kinsing | 4719fc177baf3e94f1e54097cb64d1c021315834f459f82c928ff43d6b738ce3

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:43

Target

751f9932ffe0735827f2b5fd43d19b4b.exe
Size

115KB
MD5

751f9932ffe0735827f2b5fd43d19b4b
SHA1

722c0e88c75ff43aa237ef976f720a5bdee85613
SHA256

4719fc177baf3e94f1e54097cb64d1c021315834f459f82c928ff43d6b738ce3
SHA512

7e673e5481de920ff7038a7020d73dd585af1d3dccd5555e152a621ff8ea001c90d38abdc58c812caf49efa901482860ffc87787175e94e0ed3393dbb39ad959
SSDEEP

3072:QdJyqnWGeiQj2x3qrG37XcV0cG12CsSxDE:QdJBEji3MaXc2cG12CsL

Score

10^/10

kinsing loader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

751f9932ffe0735827f2b5fd43d19b4b.exe

description	pid	process	target process
PID 4256 wrote to memory of 3216	4256	751f9932ffe0735827f2b5fd43d19b4b.exe	cmd.exe
PID 4256 wrote to memory of 3216	4256	751f9932ffe0735827f2b5fd43d19b4b.exe	cmd.exe
PID 4256 wrote to memory of 3216	4256	751f9932ffe0735827f2b5fd43d19b4b.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe
"C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4256

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4256VCHO.bat" "C:\Users\Admin\AppData\Local\Temp\751f9932ffe0735827f2b5fd43d19b4b.exe""
2⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\4256VCHO.bat
Filesize
1KB

MD5
182bcd65c8ab93477d157c5a7d51de6d

SHA1
db0115f6188ce94922e1ccc3284b242ad76a349d

SHA256
e8799507fafb5446bf1b15be837968c21398cb0ccb91984ccfa96102c234fb19

SHA512
bd21ee179c6e416de4f29f3d5e5ef8e89448b3ae13e53ee341965a237244ffb755358890283bd57d74de26745dfefd717116723864e5898c0326e9625fd10299

Download Submit
memory/4256-3-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download