kinsing | 6065d78d62709f0fcfd25154d101bdb341873f9030a2f7fbeeaa8933d714ea91 | Triage

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:36

Sharing

Report Analysis Logs

General

Target

751c4224e4b8e7be4fdf68a690337275.exe
Size

128KB
MD5

751c4224e4b8e7be4fdf68a690337275
SHA1

36bf5372c3f898074b4977990e4630ef846cea6a
SHA256

6065d78d62709f0fcfd25154d101bdb341873f9030a2f7fbeeaa8933d714ea91
SHA512

0750aff2c1acb4300eee0ed3c5a4bee786b502a2823c6c9ae6908dfed41899a1f01df80b1018b0db958615a8d213d4405ed4a3d2906f2a212760a2f4f495f57a
SSDEEP

3072:EP/HlUgy0HVuzv+k2c9YDk/jnmm3rDOj3AM0FQcgt1n:2ylSvQnfOjQM0FLY

Score

10^/10

kinsing loader upx

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2272-0-0x0000000001000000-0x000000000104A000-memory.dmp	upx
behavioral2/memory/2272-1-0x0000000001000000-0x000000000104A000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

220 2272 WerFault.exe 751c4224e4b8e7be4fdf68a690337275.exe

C:\Users\Admin\AppData\Local\Temp\751c4224e4b8e7be4fdf68a690337275.exe
"C:\Users\Admin\AppData\Local\Temp\751c4224e4b8e7be4fdf68a690337275.exe"
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 292
2⤵
- Program crash
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2272 -ip 2272
1⤵
PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2272-0-0x0000000001000000-0x000000000104A000-memory.dmp

Filesize
296KB

Download
memory/2272-1-0x0000000001000000-0x000000000104A000-memory.dmp

Filesize
296KB

Download