Analysis Overview
SHA256
fb91e0baf5738a5d96143d2439c8754623e191f926b7cf1dcbbeb34b56836644
Threat Level: Known bad
The file 751e3b8a09678c0ade29d37c00c098c4 was found to be: Known bad.
Malicious Activity Summary
Kinsing
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:40
Reported
2024-01-25 17:42
Platform
win7-20231215-en
Max time kernel
136s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CBA48241-BBA8-11EE-A3E1-DECE4B73D784} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40335da3b54fda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000002e95f00d0cfb8e3f21532f38f2561cf47d2643e15d63eae9ed0497adff3b57f5000000000e80000000020000200000008fa9f4a060ee2ce763b8e98498e2ade63bfa822d204ca698089f1c958901f0cd20000000f5ea2fb4f17d778b0d56e48aec816b66d38f23f249879ebc06a6a6b9446d37e540000000ca72b7b149850afbaafd4de49a80a945a6c8a346e8c9159047421add87273351610b0bede83c0ae494477dabf5a00c63ea308c5a56150d9392c9cb92ef6f3a69 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000014f5d4abd5a409bac1a24edd5ef3e6d991e59b72212a1b16526257e854efbf74000000000e80000000020000200000003d5e7db2db4c0ac0c70cebccb2d96ddedf5c3a94386626a6e25916d28cf957ef9000000089596ee42ceff4c4fddc7d02a248834a8c96d8627258fa97cadaed597374204cbca634fd08c108a2d197a1bca527fe2c03640938aedb6368285a4e5fa559d2cc094549ba0abca7502e243dae0adbb460578ff27bb90e788c9a102f8de053187b0bc61adb50011e6256e3a3ef896dcfcfc5ea1a275bdd621efab1046112246a9e8729c22c02d5c53032983c90f46b925b400000001b06f9ba3abcd32223f7926073ec4d0b4272a5e6f91a15c263289eeff44ae1cd31dbfbfdead194e6214718f1ec3d8db9081038c92ffedda941102d63b7f76e8e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412366283" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1876 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1876 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751e3b8a09678c0ade29d37c00c098c4.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.bodybuildingzine.in | udp |
| US | 8.8.8.8:53 | s45.sitemeter.com | udp |
| US | 8.8.8.8:53 | llilbb.lflinkup.net | udp |
| US | 8.8.8.8:53 | c.compete.com | udp |
| GB | 216.58.204.78:80 | www.google-analytics.com | tcp |
| GB | 216.58.204.78:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6C9B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar6D69.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c5d4ad3a20204a4d3a0f65d6b57c99e |
| SHA1 | 504d55061ae18580ea325c9785c1d472a9e47a26 |
| SHA256 | 69d3db3e436559ae52e68871612a515fb42db4491ac351b26da6695473b7615e |
| SHA512 | 663e74077ab219372a3a2a6d9cbe2b06962ad83913f170bb7100b66f22ab97dd2a6d0240e3d5d6bd94e7ebdc6e69cb5c472b24116998e47fc13365313b88ef1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be94734931f01a467cf5a7367f80fd3d |
| SHA1 | 4c349d768b5e4b32b59209a4579e4ec1abe1adff |
| SHA256 | 0d3ce07c5f080cb7b3d2217f6ce049c15d32d60a1951251ed2212a31fd5586ff |
| SHA512 | 2e9c71c33d5b8961718fb34ec8e3e1c4c3a4b316dc20497c7b9890bc68a4ad36bda926d63347ec2e04ce021277eb95b6f1aecd89dc893a1fd5bc22e0a30d5d89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9416c4ada459e9391e2d144d46be525e |
| SHA1 | 4ea1d69164e3a13dacf7e0f14b2fc62df502ea7b |
| SHA256 | f9aaf737ad07ed443d7ae3b379f0cf78dc3ca77b8ac11107d5e14d406187f4d6 |
| SHA512 | f61f3dddb5f86fab3f4548b0f57c5931ad9a2ebdc0c44ff03c5c1086125a7aecb8f68d9e5956b46a6d5d8d0c0c875ad55db17306776c3ef86035e129b987edfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5a1a9722b508c2d70cd46d2fa13c0fe |
| SHA1 | 52f7a1b2259aa85205a6d0b91472de94e6bdc17f |
| SHA256 | e23da0f2319798feeea7445b4510a85ef4f50463e52aa859b0bec3d4b9a99044 |
| SHA512 | dd3b1a4608300000f09255b380b5346c634ecf0943077bbeb0b7be9c68df3024a4928b1a9a9fd21e96e5511ae041c7a4d673bb528b85b3ceb14cf45bb8368da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bf8b9697e9d38f22f2b87ffa7d95bda |
| SHA1 | b8dfc220ef814a23b40952f8568d155ddca56455 |
| SHA256 | da4e61a753c66570e80e89abe4029af77fdef41222b7e165cef433398eb9e28f |
| SHA512 | cb4a06c62790d38559f81ddb8e4669a3f1e4e5d729c012aadb0b615526f1067b03ddfea45141c2ffb280a5dfbb8fc47dde262204e2c6cbb3ac6ac02b1343702a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b04c0e09de1669699dae834fa42c537e |
| SHA1 | 761e0061b288be5252b6178a672bf89b309320ca |
| SHA256 | f0f800a3bfcf620a27c80bae5b8e914d9d89ce8432f154939a1f273c9ed5da16 |
| SHA512 | 7558e04b3bf069585469ea60fb4fbd2ca2ab3e53d3da57250af51e850361931d47f9df90e1f15abc44dd4aa5e19947bc19b905f66b3107bae34115d67d1b871a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96333fa162055563b2dc24011e40e71a |
| SHA1 | 6559a2b934c0c4e43450d730d789c08cf80625fe |
| SHA256 | 9ef8f8ededa0c09fc9a443740a18f02b5dc771ebcfb3e8f7d04c07d05b5e9060 |
| SHA512 | b0c419fb0897aa42e5bbf1de34c05034ba64cddf2784d85833672932d1e01f463c714052784d85f3ee8b9332df2c78b04b8118a01a4bb3172e4dd00311baad98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ffb47f121899c68b8043b9beaa04eef |
| SHA1 | 88472ca65b8786085fafa182a96036c684bdca0e |
| SHA256 | 082de48aed49d9c700e22e119240f6d45e96b013eb41a4aa9d4c83297a3b94af |
| SHA512 | c9154c0b7c7d0d8b93d786eb2586badac9470a7f0f345f7b1dfebf034994e8428dd8f9eaaacd876a8d386dbe48e4e381ca70a78a4e13aa4b18f975cd69c3316f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44b90325576ab9d493e475e481df6308 |
| SHA1 | 6f9648d5441a052c70039bfbc7bae992955f46e1 |
| SHA256 | 26d3e6f1926cc66449405e0792ca0dfd8f4580027dce104e06277aa97ee6f370 |
| SHA512 | 528836762d9c571bf02930c0fdce4c174eaa4d8732c738853509fa0ba84ebeda1e089a7c259ab94498301771ada0aac4909150cfc8dc833224edd43f892dcb1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92f5ade42a8ee010be505bc48790c6d9 |
| SHA1 | e598c74ba60ba488a9db332d3fddc0473335de95 |
| SHA256 | 4a59238488a952c22740df9a20493add02ed38a707eb1b31a6519fee0f878794 |
| SHA512 | 4af66a93a166fffa299963dfe8abe9dada0132290b4d7f4d192c12123a00e1123c89aa4ff39865c3b85853ed3b57af335ab41e5bfaf48bfe140a5599c73c57f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d194c6bee972a1724d06735c923035a6 |
| SHA1 | 0a001e85b67437e3da78f41ae1aae5eb5811e25e |
| SHA256 | 5ae8a698be2df04aec174e6c829b9a08594c2678762d9484bf7f18afcf00bc1e |
| SHA512 | 67fd6f59a6f8966c5191704cddaae0a06cdc27b332230100cf6b2b253c8bdb4d0317dbc812c37e59dc1f0e99c88ba3f6bc4935d475e100916d205b86429b5685 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d6c4b39a825017dc48ccd754e1b7cee |
| SHA1 | 4d595ef6972e77b8e73c2712a7e160952fe957b9 |
| SHA256 | 07dc9a75c070a82f375aced252d9ff33aa458cc155d650c1ab1e7139982efcb3 |
| SHA512 | e8ab062ae0bd97152d7c63f020aad92008b56b7d0301a7ca1f50447d676e8b47ad796f0159e5b6b3d7dae0a8b9aebe1ffa70792bcdc11e4f6e9f3cb5207e9541 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6db189d5c9cc90c33e7181cbea6debef |
| SHA1 | f2e1fbf16580a4292ec89b7a005429f670691185 |
| SHA256 | 879a4507f64d26a0cc46ec0687db9ba47fa24a7d2da4203192ee33845c18a018 |
| SHA512 | c001c7a4c0e72f9e113e00f4129f5b276ae86c66e0ddadbddf49a4b73095201cc71c9d6bd9d80add0d8d6db0b21703f0ff4cf1c03bee5bc1693a9cebaf61c108 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 344872955901eac8811977889e7a5fec |
| SHA1 | 3dc760f708faa6dc04719c3bb0899d027a13fbef |
| SHA256 | cc4e74503f5ff2044f1bba70bf21198ceeb22c0953f2e183a6442a19c6e34244 |
