Analysis Overview
SHA256
335d0945fb43ad314a731f060d33533a3b446f294f525d27bd361730dfa6f774
Threat Level: Known bad
The file 751dbab2f45d43aba7e3f507f544ba79 was found to be: Known bad.
Malicious Activity Summary
Kinsing
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:39
Reported
2024-01-25 17:42
Platform
win7-20231215-en
Max time kernel
146s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000ced472a7ddeb3babeecfce2ee3e2e361a288364b56dacaa674143572109f809c000000000e80000000020000200000000db5cfdd88d5d7ba0a05ee9364bfefc0211290d72d29ab9b06bb06a37e8752a09000000088ef18055ef1b290f072c3be2745b90b6324aec79b3cb2b3dc21b9dd0cf32004eb37c053d379a48ba3030da9fb473a23997c0582ac35b7cb0eab181a5e351edb681eea6308d4ce78a52f86dc11c97358bb3cb0274ff23c61a320a7a425e7b999042c710e342ab5f5cf6f08e02eca953611bdd3d37aa7691012af256e8e69331de3e66677a7565ae28f9781bb0a108cc040000000c1983f01da0ec5da94f9856d5488dee77db13076ed15cee5628db0613cc2a943322ce55d3f6422e144576078a29c3a4054cf5926030a2611f2558267054cabf0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7F95A41-BBA8-11EE-86D4-76D8C56D161B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412366250" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000e0af20822b3fcf537e23c0861ab55217f5ee567436ebbac610200d3523163d86000000000e8000000002000020000000ba7c3e9c16def4c8ae999cb410e83247438446781c0e514c0e66134792d0529c200000001965c95ff8f768dc6fb0fcdf2d7ee7fe72a1adef18db401f75421d2dbe55f9414000000015e9f2b822ab1c9198319b66b42a35e3dad660efed29908de8c373c9d928e93bb4bf9a38a014ab9646dfabbe4d55c7dea3534e0b92565912844e639994d16fd3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40f0838db54fda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2420 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751dbab2f45d43aba7e3f507f544ba79.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | onlyfind.net | udp |
| DE | 185.53.179.170:80 | onlyfind.net | tcp |
| DE | 185.53.179.170:80 | onlyfind.net | tcp |
| US | 8.8.8.8:53 | c.parkingcrew.net | udp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| US | 8.8.8.8:53 | ifdnzact.com | udp |
| US | 208.91.196.46:80 | ifdnzact.com | tcp |
| US | 208.91.196.46:80 | ifdnzact.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6568.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar6638.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e840a77183582d925dfabebe4bae73fe |
| SHA1 | 52935c433f31c8808a31e14e33280c0a19454562 |
| SHA256 | 233941d2ace5c83a23d749015b6d0af92fcc4f7b7919f2ee2fe14b0a7310556b |
| SHA512 | d0574952d425716227a21517516893c85828babdd39e07f696fb9d150c74c510577fe4c5d4765ed0deff7db51fd10ac0bc431a018faceb293482a6e31f20233a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5619ce4657c435875eed403b23faf7a1 |
| SHA1 | 90b7841d1f9810bd6a9f76490ad771fb86a18e3d |
| SHA256 | 5e49ea04130e3d7fd7ca04a43b3e8ad36b3fd34406daf6e786813ed77acf8f44 |
| SHA512 | 1668a6d718cd24e21cb1caa96729a3d14b0a658a1508afd10de0312469c6dc6470d6a163623ee9089517ca3cf49fc7e2898018e10d183125b7764230c6767941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b7f1a1fcfe2a5237032f191a1aaa994 |
| SHA1 | 57c40c6f9a172e17a8d46645c97ab4056da29deb |
| SHA256 | 8a1f1ba68fe99dfb292e6e159269c0c05b63cab0ac1126f2ec6aff786b267897 |
