kinsing | 86fe5525454ebabf6fd3c8510268c7ccd07c466d22dc5b0a8c45436f02a65cbe

Analysis

max time kernel
89s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:21

Target

751466fc245a3eadaa224a87b6049524.exe
Size

1.3MB
MD5

751466fc245a3eadaa224a87b6049524
SHA1

bb68981df4b05a4377f3f95062905a9397effff9
SHA256

86fe5525454ebabf6fd3c8510268c7ccd07c466d22dc5b0a8c45436f02a65cbe
SHA512

7121ef1992ac4227e1c09a65e154a61df5a9e69e33a02a2a4b850629e809abdab3f97a9c8fcd13cf66706fc7d17d291fbd2a9ad8427c481acc424e4bb35cd9ea
SSDEEP

24576:6XhkaxjVFgpezYBxpBhhw9swR5/AjJM7c/iky4/mrg0EROPFXL2IXjaTRyUW7Wc:6Xhk6Fgp4YTpFwKDJM7c/M4qgZ8F7HOu

Score

10^/10

kinsing loader upx

Deletes itself 1 IoCs

pid	Process
3828	751466fc245a3eadaa224a87b6049524.exe

Executes dropped EXE 1 IoCs

pid	Process
3828	751466fc245a3eadaa224a87b6049524.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1544-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00090000000231eb-11.dat	upx
behavioral2/memory/3828-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1544	751466fc245a3eadaa224a87b6049524.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1544	751466fc245a3eadaa224a87b6049524.exe
3828	751466fc245a3eadaa224a87b6049524.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 3828	1544	751466fc245a3eadaa224a87b6049524.exe	86
PID 1544 wrote to memory of 3828	1544	751466fc245a3eadaa224a87b6049524.exe	86
PID 1544 wrote to memory of 3828	1544	751466fc245a3eadaa224a87b6049524.exe	86

C:\Users\Admin\AppData\Local\Temp\751466fc245a3eadaa224a87b6049524.exe

Filesize
530KB

MD5
4205b482a491ed20386b0092e1e57af3

SHA1
af17467da96e490d48435b023345c9065980b9bc

SHA256
c9abcccfb7a495e7ddfc8f0f88549f703d102d1c5053d60e9006990c77257660

SHA512
4b4bf29a07f7c9b23c79e77ca300baba8f3f8e69db4e6a8e9600c157348d703232ff2b39fc1feb7e896b1281141bc7c4b832adcd0bc84d413ae48de9f3b53061

Download Submit
memory/1544-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1544-1-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/1544-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1544-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3828-16-0x0000000001C60000-0x0000000001D93000-memory.dmp

Filesize
1.2MB

Download
memory/3828-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3828-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3828-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3828-20-0x0000000005560000-0x000000000578A000-memory.dmp

Filesize
2.2MB

Download
memory/3828-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download