kinsing | 426fec334451663204948caea397a56aed58dec43de28c6a4fdaed7f6ce433fe

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:27

Target

kolebot/dat/psapi.dll
Size

22KB
MD5

c24d2a8da25295117dc31d423a146fa5
SHA1

fa6dcb66cb9601bf78aef140dcd00b8bde779bec
SHA256

04e53276c1ecdf0017eef86d8281db6b899dcc58318da3452dec6aeb793b9d7f
SHA512

27ba97532c7293e3eaf07e8ae482b79072ddc5456de8fb1a1baa7e023295cb0e99ce5d6cd0b9a657555c85eb089c90d96a8eb1b7e46a895aa1d94086ad434d26
SSDEEP

384:rnIgBApSLPuSO6lDA85aZsaA6hfMl0f1DSneOV+o4CXqR7yAuyOosmMLoWZjPAWZ:8gOSROSOZ9Mef1CDSRu3vP4

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 4324	4768	rundll32.exe	39
PID 4768 wrote to memory of 4324	4768	rundll32.exe	39
PID 4768 wrote to memory of 4324	4768	rundll32.exe	39

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\kolebot\dat\psapi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\kolebot\dat\psapi.dll,#1
  2⤵
  PID:4324