kinsing | dc2843dc3529f43324be0b38e979942942a77069473b6a3ddefb0e5be1d267ae

Analysis

max time kernel
132s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:25

Target

75162acd3500bbf916f427927dc21b33.exe
Size

2.9MB
MD5

75162acd3500bbf916f427927dc21b33
SHA1

657dc4e1b8eceba7c254edfe5c76a702a05a3eae
SHA256

dc2843dc3529f43324be0b38e979942942a77069473b6a3ddefb0e5be1d267ae
SHA512

32e65816e93f7ed08b935fbcbe53fb4ebda957038319008f6018aadbcf01ec813877f806965c732624ee2988c43c4e66980c675733494496135a386dde08987a
SSDEEP

49152:pruzZm03Dw3sRCgjq/FuapgWHz8kQ239t/rP4M338dB2IBlGuuDVUsdxxjeQZwxs:p2Q03888gW/FXpR5Rgg3gnl/IVUs1jek

Score

10^/10

kinsing loader upx

Deletes itself 1 IoCs

pid	Process
1104	75162acd3500bbf916f427927dc21b33.exe

Executes dropped EXE 1 IoCs

pid	Process
1104	75162acd3500bbf916f427927dc21b33.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2008-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231fd-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2008	75162acd3500bbf916f427927dc21b33.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2008	75162acd3500bbf916f427927dc21b33.exe
1104	75162acd3500bbf916f427927dc21b33.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1104	2008	75162acd3500bbf916f427927dc21b33.exe	59
PID 2008 wrote to memory of 1104	2008	75162acd3500bbf916f427927dc21b33.exe	59
PID 2008 wrote to memory of 1104	2008	75162acd3500bbf916f427927dc21b33.exe	59

C:\Users\Admin\AppData\Local\Temp\75162acd3500bbf916f427927dc21b33.exe

Filesize
57KB

MD5
f26c8d9f8fae61fee7ba97252942728d

SHA1
8b55ef10dcf82ebf9d3821dca7b87453cbc35269

SHA256
6f319eb6cc39862b04b3c924ed3b9bf81ce3a0b8e9b666f5013b451ee81ed8b5

SHA512
fed28f4cfb9a819061b82f21d9e8031c8b8f3ade4fc4c876278202b80371bdbf21ccae91dcfad2745f81f4868c96935a858f31140bdcf825e7c4b0ff898fa55a

Download Submit
memory/1104-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1104-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1104-13-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/1104-21-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/1104-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1104-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2008-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2008-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2008-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2008-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download