Overview

overview

10

Static

static

7

About.chm

windows7-x64

1

About.chm

windows10-2004-x64

10

Setup_s34.exe

windows7-x64

7

Setup_s34.exe

windows10-2004-x64

10

baid.exe

windows7-x64

7

baid.exe

windows10-2004-x64

10

bind_8152.exe

windows7-x64

7

bind_8152.exe

windows10-2004-x64

10

duisc.exe

windows7-x64

8

duisc.exe

windows10-2004-x64

10

edmtd.exe

windows7-x64

7

edmtd.exe

windows10-2004-x64

10

itadx.exe

windows7-x64

7

itadx.exe

windows10-2004-x64

10

ly2_03.exe

windows7-x64

10

ly2_03.exe

windows10-2004-x64

10

pcast.exe

windows7-x64

10

pcast.exe

windows10-2004-x64

10

pingtu12.exe

windows7-x64

1

pingtu12.exe

windows10-2004-x64

10

qqa02_u88setup.exe

windows7-x64

8

qqa02_u88setup.exe

windows10-2004-x64

10

sdcnc.exe

windows7-x64

8

sdcnc.exe

windows10-2004-x64

10

sdpig.exe

windows7-x64

7

sdpig.exe

windows10-2004-x64

10

sdreg.exe

windows7-x64

1

sdreg.exe

windows10-2004-x64

10

sdset.exe

windows7-x64

10

sdset.exe

windows10-2004-x64

10

sogoutb_se...ni.exe

windows7-x64

7

sogoutb_se...ni.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sogoutb_setup_pp365sosoft08mini.exe

  • Size

    278KB

  • MD5

    92b357a9f68dfa0258054e456abbc7d9

  • SHA1

    c73faf7d44f0ffc916822d6f5f31b2c83805a46a

  • SHA256

    c131b74cb45585d0cd4fceee3ac98f7a0a5ac1679da9f38e6723d8915ea5ae26

  • SHA512

    06330dc13a4ebcb6d0560ca81c53767e36a79d4f43be18d0175d201fd4c866d4f856b7afcedac30f1516717427f02c5633ebeac1a94a96ab7da02d4ec3ffce52

  • SSDEEP

    6144:fPC9FFCLep04dvAg3BF0N0xi2Gm09w+uTK4wai/KmgHxaoHjgOA:XC/uemsVLOWnGeVmcagMOA

Score
10/10
kinsingdiscoveryloaderupx

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 34 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 8 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sogoutb_setup_pp365sosoft08mini.exe
    "C:\Users\Admin\AppData\Local\Temp\sogoutb_setup_pp365sosoft08mini.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Program Files (x86)\P4P\p2psvr.exe
      "C:\Program Files (x86)\P4P\p2psvr.exe" -i
      2⤵
      • Executes dropped EXE
      PID:1400
    • C:\Program Files (x86)\P4P\p2psvr.exe
      "C:\Program Files (x86)\P4P\p2psvr.exe"
      2⤵
      • Executes dropped EXE
      PID:3504
    • C:\Program Files (x86)\P4P\skinpacker.exe
      "C:\Program Files (x86)\P4P\skinpacker.exe" -g 00000000-0000-0000-0000-000000000000 -x
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:3968
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:1980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3988 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3364
    • C:\Program Files (x86)\P4P\p2psvr.exe
      "C:\Program Files (x86)\P4P\p2psvr.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      PID:2912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\P4P\00000000-0000-0000-0000-000000000000.zip
      Filesize

      8KB

      MD5

      3741bd383ef59274a868180fde3f5396

      SHA1

      be5abeb24d75dc5bc2121ba6b3ac01e809867822

      SHA256

      d1daef358e080e7cc93e59bf0ea650da71817dca658690704f5ed5a42910ce32

      SHA512

      a63208b120adb1030c6815dba758904623de1820589e649810608330a00dd89958a2efc726bd7bb7a5698ac7f5ad09d28313f7992342b9c1189687f8ed8e6765

      Download Submit
    • C:\Program Files (x86)\P4P\ToolBar.dll
      Filesize

      368KB

      MD5

      ecd46f74c062a44f2d1a891b3a232bd3

      SHA1

      69a1b6919dfc959624fbbf20ab941e5b1c78c26a

      SHA256

      465e5736d0883d293beadf51fc1f76b8f63f28a1048230db76618fa95925c825

      SHA512

      285a94542a620d57b7131e641d46594b8897971d080bbbdbc9f4fc8ee09ec66e2676fead46e6fba6b9e20179181033d5a6c47237b71aed3079351efe0a027e31

