kinsing | 54fff92b7ec716bea89b872bb2eca31d8367cd50786bcada4b4464f9dfcb4e0b

Resubmissions

25-01-2024 18:00

25-01-2024 17:54

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:54

Target

75252ed3edcacd50236c6d9e961f898f.exe
Size

1.9MB
MD5

75252ed3edcacd50236c6d9e961f898f
SHA1

efef972a8f54fa5d42ca2d622fb94f4d8747af34
SHA256

54fff92b7ec716bea89b872bb2eca31d8367cd50786bcada4b4464f9dfcb4e0b
SHA512

f03eae8e273f4775482e1949e51f5a231e3b63a9e09a6945a0467210990f89d517375808b4dcbfa4ceac450294de054a780aef04f7de5d88743caa2895fa770b
SSDEEP

24576:N2oo60HPdt+1CRiY2eOBvcj3u10dwZK/QO1TUUZx9BulEO9RK0u+39IQoOLyUFF/:Qoa1taC070d/QAUYMlp9RKc3WQoOLvF/

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Deletes itself 1 IoCs

Processes:

D7F1.tmp

pid process

4748 D7F1.tmp
Executes dropped EXE 1 IoCs

Processes:

D7F1.tmp

pid process

4748 D7F1.tmp

pid	process
4748	D7F1.tmp

pid	process
4748	D7F1.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

75252ed3edcacd50236c6d9e961f898f.exe

description	pid	process	target process
PID 4396 wrote to memory of 4748	4396	75252ed3edcacd50236c6d9e961f898f.exe	D7F1.tmp
PID 4396 wrote to memory of 4748	4396	75252ed3edcacd50236c6d9e961f898f.exe	D7F1.tmp
PID 4396 wrote to memory of 4748	4396	75252ed3edcacd50236c6d9e961f898f.exe	D7F1.tmp

C:\Users\Admin\AppData\Local\Temp\75252ed3edcacd50236c6d9e961f898f.exe
"C:\Users\Admin\AppData\Local\Temp\75252ed3edcacd50236c6d9e961f898f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Users\Admin\AppData\Local\Temp\D7F1.tmp
  "C:\Users\Admin\AppData\Local\Temp\D7F1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\75252ed3edcacd50236c6d9e961f898f.exe 1EA304AFFE919DEB993777CCBEFC75692371B1CDAA557AEB5CA174594A14E355F3DE9E4F352D2B5B5DA1A9FFA9877572693C6BBF1CA90C553F079ED32512309F
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:4748

C:\Users\Admin\AppData\Local\Temp\D7F1.tmp

Filesize
1.9MB

MD5
268c719bf3085f035c97e36bbcc744c0

SHA1
839e5ded637b47640bcaef0622e25e2ac0c18989

SHA256
9069b2e34601d54299642a14e188e35bb327d2129e87c0f57910a80a81df50b7

SHA512
021a6b31c3e707e5d322c7044f6f6db3a9e301ad5aedec407ad597a4600cb9f3b2c998ca7b868db6295ccc48fdf1052431fb08c98236cf99f681386aa2071da4

Download Submit
memory/4396-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/4748-5-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download