kinsing | 708f68b143db773523d27ffeffed1384889a7b697cb34993d8c73959c619ffd0

Resubmissions

25-01-2024 18:00

25-01-2024 17:55

max time kernel
90s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:55

Target

75256c485cded57213f2bc9f1aaa155a.exe
Size

93KB
MD5

75256c485cded57213f2bc9f1aaa155a
SHA1

93dafd4bb10ed07c01be84e5aa94d03bebd0bcac
SHA256

708f68b143db773523d27ffeffed1384889a7b697cb34993d8c73959c619ffd0
SHA512

a8a5a3451179c8dc7fabfb723885bfa546b3d4cfd7e25dcf8fc4930f7272621fef9e9bfe26c9bdec7a9754e68ddf9cd3d22257b81359d1cf8bbdb1d887af570c
SSDEEP

1536:rDq935C9v7MP+NZlGjsE57dg144cLm8Y13LX/2U9cmPN3o6g:rDq93my0lGx57dg144clY1b+U9NN3oH

Score

10^/10

kinsing loader

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4064 4904 WerFault.exe 75256c485cded57213f2bc9f1aaa155a.exe
3328 4904 WerFault.exe 75256c485cded57213f2bc9f1aaa155a.exe

pid	pid_target	process	target process
4064	4904	WerFault.exe	75256c485cded57213f2bc9f1aaa155a.exe
3328	4904	WerFault.exe	75256c485cded57213f2bc9f1aaa155a.exe

C:\Users\Admin\AppData\Local\Temp\75256c485cded57213f2bc9f1aaa155a.exe
"C:\Users\Admin\AppData\Local\Temp\75256c485cded57213f2bc9f1aaa155a.exe"
1⤵
PID:4904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 220
  2⤵
  - Program crash
  PID:4064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 224
  2⤵
  - Program crash
  PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4904 -ip 4904
1⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4904 -ip 4904
1⤵
PID:4824