      Download Submit
    • C:\Program Files (x86)\P4P\p2psvr.exe
      Filesize

      88KB

      MD5

      0d179cdd9880a200a8b173be60e6cd83

      SHA1

      166a298fcbba0498013084668a74991f29d7e895

      SHA256

      feb33749950db4435f243c14b9c2764eb60d1db73f77dc8c9eee94151b577854

      SHA512

      07be3e9eade2b5f7f6ea96273b8efc5eac3617f9c29ea16a0f34cd15fb4161d1be36ed50263ac3b4a152fc16a8fceb33695880e2b96175d5795d7e27e557768e

      Download Submit
    • C:\Program Files (x86)\P4P\skinpacker.exe
      Filesize

      80KB

      MD5

      1dcc2e157e33c273a0dd0baa2e31a5b8

      SHA1

      2467bb699e58a3b8f625e608611401a44617f249

      SHA256

      e4a8aea075037aa152190c9ac65e619aac505745566594363ae7d030685b6a4d

      SHA512

      2b5b33f7fc56f461564b903ac674a4dd1109035d021effb5a04fbf4254f6f873cfdc71c45275b60e8999dc0035eab9ff03cae86685edd1802b869f95fabe0ed5

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\1.bmp
      Filesize

      852B

      MD5

      cd17af59183b795f5b7c62506df9c07b

      SHA1

      0ddf98505dc3d2168136bf515eed48577a2fa8dd

      SHA256

      4f9aa334d45c23933cbaa167d6b26860f800f0a15bbf1b3051df86058fd23899

      SHA512

      47626025f0d92ef66433d6a3c8d2700c320be7b5619bad397df6083a5601c563438c22fc0d436183fcf8f738f0893fcf6e937c93c17c04b17115480d617cf834

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\2.bmp
      Filesize

      5KB

      MD5

      a647055a592d648769c9ba8507120202

      SHA1

      9c49f94d1f8ca4287f84061231363b8abfd03590

      SHA256

      ca5dadc746f3680b7cf464e72297fe62d1b9e72ca6751f8ff85bb52ea234bb4e

      SHA512

      c8c85cd73a98e9728bd7e61304c6645855b2bc678d5324945096022ad843c25b702f0975230762d7c10c3893417eee7e730148b901a0cb75b692e686cef1db48

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\Plugins\1.ini
      Filesize

      564B

      MD5

      3067a2a1a50fad9dec2f9656a55247fc

      SHA1

      861e6a85ea81eb803ab6d17d35e6029a204a1aa6

      SHA256

      27a0f338157f9fdfb624fda51fcaffb9650be990cdcfdce6781f947e04a8cedc

      SHA512

      c68b7fd2bc33146252bfcba31a9c76b994d9d5271a72c54c1b0cf756b454b5a94bba67f1f33b19f40206e326da46b651ed7c87fc122826c03c0bc8d9b1e7a97b

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\Plugins\2.ini
      Filesize

      590B

      MD5

      62e03e40eccfcc56babf554ee4c5f5cc

      SHA1

      3bf7d3fc3bfc90a777fb22467f7b5baf46638aab

      SHA256

      8ebbb2ee0cb8c26ccc4b74d2d6f0230c7e4e609dbf216a36fc651a0f4444a0cb

      SHA512

      0fb81a4603325bfc64d6d17797643ca4f63fa671b0a9b72039365f30e40e0d65e8c189f91585a42699aa846fd15805ea2487e7ec02b90d4c630c1b730c25ef0d

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\Plugins\3.ini
      Filesize

      446B

      MD5

      bf6e47dcf5bc9abb96239b5b778b4f6f

      SHA1

      78fa7761752ff321bd30bb39fac223a506324bcf

      SHA256

      22bafe56038fe4adb2f9457721702787f0cb171124676d43fdc62d30338975f7

      SHA512

      25e2f7d3664928e9d9ab064c89410c7a3ceee2ad70f88ed021e07edfd11a804e9b1932952f5b67588e9403bb0fd889794bf8dc65433fa83ef3720289f663bdfb

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\Plugins\4.ini
      Filesize

      452B

      MD5

      89860f4006026169278cfe36dc745b67

      SHA1

      5f3bf88632a6c0507efcd0f65d525b5edc5b60a3

      SHA256

      95a21642ed26d8e4412b18a660915a1ec47eb5ac2f1979e02cf043f1c159ff08

      SHA512

      f94432a716aebee7987d1474550401404c822639fd349537bb285c66516892df64b2588a9e9b13a800e6caa637a4490d69b64dbb963ccfbbf70728d4241cf40c

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\Plugins\85190a08-7b40-46d1-ab1f-0436c6e906e2.ico
      Filesize

      1KB

      MD5

      3bd6a747b310effffd7aa8e7d5fba48f

      SHA1

      cb08b8a43ece74cc6d86dce2ba78bebe1322c456

      SHA256

      227422a09a262080194b031e2ca0691056c9bbe977003b78f8357420a1651705

      SHA512

      0e29c30931a5bb9777689a249476a1ddb79db2e431918f89599c0967a404d0c81bdc1a44caf4577292d95e16f41d02bc7faafcff762ab39a1a0516e037981730

