kinsing | 7f295a18bd5eca0a4584f31fdf3d567bdfa80f6602dd5819d331f349bf4ba150 | Triage

Analysis

max time kernel
155s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:01

Sharing

Report Analysis Logs

General

Target

75098fcc2a67552f7b460586397e28fd.exe
Size

80KB
MD5

75098fcc2a67552f7b460586397e28fd
SHA1

f27e20f7e8031bdfa825642c9ce2f0f1a8ab2a21
SHA256

7f295a18bd5eca0a4584f31fdf3d567bdfa80f6602dd5819d331f349bf4ba150
SHA512

da2021ed4a5a7927278df1f5e1e3413fbf15babcc55d4840bb6200d4c73cf8897621e9aee06e6db54095015902e21c86ba36923eb335b89ed7a613acf72a2e97
SSDEEP

1536:+zWsWHRwXZGZjq+UCh7YEPs6+tVZuvicmEY5:+zyHR6GZjqUhnk5iiWY5

Score

10^/10

kinsing loader upx

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/1472-0-0x0000000013150000-0x0000000013185000-memory.dmp	upx
behavioral2/memory/1472-1-0x0000000013150000-0x0000000013185000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3424 1472 WerFault.exe 75098fcc2a67552f7b460586397e28fd.exe

C:\Users\Admin\AppData\Local\Temp\75098fcc2a67552f7b460586397e28fd.exe
"C:\Users\Admin\AppData\Local\Temp\75098fcc2a67552f7b460586397e28fd.exe"
1⤵
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 312
2⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1472 -ip 1472
1⤵
PID:1856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1472-0-0x0000000013150000-0x0000000013185000-memory.dmp

Filesize
212KB

Download
memory/1472-1-0x0000000013150000-0x0000000013185000-memory.dmp

Filesize
212KB

Download