| SHA512 | cefaf65d09676e241459253a850cddfe3b02924b7412cd856bf954317b2ef38b13fe0ea1cff0202edcb6dee5d951ba198540ea674af8e00e37cf5884521a421b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce0a7d70b455f3d608ccaa2f3721a995 |
| SHA1 | f99efb29e218dbb1c6b9fb50b5876e6217d6a7be |
| SHA256 | e942fc19323f92fadb2d5f7f92a724ea5dbec68edb1fd555cbd9f87fe0c66726 |
| SHA512 | bf81cf8d1b95f54729f0b5c9b05e726d86bd56373eaf452004db29c4a6ccec6d5f65f70addd91aedc03a80e42c62ab8307dd8f63cd5d1325e8147369eb7d10e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e444c3984c4bacb0359688b790fa6185 |
| SHA1 | d71c94405cf32c152887fe9f1903dc99afc93899 |
| SHA256 | 0cc8da02d508a2b843994ca25ef533c8040f0ab634c9d984ad4b3da1dd58ef13 |
| SHA512 | 1a5257a1ad8fe6762799a788dfcda17673103cf182a91fbc22b598e3f4af227c3fa1be0533a8ee920ad45b18a61946f97a0d227714d5978ce212bd2a07130de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37d369f081ec5c490110ae510368bba9 |
| SHA1 | e3d94794e81dcdeec97221821b31845dd8197c22 |
| SHA256 | 4891bcc03d26801b9021d0dbfb09a95f64671cf6d5d913611b3518a99b2dd0fe |
| SHA512 | 4098d6cbacb038a6a6f12834f396b41c550ce02da01b3a30a5d3b2805b10913f9b778e8b757e3c895ed0e9ae0e7eaeaff88a0b5ca1fc28f3d7216d967e860ac2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6786a979c13f86b473447a0df7b010b6 |
| SHA1 | 1a986f08a72bb7bead1f93f560350c0dd8b98231 |
| SHA256 | 5f8d62ada46b2caba31e964f20a9e9616f741df2292677a00e2a8f4620fc1131 |
| SHA512 | 0a5a6e11e6e5e59349351ed18c2f95db5f35cf4e4ef0b2dcf92f6d76daedcbd1021108325539d4dde844b2b0284fd0b80375b9dfd68db1c2b819af0f71ce24f5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:40
Reported
2024-01-25 17:42
Platform
win10v2004-20231215-en
Max time kernel
143s
Max time network
150s
Command Line
Signatures
Kinsing
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412969391" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2705063113" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2714282720" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CCBF5927-BBA8-11EE-8024-CE055DF4442A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084469" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084469" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2705063113" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31084469" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3464 wrote to memory of 796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3464 wrote to memory of 796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3464 wrote to memory of 796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\751e3b8a09678c0ade29d37c00c098c4.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3464 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bodybuildingzine.in | udp |
| US | 8.8.8.8:53 | s45.sitemeter.com | udp |
| US | 8.8.8.8:53 | llilbb.lflinkup.net | udp |
| US | 8.8.8.8:53 | c.compete.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | cd99c29fb7572785b623a6807cff35ab |
| SHA1 | e7587cd7f1d99908e68033d506351e825e26feaa |
| SHA256 | b2992fecd76d4d6c0cc67dca66eb5caf343a39418e28a3bf73f041ed771ca44c |
| SHA512 | 230af3be5e1935830d8977214ef5fdb84b4291f50e35972e491755d084246f4637a1f9a9193700a7da477ca7cf108799fdce7fdf55996ea1d8dbb3428d2b25fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 1d7f25dc2d6699e79619c31ff8908f6c |
| SHA1 | de3c1be6c3f3e7f6eadbe715ae575794e5bf1221 |
| SHA256 | 845c8a47772a9c534cf13a177c83c40db250a6dbbd0a369401ea884b8d058d6e |
| SHA512 | 7a6e1765a31821e79b766ea0675ed17d735a40766d5fcd6cc305a8d33b8257d11e492d4ad8626f2909e1c2c2d93e8d04ed133effd0a3ec29324ec3ca36a22a1e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BPK32G26\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |