Analysis Overview
Threat Level: Known bad
The file https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//thepanamahomeslistings.com/cn/nicole.mason/bmljb2xlLm1hc29uQGxvY2t0b24uY29t was found to be: Known bad.
Malicious Activity Summary
Kinsing
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:32
Reported
2024-01-25 17:35
Platform
win7-20231129-en
Max time kernel
55s
Max time network
142s
Command Line
Signatures
Kinsing
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//thepanamahomeslistings.com/cn/nicole.mason/bmljb2xlLm1hc29uQGxvY2t0b24uY29t
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67b9758,0x7fef67b9768,0x7fef67b9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1564 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3180 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2648 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2388 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2532 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=632 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2328 --field-trial-handle=1372,i,8935429017425247291,13771931632841857805,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | thepanamahomeslistings.com | udp |
| US | 67.222.39.71:443 | thepanamahomeslistings.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | c026a1c5.f86afa0ac8654930e8b7bbb4.workers.dev | udp |
| US | 104.21.26.217:443 | c026a1c5.f86afa0ac8654930e8b7bbb4.workers.dev | tcp |
| US | 104.21.26.217:443 | c026a1c5.f86afa0ac8654930e8b7bbb4.workers.dev | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | udp |
| US | 104.21.26.217:443 | c026a1c5.f86afa0ac8654930e8b7bbb4.workers.dev | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | drillporo.shop | udp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | udp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| US | 8.8.8.8:53 | outlook.office365.com | udp |
| GB | 40.99.213.82:443 | outlook.office365.com | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| GB | 104.77.160.223:443 | identity.nel.measure.office.net | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| US | 8.8.8.8:53 | privacy.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | autologon.microsoftazuread-sso.com | udp |
| GB | 92.123.26.11:443 | r4.res.office365.com | tcp |
| IE | 20.190.159.75:443 | autologon.microsoftazuread-sso.com | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauthimages.net | udp |
| US | 8.8.8.8:53 | passwordreset.microsoftonline.com | udp |
| US | 13.107.246.64:443 | aadcdn.msftauthimages.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msftauthimages.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| US | 8.8.8.8:53 | aadcdn.msauthimages.net | udp |
| US | 152.199.21.175:443 | aadcdn.msauthimages.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msftauthimages.net | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| DE | 5.230.44.145:443 | drillporo.shop | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
Files
\??\pipe\crashpad_2888_FATTWWXQVOTCCRGE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar15E6.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35cab488806010954ce1da859904e223 |
| SHA1 | 8c5d2f0eda842d280652fbbb8f28ad92c138c882 |
| SHA256 | ec45a9bc083d0dcdae6c8a9666cf639ef065a25f6a337c8f00dd0c280b547329 |
| SHA512 | 85ec9e3222cc1a707b82f2d30edda766d1a971ffb85ae5ce98e3577f592bb35649cea64146779850894e2a5622aeb44a5b7903736326e8728fa1404f94d5f88d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1c8fed3d14a03939b42639bd64f8281a |
| SHA1 | f865008c4ba64c16927825ff4f97f193a44b4e5b |
| SHA256 | 183894b0386c7a3b3667a6cd8aeb39ad2e99fda358002fd98cd33a302f22e1e9 |
| SHA512 | 432583ba0617da73514f1886bbffbfed20d442903e7ec320a9ba44f67027a269ae27169e467611c701ed0efbef47967a85abd2ddbf914aafc7f1a7a1088f8b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38ee61004a1e5f1fe018453c999db858 |
