kinsing | 59cd648d8519ae67d7f3d6ee55aaa94b6f9f1715fcebad91b7bb1dc619e56ce8 | Triage

Analysis

max time kernel
133s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:21

Sharing

Report Analysis Logs

General

Target

751464ab86683e35cd05ff700e73b0e3.dll
Size

136KB
MD5

751464ab86683e35cd05ff700e73b0e3
SHA1

fe964f20bd5547a652b1547c84340cb9898b6392
SHA256

59cd648d8519ae67d7f3d6ee55aaa94b6f9f1715fcebad91b7bb1dc619e56ce8
SHA512

0595eaba725bf8e60303e329ecb2f81ee16aec5a7121df93d9fecec4646d036d2ea11f54db38f6385df7af179bd1bb7df2ec166eaf6d5c87ae7b5f6efbf9b1c9
SSDEEP

3072:+yQ4SZRskUeaaZ/OlymWqno+nni1RTC9uO7logye:+yqUkUeaaclD5WRTOygr

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1584 wrote to memory of 4852	1584	rundll32.exe	rundll32.exe
PID 1584 wrote to memory of 4852	1584	rundll32.exe	rundll32.exe
PID 1584 wrote to memory of 4852	1584	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\751464ab86683e35cd05ff700e73b0e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1584

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\751464ab86683e35cd05ff700e73b0e3.dll,#1
2⤵
PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...