Analysis Overview
SHA256
057150f7726a767b9e8e52b4f86f86b77fbcbfe90b379a86656b51a278072c42
Threat Level: Known bad
The file 751f6956aee4614af075462893db4b3c was found to be: Known bad.
Malicious Activity Summary
Kinsing
UPX packed file
Adds Run key to start application
Unsigned PE
Suspicious behavior: RenamesItself
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:42
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:42
Reported
2024-01-25 17:45
Platform
win7-20231129-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\d6d4dfd8cec3cf95dec3de = "C:\\Users\\Admin\\cuxt.exe" | C:\Users\Admin\AppData\Local\Temp\751f6956aee4614af075462893db4b3c.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\751f6956aee4614af075462893db4b3c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\751f6956aee4614af075462893db4b3c.exe
"C:\Users\Admin\AppData\Local\Temp\751f6956aee4614af075462893db4b3c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | app2.winsoft4.com | udp |
| US | 8.8.8.8:53 | app2.winsoft5.com | udp |
| US | 8.8.8.8:53 | app2.winsoft6.com | udp |
| US | 8.8.8.8:53 | app2.winsoft7.com | udp |
| US | 8.8.8.8:53 | app2.winsoft8.com | udp |
| US | 8.8.8.8:53 | app2.winsoft9.com | udp |
| US | 8.8.8.8:53 | app2.winsoft10.com | udp |
| US | 8.8.8.8:53 | app2.winsoft11.com | udp |
| US | 8.8.8.8:53 | app2.winsoft12.com | udp |
| US | 8.8.8.8:53 | app2.winsoft13.com | udp |
| US | 8.8.8.8:53 | app2.winsoft14.com | udp |
| US | 8.8.8.8:53 | app2.winsoft15.com | udp |
| US | 8.8.8.8:53 | app2.winsoft16.com | udp |
| US | 8.8.8.8:53 | app2.winsoft17.com | udp |
| US | 8.8.8.8:53 | app2.winsoft18.com | udp |
| US | 8.8.8.8:53 | app2.winsoft19.com | udp |
| US | 8.8.8.8:53 | app2.winsoft20.com | udp |
| US | 8.8.8.8:53 | app2.winsoft21.com | udp |
| US | 8.8.8.8:53 | app2.winsoft22.com | udp |
| US | 8.8.8.8:53 | app2.winsoft23.com | udp |
| US | 8.8.8.8:53 | app2.winsoft24.com | udp |
| US | 8.8.8.8:53 | app2.winsoft25.com | udp |
| US | 8.8.8.8:53 | app2.winsoft26.com | udp |
| US | 8.8.8.8:53 | app2.winsoft27.com | udp |
| US | 8.8.8.8:53 | app2.winsoft28.com | udp |
| US | 8.8.8.8:53 | app2.winsoft29.com | udp |
| US | 8.8.8.8:53 | app2.winsoft30.com | udp |
| US | 8.8.8.8:53 | app2.winsoft31.com | udp |
| US | 8.8.8.8:53 | app2.winsoft32.com | udp |
| US | 8.8.8.8:53 | app2.winsoft33.com | udp |
| US | 8.8.8.8:53 | app2.winsoft34.com | udp |
| US | 8.8.8.8:53 | app2.winsoft35.com | udp |
| US | 8.8.8.8:53 | app2.winsoft36.com | udp |
| US | 8.8.8.8:53 | app2.winsoft37.com | udp |
| US | 8.8.8.8:53 | app2.winsoft38.com | udp |
| US | 8.8.8.8:53 | app2.winsoft39.com | udp |
| US | 8.8.8.8:53 | app2.winsoft40.com | udp |
| US | 8.8.8.8:53 | app2.winsoft41.com | udp |
| US | 8.8.8.8:53 | app2.winsoft42.com | udp |
| US | 8.8.8.8:53 | app2.winsoft43.com | udp |
| US | 8.8.8.8:53 | app2.winsoft44.com | udp |
| US | 8.8.8.8:53 | app2.winsoft45.com | udp |
| US | 8.8.8.8:53 | app2.winsoft46.com | udp |
| US | 8.8.8.8:53 | app2.winsoft47.com | udp |
| US | 8.8.8.8:53 | app2.winsoft48.com | udp |
| US | 8.8.8.8:53 | app2.winsoft49.com | udp |
| US | 8.8.8.8:53 | app2.winsoft50.com | udp |
| US | 8.8.8.8:53 | app2.winsoft51.com | udp |
| US | 8.8.8.8:53 | app2.winsoft52.com | udp |
| US | 8.8.8.8:53 | app2.winsoft53.com | udp |
| US | 8.8.8.8:53 | app2.winsoft54.com | udp |
| US | 8.8.8.8:53 | app2.winsoft55.com | udp |
| US | 8.8.8.8:53 | app2.winsoft56.com | udp |
| US | 8.8.8.8:53 | app2.winsoft57.com | udp |
| US | 8.8.8.8:53 | app2.winsoft58.com | udp |
| US | 8.8.8.8:53 | app2.winsoft59.com | udp |
| US | 8.8.8.8:53 | app2.winsoft60.com | udp |
| US | 8.8.8.8:53 | app2.winsoft61.com | udp |
| US | 8.8.8.8:53 | app2.winsoft62.com | udp |
| US | 8.8.8.8:53 | app2.winsoft63.com | udp |
| US | 8.8.8.8:53 | app2.winsoft64.com | udp |
| US | 8.8.8.8:53 | app2.winsoft65.com | udp |
| US | 8.8.8.8:53 | app2.winsoft66.com | udp |
| US | 8.8.8.8:53 | app2.winsoft67.com | udp |
| US | 8.8.8.8:53 | app2.winsoft68.com | udp |
| US | 8.8.8.8:53 | app2.winsoft69.com | udp |
| US | 8.8.8.8:53 | app2.winsoft70.com | udp |
| US | 8.8.8.8:53 | app2.winsoft71.com | udp |
| US | 8.8.8.8:53 | app2.winsoft72.com | udp |
| US | 8.8.8.8:53 | app2.winsoft73.com | udp |
| US | 8.8.8.8:53 | app2.winsoft74.com | udp |
| US | 8.8.8.8:53 | app2.winsoft75.com | udp |
| US | 8.8.8.8:53 | app2.winsoft76.com | udp |
| US | 8.8.8.8:53 | app2.winsoft77.com | udp |
| US | 8.8.8.8:53 | app2.winsoft78.com | udp |
| US | 8.8.8.8:53 | app2.winsoft79.com | udp |
| US | 8.8.8.8:53 | app2.winsoft80.com | udp |
| US | 8.8.8.8:53 | app2.winsoft81.com | udp |
| US | 8.8.8.8:53 | app2.winsoft82.com | udp |
| US | 8.8.8.8:53 | app2.winsoft83.com | udp |
| US | 8.8.8.8:53 | app2.winsoft84.com | udp |
| US | 8.8.8.8:53 | app2.winsoft85.com | udp |
| US | 8.8.8.8:53 | app2.winsoft86.com | udp |
| US | 8.8.8.8:53 | app2.winsoft87.com | udp |
| US | 8.8.8.8:53 | app2.winsoft88.com | udp |
| US | 8.8.8.8:53 | app2.winsoft89.com | udp |
| US | 8.8.8.8:53 | app2.winsoft90.com | udp |
| US | 8.8.8.8:53 | app2.winsoft91.com | udp |
| US | 8.8.8.8:53 | app2.winsoft92.com | udp |
| US | 8.8.8.8:53 | app2.winsoft93.com | udp |
| US | 8.8.8.8:53 | app2.winsoft94.com | udp |
| US | 8.8.8.8:53 | app2.winsoft95.com | udp |
| US | 8.8.8.8:53 | app2.winsoft96.com | udp |
| US | 8.8.8.8:53 | app2.winsoft97.com | udp |
| US | 8.8.8.8:53 | app2.winsoft98.com | udp |
| US | 8.8.8.8:53 | app2.winsoft99.com | udp |
| US | 8.8.8.8:53 | app2.winsoft100.com | udp |
| US | 8.8.8.8:53 | app2.winsoft0.com | udp |
| US | 8.8.8.8:53 | p2.winsoft3.com | udp |
Files
memory/2896-0-0x0000000002400000-0x0000000002487000-memory.dmp