| SHA1 | f9f234fa34b57fe833b73796f2767edf6c93ab9c |
| SHA256 | 44feb548a63b0a4403a67265c2f5e824447730789b2f48657799ea545ff0bdeb |
| SHA512 | 0f0f081e8f5bc5847b9eeae856b874fff48060f67eb23dd0824a918978265e2f8a0261925a8ecba82a661fb7fce0d9fdca27832f7886ce80490db548e5857475 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ee7d1cd37700ca889c7b0ba7b2c2a19 |
| SHA1 | 37076c1c64ac32ca68d01943cfd898b55cb64f64 |
| SHA256 | 735c17b94af80c0a29eaaa056fe0d7e8273b391c6699bf041f14bd88bfdbb6ff |
| SHA512 | 828a97fc8636c7d7abfa6c99232cf6294e26d8a716cd04e35a90628ac7d642bf977a735d894794fe92bb623491901a1bea1f7ab98dde2cae7d6f4162d4328880 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bf746c46a1fa4ba9eb0a74324169b58 |
| SHA1 | 483a705891b47888ecd8878bbe736d7800042ba4 |
| SHA256 | 8445c9b54fac80bf3f1720ae55c957d3d12253f4e1d9e65a9f5a598151d09a67 |
| SHA512 | b5e01cc0a04e32d42bd8ca6a62ceb0dbc7e63a006d4de03e239eace219de3792a1ecb3f42387201bca038a36954a18f63899e34f4764e895f76be90363ff6e25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e44358c38e3adaa62ffdae20d51a51a |
| SHA1 | 099b891fcbe6dfff429707157b7844b4f7bc834c |
| SHA256 | b132d7a78ef9ae999489a606a83a3f790c3aa48880203fe8b715d5093b72a7da |
| SHA512 | af9956e3f7ecdddfcb6d356fb7d59f941e4d50eeffdde30a7ec5d1011cbf276caa70c3445f3e1d8dd4d4584c6a9d42939d336c8e8f51cfa227972ed6dbef0342 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcd1b261da55f1e4f2180e36bc424519 |
| SHA1 | a6c659af1e24625020660c02ed6ace9b63ba23ba |
| SHA256 | 25917789b1b7637b023c0620a5bf3ef76ec8285714e88d4e17c0022238d347bd |
| SHA512 | ae0e2d457bf67e8a92b6c0df924b74e0359a3c602aaaa65f9a41a12d065b2a15b17432f062abcaedfd4a1a51e55095f9326fe8b3dae81a97bbcdda18422a95b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b784a204f6635a35a794b9a3ed4b1d15 |
| SHA1 | 7c9f18c3d4cfabb1e7cd98fa1c6f0ddc16816899 |
| SHA256 | 196c75c4e52318b37ed3eebe71077be91901feaed4f011a4d54c48da80c1415f |
| SHA512 | 6d61ce392981d8d61b3e5e3388f2207016e2dbe89c17f306e0ca82033fd268df3a864bfe704ee21fd6272295728e7b6a1b28f5459cd11e13ab7478d477289b1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2534193729ab624fe30844820eb4bf3a |
| SHA1 | 3008e1b18e1bf48e06b46cf2c453330f0e2a4b2f |
| SHA256 | 2612a101dbc4ae8cdf852d1d94ff9ea77476b026fd2b4f09f64a3a68e00b33f6 |
| SHA512 | 6eb2dd070968e9359f2644d4cfd6dac4d0ef96cf078e9d0d74ae6672d1f76f12aad36cc981ac7c1fb7334a25e1ecaf62d135869fc38e79ead1dc99b8d6f1f685 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e7dcc9791494d0c6d2e87847ebdc511 |
| SHA1 | 75b8444b666e71eec8121a5df9d96fb36a0c5288 |
| SHA256 | 6867f5d3401b5947a95698ee375a687a5948cb48f187a52033e4325cb7fca68c |
| SHA512 | faf9166c21a4b0342caf5b7236342d32ed1a1b7c81793020fe2b5f467a1709054ef89870dce7ae91caa3daeda16209061b794778f795b092a59486f9c8bf457f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5836a56647f95702c725a97c8ecce29b |
| SHA1 | 26fc0d746d937572c97571748fe878def0661822 |
| SHA256 | e8fb35c7553c6bdc03f3bdf476e9d9a16700e04f46b8f1e5e364121ea88954ea |
| SHA512 | e354301c06af7140163aab76e3e31c9c1aa41267674c3e4a43673d24f8a18b4d734e2ab19eb886fe19c4f53b76ab4547a240806bda3270ef8c571a9fe9e1195e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5109be832d0ec3d608d62956ab9cb70 |
| SHA1 | 7eef155a6bcb92b53d60aab9fbd5eb73d67626d2 |
| SHA256 | 059b3e2a94b7db25f851acc673ec32e10f3e06d143c61a52c77e55de908a4341 |
| SHA512 | 50fc366766db1fd3ebf8dd58651504290b2c17395bb94750c68e8e4f071d36e177dfac81592e70e0db7bca53cc709dcb0a87fd1eaf3bc10677309d1e46fb740c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a7cb7046c552e67e65b6f0420a3346a0 |
| SHA1 | e17eeac2a7ba09bfd120e06bb0cef8287c3f6538 |
| SHA256 | 4d34b82a377fcca519b2758b8587257e28056acde52254159a7e9dc3ee4a32fb |
| SHA512 | a5517098547766a094c12793eacd5f510da87cce4e2778c134e5ad05a83e48eaa9789d097b52b59ebc5dc7068860998ab7f35f90da7e99a6bfa6953ec10976d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\724f0738-6949-4ed9-b5eb-ddbe18539ebc.tmp
| MD5 | bf164d10e54f4a8d4abb357339844c0e |
| SHA1 | 140168b8323852f6744c259839fd2f6c4fd6fc03 |
| SHA256 | 44bfe7d3af94fa4978a2a098630a752f9920885bb1dbc631d64f5ba6bc48052f |
| SHA512 | aa397c6d0697e705502ee2400ddddc27cf8a142fce7b0b0ee403579b2081a854bb1ac5c858194f20dd192a02dd208cffeec282a8588993e4fd3bbb10209a4bd8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:32
Reported
2024-01-25 17:35
Platform
win10v2004-20231222-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Kinsing
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506775553529897" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//thepanamahomeslistings.com/cn/nicole.mason/bmljb2xlLm1hc29uQGxvY2t0b24uY29t
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa22239758,0x7ffa22239768,0x7ffa22239778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3864 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4656 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3368 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2884 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1884,i,5298641155570028689,16765790070135040150,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.78.101.95.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | thepanamahomeslistings.com | udp |
| US | 67.222.39.71:443 | thepanamahomeslistings.com | tcp |
| US | 67.222.39.71:443 | thepanamahomeslistings.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.39.222.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c026a1c5.f86afa0ac8654930e8b7bbb4.workers.dev | udp |
| US | 188.114.96.2:443 | c026a1c5.f86afa0ac8654930e8b7bbb4.workers.dev | tcp |
| US | 188.114.96.2:443 | c026a1c5.f86afa0ac8654930e8b7bbb4.workers.dev | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | udp |
| US | 188.114.96.2:443 | c026a1c5.f86afa0ac8654930e8b7bbb4.workers.dev | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tcp | |
| US | 204.79.197.200:443 | tcp | |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1580_YTWHEHRTTYMVPKLX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\024931ca-9f85-440f-b36a-5481a7fb60ca.tmp
| MD5 | d13eb0af67ee0617b3864b8f90046325 |
| SHA1 | 6cd357985df24cb523df306c727dc41ee18dc9e1 |
| SHA256 | a3b9cd9ca418fc3b7246815b0ab31e1e0b4dcafe9983eddf4afc1bf8d599c4f1 |
| SHA512 | 568e474604d8ddec4fbf6b3342d6d29f57be399b0ee972462ca52908f9470980e9c7896538b807c65820e14e57a7a353927d244dc8c24add3cede14b87e3a494 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41729f7b200e67a6a6e8cedf772aa704 |
| SHA1 | f0208b2d540f10ffe050f368b079ff2163d15329 |
| SHA256 | 5eb6e13916cd4daa9ea2ee94cb2a928972d9bb205b10c338be83b26deec67498 |
| SHA512 | 85364b4989f28dd7ba5a1447b04786116cf7c511412f29bfe9537d687f599c40d3c45c655f595ce02c87e288b7cbce72b31653d090cb2a022efeffe6568cbf45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f695f430d7d495b7bf632bee90ecbbbd |
| SHA1 | 9843d4c8fdb0ebdf8d9d4fbb95c83baffe8d1659 |
| SHA256 | 8aeeab479a5448b3116a23e8c011293afb6d5dbfe7801748e76c0042c1791faa |
| SHA512 | 5185bdf13d039d9a366417d62095d1e4ce424f47b840668df0ea6a1a771e2d6bcb7ddd1983ffbab7e0735fb0795c6336fc1c97de1ef8ece0f5da0d8cc15a6c54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3b2007a201b1a9a342917d5a65717d12 |
| SHA1 | 5db3e5970bac7f921c7da9e80a57ee81c988ac3e |
| SHA256 | 9ecea87c94c85c4ffa0df8000c98a1165a72e158ae655ed04ace81d4d51f09ca |
| SHA512 | 1d20556cd847d463b6ac334c39922038bef0fc366c86678303949d79683079ef708542d1719ae360ff8b88b01c540b0eb0f7dab692cc5d680ab17eedd660fe3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 27235a40d30ceaa264626dd0429ad4ed |
| SHA1 | 5f10acbcd8d07c2872a5aee1c32eada3e0eb5c45 |
| SHA256 | 77bf23689ed9fa051832a65c545b068ac40080809fecb77c173c0521034d6e66 |
| SHA512 | 8fa719fb43595922b469424cb2b3ddecd1bfa1bb812229ecad5c4e32fda53a71dee302cf7e239f533fb442351a72afd2c3f081548d0ae11680af73b12291507e |