Malware Analysis Report

2024-10-19 08:29

Sample ID 240125-v8k5nabhc2
Target 751dbab2f45d43aba7e3f507f544ba79
SHA256 335d0945fb43ad314a731f060d33533a3b446f294f525d27bd361730dfa6f774
Tags
kinsing loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

335d0945fb43ad314a731f060d33533a3b446f294f525d27bd361730dfa6f774

Threat Level: Known bad

The file 751dbab2f45d43aba7e3f507f544ba79 was found to be: Known bad.

Malicious Activity Summary

kinsing loader

Kinsing

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-25 17:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-25 17:39

Reported

2024-01-25 17:42

Platform

win7-20231215-en

Max time kernel

146s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751dbab2f45d43aba7e3f507f544ba79.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000ced472a7ddeb3babeecfce2ee3e2e361a288364b56dacaa674143572109f809c000000000e80000000020000200000000db5cfdd88d5d7ba0a05ee9364bfefc0211290d72d29ab9b06bb06a37e8752a09000000088ef18055ef1b290f072c3be2745b90b6324aec79b3cb2b3dc21b9dd0cf32004eb37c053d379a48ba3030da9fb473a23997c0582ac35b7cb0eab181a5e351edb681eea6308d4ce78a52f86dc11c97358bb3cb0274ff23c61a320a7a425e7b999042c710e342ab5f5cf6f08e02eca953611bdd3d37aa7691012af256e8e69331de3e66677a7565ae28f9781bb0a108cc040000000c1983f01da0ec5da94f9856d5488dee77db13076ed15cee5628db0613cc2a943322ce55d3f6422e144576078a29c3a4054cf5926030a2611f2558267054cabf0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7F95A41-BBA8-11EE-86D4-76D8C56D161B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412366250" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000e0af20822b3fcf537e23c0861ab55217f5ee567436ebbac610200d3523163d86000000000e8000000002000020000000ba7c3e9c16def4c8ae999cb410e83247438446781c0e514c0e66134792d0529c200000001965c95ff8f768dc6fb0fcdf2d7ee7fe72a1adef18db401f75421d2dbe55f9414000000015e9f2b822ab1c9198319b66b42a35e3dad660efed29908de8c373c9d928e93bb4bf9a38a014ab9646dfabbe4d55c7dea3534e0b92565912844e639994d16fd3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40f0838db54fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751dbab2f45d43aba7e3f507f544ba79.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 onlyfind.net udp
DE 185.53.179.170:80 onlyfind.net tcp
DE 185.53.179.170:80 onlyfind.net tcp
US 8.8.8.8:53 c.parkingcrew.net udp
DE 185.53.178.30:80 c.parkingcrew.net tcp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 8.8.8.8:53 ifdnzact.com udp
US 208.91.196.46:80 ifdnzact.com tcp
US 208.91.196.46:80 ifdnzact.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6568.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar6638.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e840a77183582d925dfabebe4bae73fe
SHA1 52935c433f31c8808a31e14e33280c0a19454562
SHA256 233941d2ace5c83a23d749015b6d0af92fcc4f7b7919f2ee2fe14b0a7310556b
SHA512 d0574952d425716227a21517516893c85828babdd39e07f696fb9d150c74c510577fe4c5d4765ed0deff7db51fd10ac0bc431a018faceb293482a6e31f20233a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5619ce4657c435875eed403b23faf7a1
SHA1 90b7841d1f9810bd6a9f76490ad771fb86a18e3d
SHA256 5e49ea04130e3d7fd7ca04a43b3e8ad36b3fd34406daf6e786813ed77acf8f44
SHA512 1668a6d718cd24e21cb1caa96729a3d14b0a658a1508afd10de0312469c6dc6470d6a163623ee9089517ca3cf49fc7e2898018e10d183125b7764230c6767941

