Overview

overview

10

Static

static

1

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

10

Resubmissions

25-01-2024 16:51

240125-vcy2msbhcp 10

25-01-2024 16:46

240125-t99nzaahh5 10

Analysis

  • max time kernel
    88s
  • max time network
    89s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-1.html

  • Size

    20KB

  • MD5

    683eb6dd669e7785ca72315f9d050fe1

  • SHA1

    f50f898b4fbdcf47646645efa35f1848bad63487

  • SHA256

    3724cc7de685fa9765a50bf7103535feaf7eb155ef8cd980dc664c34e360c0ef

  • SHA512

    832ffd5884df08537698625422f3d275d2c163e861296afa5f90aa8f013e8e6796ec71f495fd201e9c18d499a7ff8ece3706ebce1821485761b53956807b4ddd

  • SSDEEP

    384:9CQ5nyZdJWQSYS/yy/Xr/o6v/ohv/Nav/i3/tfz3/n3/Y3/002QjdWLSyhQQQQQu:gsdxD/2g2JvMDrpU

Score
10/10
kinsingloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4160
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4160 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5116
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4160 CREDAT:17414 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B
    Filesize

    471B

    MD5

    438f3b63d15a08279b9204b7fbf1688d

    SHA1

    ce7bbef846a1794be0fe74dc4f1ac23e3dca0709

    SHA256

    42d01a295079dc7514622ddc9b5b9219245ed5b814d342d4cabc55187adea487

    SHA512

    53ddf23140c0fb09f5a16d4889b2730404fba9d7b4ec6746a1a4cb8e32d6b16c3e36eb500f0c7777123049132b3b4c18b9be19801a34fe90d6358fadd77cc993

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    1d7f25dc2d6699e79619c31ff8908f6c

    SHA1

    de3c1be6c3f3e7f6eadbe715ae575794e5bf1221

    SHA256

    845c8a47772a9c534cf13a177c83c40db250a6dbbd0a369401ea884b8d058d6e

    SHA512

    7a6e1765a31821e79b766ea0675ed17d735a40766d5fcd6cc305a8d33b8257d11e492d4ad8626f2909e1c2c2d93e8d04ed133effd0a3ec29324ec3ca36a22a1e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B
    Filesize

    416B

    MD5

    dd7c7e7ce5291c61f1ffeaf26733d998

    SHA1

    1cccf3e24b6b33330e1508d185f929bb21d80350

    SHA256

    90ceba3b165e4a6d11cd0ddcc205e1aa85599f2f89402048440478120ec21b22

    SHA512

    a35655cf02b541fface6d082de21d93da16890fa8a3d428edfd037011012970f47b791360902a7154c4a9fad0eb58dd30741f399285e75c382939222aecbc517

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    d3bd3d947d645949002f5dd78f1028fb

    SHA1

    5d6af5728dec19dffced96526b920107b79f4496

    SHA256

    9bd97612ae79089e0f41bc3e964ac488e5a6f203099ba270288ba1b99b5c6ebf

    SHA512

    34b71d63719450378348ac1b65f05cc7dfa5985fe3a4d4149c98559e0d4b1af4e02654300cdad2221d6fa11f316cd1d0d03f709a5dbcdf1c0d5ea86acda7a93d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M3CR38DN\www.amazon[1].xml
    Filesize

    14KB

    MD5

    cd0de117208e28137619efb024c393fc

    SHA1

    05f837540beda1b75fb7e01d07e8ad7c8e341c23

    SHA256

    2a35c35b24442dbd64bfbde7dcb864c5f204ef0e23e86e87d1e1165b7d541feb

    SHA512

    c5acf23e95a839deee9e1d3a93339f92a40ae988f7c5b9d84296a54de80951702fe92ddf71d2da42e40491842490c8cde5670b288fcb2667f0bd6a3a507ea50b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\r9e610m\imagestore.dat
    Filesize

    17KB

    MD5

    69141b1690d44841990ddc6cf71623ec

    SHA1

    283b7f49cf14e165f87d50824540e1390424914c

    SHA256

    9f37048903ac619cb8cfaa39c62880968a6c84beec4a5fd511e1258c31fc598b

    SHA512

    348d28769bd209d652a254becb19de9fcd5a6d1070879d4cd0a5cb8cee5e5a89c353dff88d55272bb3c23ec14dda71af9461e156b925b9b28ecb7c566c212cc6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\PTLR3LMU.gif
    Filesize

    43B

    MD5

    e68cc604cab69bf03b8cd228d940f5ef

    SHA1

    15c0c62c4c7c917b5dd82a8e1e439211a44b9e98

    SHA256

    a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce

    SHA512

    e250128e5ebe1384113c834409befb9cd0728b68ef07ab3450cb0a11f64a8ae9b29c48695db73d0e4bba0fd976bdcc24beea0f326fad1b4ca072bcce6e24e3a5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UCK1SA0Q\favicon[2].ico
    Filesize

    17KB

    MD5

    ca6619b86c2f6e6068b69ba3aaddb7e4

    SHA1

    c44a1bb9d14385334eb851fbb0afb19d961c1ee7

    SHA256

    17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09

    SHA512

    30f8f8618bfbcd57925411e6860a10b6ad9a60f2a6b08d35c870ea3f4cec4692596a937ff1457ceff5847d5da2b86ceba0200706625e28c56a2455e6a8c121d3

    Download Submit