kinsing | ce841f6ac1af8af0b7ea1320d5b362b9c92e2cfb1e11ceb0144f2396d70bf187

Analysis

max time kernel
141s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7520c8a018f453f8707858ce31f29cd1.exe
Size

874KB
MD5

7520c8a018f453f8707858ce31f29cd1
SHA1

87d618344e01afa04fe6ebe2cd44d3550f6d44b4
SHA256

ce841f6ac1af8af0b7ea1320d5b362b9c92e2cfb1e11ceb0144f2396d70bf187
SHA512

f0a3bd7429b5114b6b88b34d51c92cbbf59a072952b7433a69e730fb55127ab3411ebf8e5b01bd546f45cb5858472d90e40cead86062332db262a6e991066dee
SSDEEP

12288:jP2q1UidZTYVwLJJa8MjesJGsCGo7YNQFLPxez8dFlZqBLEx/5FemhJqMrUANW+Y:JYEJJijbNIwQSz+81EbFL3NrU0W0RK

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs

Processes:

7520c8a018f453f8707858ce31f29cd1.exe

pid	Process
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

7520c8a018f453f8707858ce31f29cd1.exe

pid	Process
4952	7520c8a018f453f8707858ce31f29cd1.exe
4952	7520c8a018f453f8707858ce31f29cd1.exe

C:\Users\Admin\AppData\Local\Temp\7520c8a018f453f8707858ce31f29cd1.exe
"C:\Users\Admin\AppData\Local\Temp\7520c8a018f453f8707858ce31f29cd1.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4952-0-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-1-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-2-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-4-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/4952-5-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-6-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-7-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-8-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-9-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/4952-10-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-11-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-12-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-13-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-15-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-16-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-17-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-18-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-19-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download
memory/4952-20-0x0000000000400000-0x0000000000834000-memory.dmp

Filesize
4.2MB

Download