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b7f1a1fcfe2a5237032f191a1aaa994
SHA1 57c40c6f9a172e17a8d46645c97ab4056da29deb
SHA256 8a1f1ba68fe99dfb292e6e159269c0c05b63cab0ac1126f2ec6aff786b267897
SHA512 494543723448d80cd02de25355eff86dd79de8389440dd258f70daf3fdfc6e6777c73efcbd0948b1629528c02e3a6f505cc5cb1c13218d7da50e23cfba0cff75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20259263b0a2eb1d5bf85b68c02b797c
SHA1 ce46b3c9e636ab04d5cdd081c78bb3fd6bef963c
SHA256 4ae5f5e3a6e0288eb4e5e0e146d51e274da06b3ed0e7c76c3030d30c7a53a7f3
SHA512 04970eca2e160b8e43b30f26bd34f64d9cf9a636f7a2a1abe97da61304117b6551804856ac8244072b25153605f18d54a047a0ec7e0eb7807b65154ed15a3f70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac1c57e414fd17ad572b89fda2ad1e44
SHA1 cc7ea8f74164b35d524009558062f075ced89333
SHA256 88bcb55829dd2891aaa938f94db7a9166c7b6a627cf611ec21b792e84355eb8a
SHA512 6c91067063749ab66fcb31e16b497e8fa32f7e2a0487353c9050a67820eff2dd8b26a6dfddb8357c1d2e6b35a2a45821c857c455f24a1a07198bbfb2c7a56748

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2730e332dc092d1d08a5c2bf8d4d55f
SHA1 0f29e57d9918c3d265c280f1d3d15894856e80ea
SHA256 c64f23d4f849032af2917ab47fc3e7d821361b1dfb8ec975a9dcb12e68820d3b
SHA512 6d8e7098afec880d736c3cb68605b1c15c05ed9ef6944d60cbaae5c30dd04acc361f34ff548e6ff98afcc418bd2fa134cc11886abb75623622781edf3922e77f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fbbc5cceafe1d7a0cbacb5ddb460ef7
SHA1 438105e7621b5e5a23be2c35dd79dc810f117089
SHA256 fd8a0a03ef1047f9f81befb5b6e507c79bebe9be5522d840311db304d24786cc
SHA512 b737e4d6996f76dd4fb7a9e88338bf68a937e0879e94e6ec742e5e582b9e40a7dc49c2082f65b2a7a193eb6f04443481e9f86a41a9efd9183343326703570d83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ab19dcc2c9144f23b4b54c7878bab58
SHA1 3f66d5f5b41b2835229763e14958f7ceabbb1fa8
SHA256 64d10b428bd1b17ca602b005ab9bf0b79e91003cf1ff2f6d8db2385b11f09681
SHA512 1247da29a686408ed59dc5b5061b5ab293e17f16df3c5d12f8e42662a22e658bb3cc9e597a49b30f0e0ab62c1279b1ec549421b5b5b333595455d6ae24d427f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ba74fb4bc25a0d9649e53f76b875bfa
SHA1 ae4b5acd053d46d2702fe6f9b2254b48f515ba3f
SHA256 67ac7ed68feb15751e0a5ddde15c6d911fb2dc4f47cca3b7193fc83b64c1fc8c
SHA512 8e02c47add6e17b4644b35b25be71f6f4279215306fa956fc213b89e22148f3966c23655644fe4e7bdb2d887023d3203afda4373ac736a394052d6a686091273

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e71d67304306baae0db0a8b1930be3d
SHA1 9053f120520c1700f9d416168ef6617c73137120
SHA256 4c1083e55d4afdd650848cecef95baa8a61348fcf0a6b8270050ca9c274fdf4c
SHA512 4a4fcf724f1a89dd88ef4c7065db839c061830e07c42a6837b513e033dc477e53cd2f1e264e0cc590f4dcaeecabcbae75289f90ca68d8eadfd1430d2a6307365

