kinsing | d5fd4bbb8a4e7c67a02410b0ffdea75d9752115b1509e6b1943423fd12c42a78

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:35

Target

751b9f800623a95400199b9b2764eb00.exe
Size

94KB
MD5

751b9f800623a95400199b9b2764eb00
SHA1

7c39cc186c5771cb62e97459b09c4785a371f5a7
SHA256

d5fd4bbb8a4e7c67a02410b0ffdea75d9752115b1509e6b1943423fd12c42a78
SHA512

055fa43f426610dd9f3d2d556648fdbfaee363235fa24a3da052652aa34f7c251002c2a06ab2997665c4928d8acdaf9f787aa1f1155ebddaff3a17b03e02c9e1
SSDEEP

1536:rNcsNM1tBy+GlxfnXgS2kdn6Pj3tXcGfSy9fhGt4ALiPGriKlX:rNBNclGTfnX8k8j3tXcGfSShHALi8J

Score

10^/10

kinsing loader

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3276 set thread context of 4976	3276	751b9f800623a95400199b9b2764eb00.exe	86

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4976	751b9f800623a95400199b9b2764eb00.exe
4976	751b9f800623a95400199b9b2764eb00.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 4976	3276	751b9f800623a95400199b9b2764eb00.exe	86
PID 3276 wrote to memory of 4976	3276	751b9f800623a95400199b9b2764eb00.exe	86
PID 3276 wrote to memory of 4976	3276	751b9f800623a95400199b9b2764eb00.exe	86
PID 3276 wrote to memory of 4976	3276	751b9f800623a95400199b9b2764eb00.exe	86
PID 3276 wrote to memory of 4976	3276	751b9f800623a95400199b9b2764eb00.exe	86
PID 3276 wrote to memory of 4976	3276	751b9f800623a95400199b9b2764eb00.exe	86
PID 4976 wrote to memory of 3548	4976	751b9f800623a95400199b9b2764eb00.exe	39
PID 4976 wrote to memory of 3548	4976	751b9f800623a95400199b9b2764eb00.exe	39
PID 4976 wrote to memory of 3548	4976	751b9f800623a95400199b9b2764eb00.exe	39
PID 4976 wrote to memory of 3548	4976	751b9f800623a95400199b9b2764eb00.exe	39
PID 4976 wrote to memory of 3548	4976	751b9f800623a95400199b9b2764eb00.exe	39
PID 4976 wrote to memory of 3548	4976	751b9f800623a95400199b9b2764eb00.exe	39

memory/3548-6-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/3548-8-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

Filesize
24KB

Download
memory/4976-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4976-2-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4976-3-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4976-4-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/4976-14-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download