Analysis
-
max time kernel
133s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25-01-2024 17:01
General
-
Target
75096376efd7348a3b5e7b0415ef941a.exe
-
Size
366KB
-
MD5
75096376efd7348a3b5e7b0415ef941a
-
SHA1
fe93068fc5f13340ed9ba611a4423146623d9ff6
-
SHA256
a8f1b931d3353ccf29dee69392d154bb610004b00b272ba74fe12077182d2c67
-
SHA512
b527182dd3018d06f390dd6991a7e5f33c2639ab4f6780d273af18126054b6c6c37fa6158ceb88576943dfaaebd7223c81a0db6fab7569c4b50f22bde1d31589
-
SSDEEP
6144:rUGZjWMN2Sse4d3ERvBxc7hsp8GcUL67rOcQ/j0/3jiSiytZoVazMl:rK7SsvdMvLxpe63Yb3tZRzQ
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Program crash 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\75096376efd7348a3b5e7b0415ef941a.exe"C:\Users\Admin\AppData\Local\Temp\75096376efd7348a3b5e7b0415ef941a.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 2202⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 1402⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5056 -ip 50561⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5056 -ip 50561⤵