| SHA512 | 494543723448d80cd02de25355eff86dd79de8389440dd258f70daf3fdfc6e6777c73efcbd0948b1629528c02e3a6f505cc5cb1c13218d7da50e23cfba0cff75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20259263b0a2eb1d5bf85b68c02b797c |
| SHA1 | ce46b3c9e636ab04d5cdd081c78bb3fd6bef963c |
| SHA256 | 4ae5f5e3a6e0288eb4e5e0e146d51e274da06b3ed0e7c76c3030d30c7a53a7f3 |
| SHA512 | 04970eca2e160b8e43b30f26bd34f64d9cf9a636f7a2a1abe97da61304117b6551804856ac8244072b25153605f18d54a047a0ec7e0eb7807b65154ed15a3f70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac1c57e414fd17ad572b89fda2ad1e44 |
| SHA1 | cc7ea8f74164b35d524009558062f075ced89333 |
| SHA256 | 88bcb55829dd2891aaa938f94db7a9166c7b6a627cf611ec21b792e84355eb8a |
| SHA512 | 6c91067063749ab66fcb31e16b497e8fa32f7e2a0487353c9050a67820eff2dd8b26a6dfddb8357c1d2e6b35a2a45821c857c455f24a1a07198bbfb2c7a56748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2730e332dc092d1d08a5c2bf8d4d55f |
| SHA1 | 0f29e57d9918c3d265c280f1d3d15894856e80ea |
| SHA256 | c64f23d4f849032af2917ab47fc3e7d821361b1dfb8ec975a9dcb12e68820d3b |
| SHA512 | 6d8e7098afec880d736c3cb68605b1c15c05ed9ef6944d60cbaae5c30dd04acc361f34ff548e6ff98afcc418bd2fa134cc11886abb75623622781edf3922e77f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fbbc5cceafe1d7a0cbacb5ddb460ef7 |
| SHA1 | 438105e7621b5e5a23be2c35dd79dc810f117089 |
| SHA256 | fd8a0a03ef1047f9f81befb5b6e507c79bebe9be5522d840311db304d24786cc |
| SHA512 | b737e4d6996f76dd4fb7a9e88338bf68a937e0879e94e6ec742e5e582b9e40a7dc49c2082f65b2a7a193eb6f04443481e9f86a41a9efd9183343326703570d83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ab19dcc2c9144f23b4b54c7878bab58 |
| SHA1 | 3f66d5f5b41b2835229763e14958f7ceabbb1fa8 |
| SHA256 | 64d10b428bd1b17ca602b005ab9bf0b79e91003cf1ff2f6d8db2385b11f09681 |
| SHA512 | 1247da29a686408ed59dc5b5061b5ab293e17f16df3c5d12f8e42662a22e658bb3cc9e597a49b30f0e0ab62c1279b1ec549421b5b5b333595455d6ae24d427f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ba74fb4bc25a0d9649e53f76b875bfa |
| SHA1 | ae4b5acd053d46d2702fe6f9b2254b48f515ba3f |
| SHA256 | 67ac7ed68feb15751e0a5ddde15c6d911fb2dc4f47cca3b7193fc83b64c1fc8c |
| SHA512 | 8e02c47add6e17b4644b35b25be71f6f4279215306fa956fc213b89e22148f3966c23655644fe4e7bdb2d887023d3203afda4373ac736a394052d6a686091273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e71d67304306baae0db0a8b1930be3d |
| SHA1 | 9053f120520c1700f9d416168ef6617c73137120 |
| SHA256 | 4c1083e55d4afdd650848cecef95baa8a61348fcf0a6b8270050ca9c274fdf4c |
| SHA512 | 4a4fcf724f1a89dd88ef4c7065db839c061830e07c42a6837b513e033dc477e53cd2f1e264e0cc590f4dcaeecabcbae75289f90ca68d8eadfd1430d2a6307365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f53886f07f01f11e2145552c4e2711f0 |
| SHA1 | b4232cb89e74fcd93cdd0a607ff5b046fd19a1ab |
| SHA256 | e09461b665c2b62e00101362b39f81ee48d84f0e69fa21a6147c8ef4a7a2da45 |
| SHA512 | 625b1f5cd54f5baea57a08c8be6f0d808a543b3eb7352796c88b1a80933601294fab3c4bcb2e6822111a48e0f97e2ac498d645d417d5aff18dd64184e17fda1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f27ac0a2a6421517d291fa00d6231763 |
| SHA1 | b2cd71dfb7fb1f01d3a909b52874a8cbaa8e7076 |
| SHA256 | ed949134f0d699b17420a3d9d772bee96e9f6d334956b63d020e6cdab882f19d |
| SHA512 | 4b153c74c2fcc0162ccdf45512ded00117bc4e8bb40bd03f3534120c6e4d6fa7f4b444d7cc4387c5f29654beef2038ea2e91ee7eb24744c4a171bc04d78936e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7718b74daaf2f3bcfabf9db212112c5b |
