x0000000003940000-0x0000000003941000-memory.dmp

Filesize
4KB

Download
memory/1136-48-0x0000000003910000-0x0000000003911000-memory.dmp

Filesize
4KB

Download
memory/1136-47-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/1136-46-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/1136-45-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/1136-44-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/1136-43-0x0000000003780000-0x0000000003781000-memory.dmp

Filesize
4KB

Download
memory/1136-42-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/1136-41-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/1136-40-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/1136-39-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/1136-38-0x0000000003740000-0x0000000003741000-memory.dmp

Filesize
4KB

Download
memory/1136-37-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/1136-36-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/1136-35-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/1136-34-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/1136-33-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/1136-32-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/1136-31-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/1136-30-0x0000000003590000-0x0000000003591000-memory.dmp

Filesize
4KB

Download
memory/1136-29-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/1136-28-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download
memory/1136-27-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/1136-26-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/1136-25-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/1136-24-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/1136-23-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/1136-15-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1136-14-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/1136-13-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/1136-12-0x00000000034F0000-0x00000000034F3000-memory.dmp

Filesize
12KB

Download
memory/1136-11-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/1136-10-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1136-8-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/1136-7-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/1136-6-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/1136-5-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1136-4-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/1136-3-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1136-2-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/1136-113-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/2056-118-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download