kinsing | c23275d4dae471f6d6b8d18b96b6e1c08c7ec96734893774593b286f275ed462 | Triage

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:58

Sharing

Report Analysis Logs

General

Target

7507c0a82bb8f35d03f6380842b1c8ba.dll
Size

3KB
MD5

7507c0a82bb8f35d03f6380842b1c8ba
SHA1

1c18b28cc62284af8ed512d3f6c61e238bd89ae4
SHA256

c23275d4dae471f6d6b8d18b96b6e1c08c7ec96734893774593b286f275ed462
SHA512

a4c0229cb0411250b37e46168860981138a104fece6858e28406dc13f2489351747043048f5fa356edc324f5383423eae731849731e5bcf4da664d1233680916

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3776 wrote to memory of 1256	3776	rundll32.exe	rundll32.exe
PID 3776 wrote to memory of 1256	3776	rundll32.exe	rundll32.exe
PID 3776 wrote to memory of 1256	3776	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7507c0a82bb8f35d03f6380842b1c8ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7507c0a82bb8f35d03f6380842b1c8ba.dll,#1
2⤵
PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...