| SHA1 | 5bf518be2492f4962b7019a9ee3a141bb6b2e1f4 |
| SHA256 | 11693a8cd43aebf22e52b104d26b6b5cbc3ff598f23177d4442d1b303e1a341b |
| SHA512 | d85d116d19c31fd997b03d1bc0fd95fb73a5f4e502135e941ee6657b0397650f1d1846621e2d9cf52fd0fd905a9ae881305f19e2419d3b2e2f49bfa33005da69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05cbda8471dc5acf8a4e97cf9d5dbbc4 |
| SHA1 | 58a186586fb106afdc5e18a945027c14fd2585ba |
| SHA256 | 8381e31a97502276553bfbeb728e7a1fa6badb94aa75ae8f148ac49e89e9ccce |
| SHA512 | 2ccaf183fdc5b9743a7e28aed21ef240fe0f112e05151f4327f92ce843efb3a0bf56741d5f2945ad6b3da54a96beb5e56941db72ed2025d82d8361d8ae5e6225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4823a3babb817935b97c6636f49dd9fa |
| SHA1 | 1907202232e8b6d7614f1ba56e5fe7d2ca5182a3 |
| SHA256 | d3fa762664118a02de63c6c4aeab8f06abb4f408a7be6f1bf3eda33caa3dae03 |
| SHA512 | ba64581359d20718f57529eb95647bf0afe55d7b2734fa39d0c9077b28cac2b3c81130c6bfb7cecb96ee6619d8874645bb58d55a0c3f928b592cdfb52814f382 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba98632b59741366f50080ffa0a22235 |
| SHA1 | be46c13e5c4890e41dd0c6d361e6826aa3fa4fe7 |
| SHA256 | 0d350b85502e1a031c0481660fdf515a90e6cfbbd89acad2c7b5beb1e4f4c6a3 |
| SHA512 | ab5187bc86422b0b7a6418b404f80fbd2aec48ce80ea59e4d6e1ba77eff77e1c7c1d75998199e446b2b86a75efe2512f5a1d9976dfe28baa769e82e56afbeb03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e142999573cf48180f2a8c800f2be79 |
| SHA1 | f1dd1384115534e29b7acb9bf038f1124f32d819 |
| SHA256 | ac3b3e7f1f7f126892e9a5f9822656d89588ee7e87dd72597cd3027fd0eec7ca |
| SHA512 | 4818c5db26311b9ef622ff56d65a87540d013b1bd27e6baeeb99035bee190b0ee170cffaa7a567189c7d969ca9f2a6d73404170288c54ee121c98c9bccc6752a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13bb4c98f46221ca4bcc6e2edb867517 |
| SHA1 | 8ec0f2096d3795de617cc1cb806d18e26d0cb667 |
| SHA256 | bb3306239243c03c165d20ec35f55db3cf7548596ab3201b3065430f1aaed1f0 |
| SHA512 | 02152ebd8eedd210e41698170d27759ab5a24d4b61f4db423738def729462105592b1edb618f412493e05876d9b0b16e75adb1db63967eb22c0be6019d599603 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8778fe775b37a2cc7b8aefdc82af2744 |
| SHA1 | 5350429dc728abc1c26479a984770b5df844e912 |
| SHA256 | fed5643b365b543359746f77a1087cceb5e714c76d3886567398e24d8310a335 |
| SHA512 | 219fdc60eb92c80a3268c2f7e84f81d47e9864249f74c9b7c6c323530ea610a89600b06e521b0acebc471dba5c82a481b7e2f35611f23a6d80e0f6191be99710 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 037257dd92b0e5a2be383f7ae9277bc5 |
| SHA1 | 61c594efba9153b504a3ad4b613fba24e865f470 |
| SHA256 | ddc750608a7e9b08ed213c3cc41a46aa96c9ec5e73281b6d1352ad5965a1471a |
| SHA512 | 95a81cfd2749b16fb59d0a0d16a720afa8e6f1c9e019a8714faef05934c90cc66b95cbfa5210297a303fb5d09c069ee1af159d1a70c791d2190b5f09ef37dbbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcf1f3e0390e0bf96c2db733135ed2c0 |
| SHA1 | ea035d8c37db3d92e9d3713a4cf8f718ea5d2a9e |
| SHA256 | 33c697c3e7bd76a767668cf4b8fbe462356f3bf71a33cb201e21aa44c50955ca |
| SHA512 | b8fab47bbfdb90d4865e2cd47a92a3fb6dbca9388c7c2ef9b406983294c3feedc976a67a473dbcd1645fc18c61cac024820ee975dccee42a174fce4d2bf3eb23 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:39
Reported
2024-01-25 17:42
Platform
win10v2004-20231215-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Kinsing
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31084469" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d55c8cb54fda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2337871464" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084469" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70a9558cb54fda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B6ECC5E8-BBA8-11EE-9ECD-F68B0B0A1028} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000f7708f42b35644b1dc7034e6efcbd0a33673afff45d4b2ac3690b87257ecba7e000000000e8000000002000020000000c8cb42ccf2912140543cd890cc78d9aa60628be23b2b7917a59d9228ec01cad62000000041a28e96e205c105870a205c727d357e5568ce810e98c0da1bbc864a96fcd3ee4000000049c6ebe1739538060162fafc82dc7e13b72dbfdd95502e10a9940300bab6739d1c98e8f561a63f5c61856cf070018f7ce149cfa468255931087df59f1789b557 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000003698ed6cbab6040f4885c50b6dafd21f85a02387ce491900e4729600145e8600000000000e8000000002000020000000137fd310ca29493815d322374fba42cdc6a26534b244f0956e7512f9328ed2cf200000009543529ca0df6c077869a2d22f843947beb505c0a3b07134414784220be9ef8f40000000214d10f2f2d5a8d9cad1b8562b556072a4516867458d309244beaaa298d6f538b2723ece726cc63671eeff0fb3277a6c49baca65597ca62a0abb4c36e5d278e1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2337871464" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2342090311" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084469" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412969354" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3676 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3676 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3676 wrote to memory of 2016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751dbab2f45d43aba7e3f507f544ba79.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3676 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | onlyfind.net | udp |
| DE | 185.53.179.170:80 | onlyfind.net | tcp |
| DE | 185.53.179.170:80 | onlyfind.net | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.parkingcrew.net | udp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| US | 8.8.8.8:53 | ifdnzact.com | udp |
| US | 208.91.196.46:80 | ifdnzact.com | tcp |
| US | 208.91.196.46:80 | ifdnzact.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.178.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.196.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | a9304f4899f369b90d9a0cd7736bd79e |
| SHA1 | a6fe18cfc2314a7ac06a256e0323489664117001 |
| SHA256 | d7313b9eab3e6cff2daf01795d04403d18ab860bcea4ba835722f8411f02a926 |
| SHA512 | bcb637f1004ff78982b4ad399c75338252e2b05bca04ba630a571a88df4aec1b5c6a11b2e510830de9642305e7ba14c1ad26bc0bec985821ba9b61edf69e222d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 1d7f25dc2d6699e79619c31ff8908f6c |
| SHA1 | de3c1be6c3f3e7f6eadbe715ae575794e5bf1221 |
| SHA256 | 845c8a47772a9c534cf13a177c83c40db250a6dbbd0a369401ea884b8d058d6e |
| SHA512 | 7a6e1765a31821e79b766ea0675ed17d735a40766d5fcd6cc305a8d33b8257d11e492d4ad8626f2909e1c2c2d93e8d04ed133effd0a3ec29324ec3ca36a22a1e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QTPKWBD2\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |