kinsing | de1fe84c7f43c39cfdec88e4ea68528aa9fb83ecebe86a54321c563115617c3c

Analysis

max time kernel
93s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:26

Target

74f734fbd212b859927c303d376be7b1.exe
Size

686KB
MD5

74f734fbd212b859927c303d376be7b1
SHA1

ac326c95103cfacded5c4bf8902720fb9f7b5e18
SHA256

de1fe84c7f43c39cfdec88e4ea68528aa9fb83ecebe86a54321c563115617c3c
SHA512

8bce2830e04fa377fddeb5db2ba9a4da14ec653b32d310c28dae175a4104a96cd5f0282735140ca8225974b9158efc28511cc4880dbab668254ab4c27201eafa
SSDEEP

12288:pITW0SsSYpDlta31MUhXjNM3PQ7TxIcntupZB78Fs5GIph8y:pITW0Ss3D7aucXjAPQ7l30pb7rGy

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Suspicious use of SetThreadContext 1 IoCs

Processes:

74f734fbd212b859927c303d376be7b1.exe

description pid process target process

PID 2520 set thread context of 344 2520 74f734fbd212b859927c303d376be7b1.exe 74f734fbd212b859927c303d376be7b1.exe

description	pid	process	target process
PID 2520 set thread context of 344	2520	74f734fbd212b859927c303d376be7b1.exe	74f734fbd212b859927c303d376be7b1.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

74f734fbd212b859927c303d376be7b1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

74f734fbd212b859927c303d376be7b1.exe

pid process

2520 74f734fbd212b859927c303d376be7b1.exe

pid	process
2520	74f734fbd212b859927c303d376be7b1.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

74f734fbd212b859927c303d376be7b1.exe74f734fbd212b859927c303d376be7b1.exe

description	pid	process	target process
PID 2520 wrote to memory of 344	2520	74f734fbd212b859927c303d376be7b1.exe	74f734fbd212b859927c303d376be7b1.exe
PID 2520 wrote to memory of 344	2520	74f734fbd212b859927c303d376be7b1.exe	74f734fbd212b859927c303d376be7b1.exe
PID 2520 wrote to memory of 344	2520	74f734fbd212b859927c303d376be7b1.exe	74f734fbd212b859927c303d376be7b1.exe
PID 2520 wrote to memory of 344	2520	74f734fbd212b859927c303d376be7b1.exe	74f734fbd212b859927c303d376be7b1.exe
PID 2520 wrote to memory of 344	2520	74f734fbd212b859927c303d376be7b1.exe	74f734fbd212b859927c303d376be7b1.exe
PID 2520 wrote to memory of 344	2520	74f734fbd212b859927c303d376be7b1.exe	74f734fbd212b859927c303d376be7b1.exe
PID 2520 wrote to memory of 344	2520	74f734fbd212b859927c303d376be7b1.exe	74f734fbd212b859927c303d376be7b1.exe
PID 344 wrote to memory of 3520	344	74f734fbd212b859927c303d376be7b1.exe	Explorer.EXE
PID 344 wrote to memory of 3520	344	74f734fbd212b859927c303d376be7b1.exe	Explorer.EXE
PID 344 wrote to memory of 3520	344	74f734fbd212b859927c303d376be7b1.exe	Explorer.EXE
PID 344 wrote to memory of 3520	344	74f734fbd212b859927c303d376be7b1.exe	Explorer.EXE

memory/344-9-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/344-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/344-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/344-10-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/344-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/344-16-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2520-0-0x0000000000400000-0x00000000005B9000-memory.dmp

Filesize
1.7MB

Download
memory/2520-3-0x0000000000400000-0x00000000005B9000-memory.dmp

Filesize
1.7MB

Download
memory/2520-1-0x0000000000400000-0x00000000005B9000-memory.dmp

Filesize
1.7MB

Download
memory/2520-8-0x0000000000400000-0x00000000005B9000-memory.dmp

Filesize
1.7MB

Download
memory/3520-11-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3520-12-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download