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f53886f07f01f11e2145552c4e2711f0
SHA1 b4232cb89e74fcd93cdd0a607ff5b046fd19a1ab
SHA256 e09461b665c2b62e00101362b39f81ee48d84f0e69fa21a6147c8ef4a7a2da45
SHA512 625b1f5cd54f5baea57a08c8be6f0d808a543b3eb7352796c88b1a80933601294fab3c4bcb2e6822111a48e0f97e2ac498d645d417d5aff18dd64184e17fda1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f27ac0a2a6421517d291fa00d6231763
SHA1 b2cd71dfb7fb1f01d3a909b52874a8cbaa8e7076
SHA256 ed949134f0d699b17420a3d9d772bee96e9f6d334956b63d020e6cdab882f19d
SHA512 4b153c74c2fcc0162ccdf45512ded00117bc4e8bb40bd03f3534120c6e4d6fa7f4b444d7cc4387c5f29654beef2038ea2e91ee7eb24744c4a171bc04d78936e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7718b74daaf2f3bcfabf9db212112c5b
SHA1 5bf518be2492f4962b7019a9ee3a141bb6b2e1f4
SHA256 11693a8cd43aebf22e52b104d26b6b5cbc3ff598f23177d4442d1b303e1a341b
SHA512 d85d116d19c31fd997b03d1bc0fd95fb73a5f4e502135e941ee6657b0397650f1d1846621e2d9cf52fd0fd905a9ae881305f19e2419d3b2e2f49bfa33005da69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05cbda8471dc5acf8a4e97cf9d5dbbc4
SHA1 58a186586fb106afdc5e18a945027c14fd2585ba
SHA256 8381e31a97502276553bfbeb728e7a1fa6badb94aa75ae8f148ac49e89e9ccce
SHA512 2ccaf183fdc5b9743a7e28aed21ef240fe0f112e05151f4327f92ce843efb3a0bf56741d5f2945ad6b3da54a96beb5e56941db72ed2025d82d8361d8ae5e6225

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4823a3babb817935b97c6636f49dd9fa
SHA1 1907202232e8b6d7614f1ba56e5fe7d2ca5182a3
SHA256 d3fa762664118a02de63c6c4aeab8f06abb4f408a7be6f1bf3eda33caa3dae03
SHA512 ba64581359d20718f57529eb95647bf0afe55d7b2734fa39d0c9077b28cac2b3c81130c6bfb7cecb96ee6619d8874645bb58d55a0c3f928b592cdfb52814f382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba98632b59741366f50080ffa0a22235
SHA1 be46c13e5c4890e41dd0c6d361e6826aa3fa4fe7
SHA256 0d350b85502e1a031c0481660fdf515a90e6cfbbd89acad2c7b5beb1e4f4c6a3
SHA512 ab5187bc86422b0b7a6418b404f80fbd2aec48ce80ea59e4d6e1ba77eff77e1c7c1d75998199e446b2b86a75efe2512f5a1d9976dfe28baa769e82e56afbeb03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e142999573cf48180f2a8c800f2be79
SHA1 f1dd1384115534e29b7acb9bf038f1124f32d819
SHA256 ac3b3e7f1f7f126892e9a5f9822656d89588ee7e87dd72597cd3027fd0eec7ca
SHA512 4818c5db26311b9ef622ff56d65a87540d013b1bd27e6baeeb99035bee190b0ee170cffaa7a567189c7d969ca9f2a6d73404170288c54ee121c98c9bccc6752a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13bb4c98f46221ca4bcc6e2edb867517
SHA1 8ec0f2096d3795de617cc1cb806d18e26d0cb667
SHA256 bb3306239243c03c165d20ec35f55db3cf7548596ab3201b3065430f1aaed1f0
SHA512 02152ebd8eedd210e41698170d27759ab5a24d4b61f4db423738def729462105592b1edb618f412493e05876d9b0b16e75adb1db63967eb22c0be6019d599603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8778fe775b37a2cc7b8aefdc82af2744
SHA1 5350429dc728abc1c26479a984770b5df844e912
SHA256 fed5643b365b543359746f77a1087cceb5e714c76d3886567398e24d8310a335
SHA512 219fdc60eb92c80a3268c2f7e84f81d47e9864249f74c9b7c6c323530ea610a89600b06e521b0acebc471dba5c82a481b7e2f35611f23a6d80e0f6191be99710

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 037257dd92b0e5a2be383f7ae9277bc5
SHA1 61c594efba9153b504a3ad4b613fba24e865f470
SHA256 ddc750608a7e9b08ed213c3cc41a46aa96c9ec5e73281b6d1352ad5965a1471a
SHA512 95a81cfd2749b16fb59d0a0d16a720afa8e6f1c9e019a8714faef05934c90cc66b95cbfa5210297a303fb5d09c069ee1af159d1a70c791d2190b5f09ef37dbbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcf1f3e0390e0bf96c2db733135ed2c0
SHA1 ea035d8c37db3d92e9d3713a4cf8f718ea5d2a9e
SHA256 33c697c3e7bd76a767668cf4b8fbe462356f3bf71a33cb201e21aa44c50955ca
SHA512 b8fab47bbfdb90d4865e2cd47a92a3fb6dbca9388c7c2ef9b406983294c3feedc976a67a473dbcd1645fc18c61cac024820ee975dccee42a174fce4d2bf3eb23

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-25 17:39

Reported

2024-01-25 17:42

Platform

win10v2004-20231215-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751dbab2f45d43aba7e3f507f544ba79.html

Signatures

Kinsing

loader kinsing

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31084469" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d55c8cb54fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2337871464" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084469" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70a9558cb54fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B6ECC5E8-BBA8-11EE-9ECD-F68B0B0A1028} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000f7708f42b35644b1dc7034e6efcbd0a33673afff45d4b2ac3690b87257ecba7e000000000e8000000002000020000000c8cb42ccf2912140543cd890cc78d9aa60628be23b2b7917a59d9228ec01cad62000000041a28e96e205c105870a205c727d357e5568ce810e98c0da1bbc864a96fcd3ee4000000049c6ebe1739538060162fafc82dc7e13b72dbfdd95502e10a9940300bab6739d1c98e8f561a63f5c61856cf070018f7ce149cfa468255931087df59f1789b557 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000003698ed6cbab6040f4885c50b6dafd21f85a02387ce491900e4729600145e8600000000000e8000000002000020000000137fd310ca29493815d322374fba42cdc6a26534b244f0956e7512f9328ed2cf200000009543529ca0df6c077869a2d22f843947beb505c0a3b07134414784220be9ef8f40000000214d10f2f2d5a8d9cad1b8562b556072a4516867458d309244beaaa298d6f538b2723ece726cc63671eeff0fb3277a6c49baca65597ca62a0abb4c36e5d278e1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2337871464" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2342090311" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084469" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412969354" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751dbab2f45d43aba7e3f507f544ba79.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3676 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 onlyfind.net udp
DE 185.53.179.170:80 onlyfind.net tcp
DE 185.53.179.170:80 onlyfind.net tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 170.179.53.185.in-addr.arpa udp
US 8.8.8.8:53 21.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 c.parkingcrew.net udp
DE 185.53.178.30:80 c.parkingcrew.net tcp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 8.8.8.8:53 ifdnzact.com udp
US 208.91.196.46:80 ifdnzact.com tcp
US 208.91.196.46:80 ifdnzact.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 30.178.53.185.in-addr.arpa udp
US 8.8.8.8:53 46.196.91.208.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 a9304f4899f369b90d9a0cd7736bd79e
SHA1 a6fe18cfc2314a7ac06a256e0323489664117001
SHA256 d7313b9eab3e6cff2daf01795d04403d18ab860bcea4ba835722f8411f02a926
SHA512 bcb637f1004ff78982b4ad399c75338252e2b05bca04ba630a571a88df4aec1b5c6a11b2e510830de9642305e7ba14c1ad26bc0bec985821ba9b61edf69e222d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 1d7f25dc2d6699e79619c31ff8908f6c
SHA1 de3c1be6c3f3e7f6eadbe715ae575794e5bf1221
SHA256 845c8a47772a9c534cf13a177c83c40db250a6dbbd0a369401ea884b8d058d6e
SHA512 7a6e1765a31821e79b766ea0675ed17d735a40766d5fcd6cc305a8d33b8257d11e492d4ad8626f2909e1c2c2d93e8d04ed133effd0a3ec29324ec3ca36a22a1e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QTPKWBD2\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee