kinsing | 202ecdd3d57ba69a070c9d3448d56019981e14c14e05b3f3a788021f5f7570d2

Analysis

max time kernel
92s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 17:35

Target

751bc7284282d568166cd73f6dfdb44b.exe
Size

598KB
MD5

751bc7284282d568166cd73f6dfdb44b
SHA1

ccbd61c67a70a696d982820cb520d81d11706275
SHA256

202ecdd3d57ba69a070c9d3448d56019981e14c14e05b3f3a788021f5f7570d2
SHA512

10dd2ce80c5cec1d5db57b52d834c706f02c3e4efa1a5743ce8c0bb99324a24be60d6bb180ce53dcd92fe1a312ef3a141b97364637210886f06550585a3d338f
SSDEEP

12288:+TwHlx1//xGf8GkkgwIAIEFXcbyg+yw1BRrMTGFrIsQg:+T2lxx4f8OFcbOrMTGlQg

Score

10^/10

kinsing loader

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 3992	4376	751bc7284282d568166cd73f6dfdb44b.exe	23
PID 4376 wrote to memory of 3992	4376	751bc7284282d568166cd73f6dfdb44b.exe	23
PID 4376 wrote to memory of 3992	4376	751bc7284282d568166cd73f6dfdb44b.exe	23
PID 4376 wrote to memory of 5024	4376	751bc7284282d568166cd73f6dfdb44b.exe	22
PID 4376 wrote to memory of 5024	4376	751bc7284282d568166cd73f6dfdb44b.exe	22
PID 4376 wrote to memory of 5024	4376	751bc7284282d568166cd73f6dfdb44b.exe	22

C:\Users\Admin\AppData\Local\Temp\751bc7284282d568166cd73f6dfdb44b.exe
"C:\Users\Admin\AppData\Local\Temp\751bc7284282d568166cd73f6dfdb44b.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Users\Admin\AppData\Local\Temp\751bc7284282d568166cd73f6dfdb44b.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:5024
- C:\Users\Admin\AppData\Local\Temp\751bc7284282d568166cd73f6dfdb44b.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:3992

memory/3992-9-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3992-10-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3992-15-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3992-14-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3992-7-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4376-4-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4376-1-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4376-8-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/4376-0-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4376-3-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/4376-2-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/5024-12-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/5024-5-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/5024-13-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/5024-11-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/5024-16-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download