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\Plugins\8b57e939-74f3-4168-9281-67796df3a410.ico
      Filesize

      1KB

      MD5

      b68a9f21e3b45ed05f093c327ab4892a

      SHA1

      173fe1fd9c436ae81a45bd6a37bfa5fed315d0e2

      SHA256

      b446f849d73776508b015b925ecc1b04af5e3f04c0e95c9086f1abc8f15eadbb

      SHA512

      892ae348b441ffcfd5c925a7ebf0ad19168acb876e82939fa2ef65eeaf1538298d28a487c07cb05ab69067dd43bfe3a2dcf2868d0a22d2324351e272365c3038

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\Plugins\c1ba2e53-3bfa-4426-9765-00459c0b8a25.ico
      Filesize

      1KB

      MD5

      b18f780f7347300cb95c0ae89b125cc6

      SHA1

      e6c7f08697a9efa45d4bc08ce13a3b1a6169b7e5

      SHA256

      a5a57de5e5cab4adcc945fa34d5c23c0dd350d7615b73ccf21ffc806209b933a

      SHA512

      d51584c4dbca10f464283886cc4b8b42b18851810b0f59265ba72f02f7e2f0c858d61db42ab81fec6b67b71525ce976e24b7da6d38703362027aec8be5a568ad

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\Plugins\ec3dbd81-fe29-4312-83ab-2af6a79ca3f1.ico
      Filesize

      1KB

      MD5

      6c8360ea81447da8fa1524f445d8eb4b

      SHA1

      f4870a577bb016e29bd9271a9551024244a2d451

      SHA256

      68b79c5eaa057c7a5e6f8be86c81495e773482a67708e0c9540aaa1078c2acfc

      SHA512

      d24240ca6f66d98f09783d4a13d033c80d7718bcc06e7207116613829fe99cbe046b0f9e2b22908d5a743ed657275d7ee52be43d8bcd923416d266b439b259de

      Download Submit
    • C:\Program Files (x86)\P4P\theme\00000000-0000-0000-0000-000000000000\theme.xml
      Filesize

      882B

      MD5

      77b7208d2e9aed3881206a1b81cefb34

      SHA1

      5580bb1c8d7b5a1f193da3f7442dc943aa8db9e9

      SHA256

      0d818d48686cce4760c5059f85d3c09c207c2c4239e0ac3708162f37e20acf9b

      SHA512

      f19c88c2facd68a266b2476b76397a71fcb38b4d831ec6f55fe239c192700ade34ddb8bcba80c4f71eb1720441f016b12938f244645c9d0efe3379a0245209e3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      1d7f25dc2d6699e79619c31ff8908f6c

      SHA1

      de3c1be6c3f3e7f6eadbe715ae575794e5bf1221

      SHA256

      845c8a47772a9c534cf13a177c83c40db250a6dbbd0a369401ea884b8d058d6e

      SHA512

      7a6e1765a31821e79b766ea0675ed17d735a40766d5fcd6cc305a8d33b8257d11e492d4ad8626f2909e1c2c2d93e8d04ed133effd0a3ec29324ec3ca36a22a1e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      f1cec776b6d3ea2a522cb028afcd91b3

      SHA1

      b29c5a1cd87364d1b8eebc98e51f9ddfc199d050

      SHA256

      3b0c171c54f8192674e8c286d588744666354133eaa102d5249c2d755959813a

      SHA512

      955e8ddabaaab4c6664ebc6054f6d649fe8c6a235ac29a6e56fb61086e3bb13004bf5d80dbc95c24b569b170ede4f914f101e6e38771590a059231a563239847

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K44LV95Q\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\nsd9B67.tmp\KillProcDLL.dll
      Filesize

      32KB

      MD5

      83142eac84475f4ca889c73f10d9c179

      SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

      SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

      SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\nsd9B67.tmp\nsSCM.dll
      Filesize

      5KB

      MD5

      96c2f66086aff56cb2b4d3acced2f378

      SHA1

      36e27b9df1e1b02b90be2dfe302520a78b2f96d5

      SHA256

      2f19ca93b60542fa814d41238f1b79ad450bf935fc0f45127c5a403283790dc4

      SHA512

      ac616cdd2e6c59cf088891a9b450f4d5607747b2ca5184f191d4ff81a19e87dadd4185ca16533165f0dc255aae6e19c17e0670ceed5bcce8271746809d7ceacd

      Download Submit
    • memory/1984-0-0x0000000000400000-0x0000000000434000-memory.dmp
      Filesize

      208KB

      Download
    • memory/1984-362-0x0000000000400000-0x0000000000434000-memory.dmp
      Filesize

      208KB

      Download