kinsing | e716f240b6054999b3c3c4f469350fde927b8f60e2f5462babbb4cf40e1595c9

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:04

Target

750b034271f9b8231b2d7d34cc70c8a8.dll
Size

71KB
MD5

750b034271f9b8231b2d7d34cc70c8a8
SHA1

7d08bbe11796293b6946080a80929b2331293608
SHA256

e716f240b6054999b3c3c4f469350fde927b8f60e2f5462babbb4cf40e1595c9
SHA512

73e8f95e34ba94b32801909399e10442fb03b491c52ac35b77166522e1823f7404a8e0ecf65ea070dd831047d09b0c20c66deaddedecde603025db3c12752f6a
SSDEEP

1536:UY9H/UGNy1whedO9nyQuJKMoBk35DS8R81bvA76MNTKIiRTswv5:b9HBN/IqyQe3pJN8G7vliR

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2788 3432 WerFault.exe regsvr32.exe

pid	pid_target	process	target process
2788	3432	WerFault.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1504 wrote to memory of 3432	1504	regsvr32.exe	regsvr32.exe
PID 1504 wrote to memory of 3432	1504	regsvr32.exe	regsvr32.exe
PID 1504 wrote to memory of 3432	1504	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\750b034271f9b8231b2d7d34cc70c8a8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1504

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\750b034271f9b8231b2d7d34cc70c8a8.dll
2⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 644
3⤵
- Program crash
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3432 -ip 3432
1⤵
PID:1960