kinsing | d2110a154ce623062a26ae44d43f0b06f1112f770c3f9d87b6284d8c79bf96c8

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 17:26 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7516ea10958ea081912651949df36e57.js
Size

9KB
MD5

7516ea10958ea081912651949df36e57
SHA1

140d1dfbfd74d50c8e3fbbc4cd78106c82aab4d6
SHA256

d2110a154ce623062a26ae44d43f0b06f1112f770c3f9d87b6284d8c79bf96c8
SHA512

6b36730d6190c8dfdc3d4a651ab910b4333bf4f089ce42c41e29c28e2d3d998366c6e8246ae02a3f0ca75a7bfe04488401a69780af405afce7731fa4f7f0237f
SSDEEP

192:3/KiPYQs8IpoHDFbw5HP42ze0Z1udWO4svHYx9TWLsQcdUtzk:t8Xze0CdWTsvHY/TWLsff

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\7516ea10958ea081912651949df36e57.js
1⤵
PID:1268

Network

DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

140.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.71.91.104.in-addr.arpa

IN PTR

Response

140.71.91.104.in-addr.arpa

IN PTR

a104-91-71-140deploystaticakamaitechnologiescom
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

81.171.91.138.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.171.91.138.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom

No results found

8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

140.71.91.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

140.71.91.104.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

81.171.91.138.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

81.171.91.138.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa

Windows 7 deprecation

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.