kinsing | 667eea281435836e7fbeb42879d95a8fb41a1327a4fe6af2e696e3b767657b05

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:16

Target

7511a6065a89a6112cef52767cc7e4d5.exe
Size

3.0MB
MD5

7511a6065a89a6112cef52767cc7e4d5
SHA1

5b6a67824968d918b7dbdfb5e8e44b207b16c1d6
SHA256

667eea281435836e7fbeb42879d95a8fb41a1327a4fe6af2e696e3b767657b05
SHA512

a5dbf7fb2a4e78359a33fab6afab3524e5e6fe081886f298e574ff9d16e4182e77b962d25c538b611872fa984042f8f75b1f2ef9b7b63860270cb5d63117fb10
SSDEEP

49152:8qeNVewort4DG3/eoEcnNL3kTq5sz3ISxUzZknRnNl5M6Yqi6e79tUkMS2Df5JC:JEcJrt4DqeqNL3kdzhxUNuNl5M6YqLej

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Executes dropped EXE 1 IoCs

Processes:

7511a6065a89a6112cef52767cc7e4d5.tmp

pid process

2284 7511a6065a89a6112cef52767cc7e4d5.tmp

pid	process
2284	7511a6065a89a6112cef52767cc7e4d5.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

7511a6065a89a6112cef52767cc7e4d5.exe

description	pid	process	target process
PID 1408 wrote to memory of 2284	1408	7511a6065a89a6112cef52767cc7e4d5.exe	7511a6065a89a6112cef52767cc7e4d5.tmp
PID 1408 wrote to memory of 2284	1408	7511a6065a89a6112cef52767cc7e4d5.exe	7511a6065a89a6112cef52767cc7e4d5.tmp
PID 1408 wrote to memory of 2284	1408	7511a6065a89a6112cef52767cc7e4d5.exe	7511a6065a89a6112cef52767cc7e4d5.tmp

C:\Users\Admin\AppData\Local\Temp\7511a6065a89a6112cef52767cc7e4d5.exe
"C:\Users\Admin\AppData\Local\Temp\7511a6065a89a6112cef52767cc7e4d5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1408

C:\Users\Admin\AppData\Local\Temp\is-422LP.tmp\7511a6065a89a6112cef52767cc7e4d5.tmp
"C:\Users\Admin\AppData\Local\Temp\is-422LP.tmp\7511a6065a89a6112cef52767cc7e4d5.tmp" /SL5="$501C4,2406299,780800,C:\Users\Admin\AppData\Local\Temp\7511a6065a89a6112cef52767cc7e4d5.exe"
2⤵
- Executes dropped EXE
PID:2284

C:\Users\Admin\AppData\Local\Temp\is-422LP.tmp\7511a6065a89a6112cef52767cc7e4d5.tmp
Filesize
2.5MB

MD5
3b3d034eef9bc9d652e9e3d834f68abe

SHA1
005bef3b9e0a5990241b0cad23a2118f8ef1a441

SHA256
869413c0e3194585bbab998f02382cff2b1001ba0b1bcfbf30edaf9e14b09ee7

SHA512
3bc9d197932e8349daafe34f340886b7f72b0b7366e25882644183a85dd1d59a6c7691989f3e17aa8137293b9f3ee403d6ca5986bd66c88fc082a1c1919ecba1

Download Submit
memory/1408-0-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1408-7-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2284-5-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/2284-8-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/2284-11-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download