memory/2896-1-0x0000000002400000-0x0000000002487000-memory.dmp
memory/2896-6-0x0000000002400000-0x0000000002487000-memory.dmp
memory/2896-7-0x0000000002400000-0x0000000002487000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:42
Reported
2024-01-25 17:45
Platform
win10v2004-20231215-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Kinsing
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\07050e091f121e440f120f = "C:\\Users\\Admin\\cuxt.exe" | C:\Users\Admin\AppData\Local\Temp\751f6956aee4614af075462893db4b3c.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\751f6956aee4614af075462893db4b3c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\751f6956aee4614af075462893db4b3c.exe
"C:\Users\Admin\AppData\Local\Temp\751f6956aee4614af075462893db4b3c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | app2.winsoft4.com | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft5.com | udp |
| US | 8.8.8.8:53 | app2.winsoft6.com | udp |
| US | 8.8.8.8:53 | app2.winsoft7.com | udp |
| US | 8.8.8.8:53 | app2.winsoft8.com | udp |
| US | 8.8.8.8:53 | app2.winsoft9.com | udp |
| US | 8.8.8.8:53 | app2.winsoft10.com | udp |
| US | 8.8.8.8:53 | app2.winsoft11.com | udp |
| US | 8.8.8.8:53 | app2.winsoft12.com | udp |
| US | 8.8.8.8:53 | app2.winsoft13.com | udp |
| US | 8.8.8.8:53 | app2.winsoft14.com | udp |
| US | 8.8.8.8:53 | app2.winsoft15.com | udp |
| US | 8.8.8.8:53 | app2.winsoft16.com | udp |
| US | 8.8.8.8:53 | app2.winsoft17.com | udp |
| US | 8.8.8.8:53 | app2.winsoft18.com | udp |
| US | 8.8.8.8:53 | app2.winsoft19.com | udp |
| US | 8.8.8.8:53 | app2.winsoft20.com | udp |
| US | 8.8.8.8:53 | app2.winsoft21.com | udp |
| US | 8.8.8.8:53 | app2.winsoft22.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft23.com | udp |
| US | 8.8.8.8:53 | app2.winsoft24.com | udp |
| US | 8.8.8.8:53 | app2.winsoft25.com | udp |
| US | 8.8.8.8:53 | app2.winsoft26.com | udp |
| US | 8.8.8.8:53 | app2.winsoft27.com | udp |
| US | 8.8.8.8:53 | app2.winsoft28.com | udp |
| US | 8.8.8.8:53 | app2.winsoft29.com | udp |
| US | 8.8.8.8:53 | app2.winsoft30.com | udp |
| US | 8.8.8.8:53 | app2.winsoft31.com | udp |
| US | 8.8.8.8:53 | app2.winsoft32.com | udp |
| US | 8.8.8.8:53 | app2.winsoft33.com | udp |
| US | 8.8.8.8:53 | app2.winsoft34.com | udp |
| US | 8.8.8.8:53 | app2.winsoft35.com | udp |
| US | 8.8.8.8:53 | app2.winsoft36.com | udp |
| US | 8.8.8.8:53 | app2.winsoft37.com | udp |
| US | 8.8.8.8:53 | app2.winsoft38.com | udp |
| US | 8.8.8.8:53 | app2.winsoft39.com | udp |
| US | 8.8.8.8:53 | app2.winsoft40.com | udp |
| US | 8.8.8.8:53 | app2.winsoft41.com | udp |
| US | 8.8.8.8:53 | app2.winsoft42.com | udp |
| US | 8.8.8.8:53 | app2.winsoft43.com | udp |
| US | 8.8.8.8:53 | app2.winsoft44.com | udp |
| US | 8.8.8.8:53 | app2.winsoft45.com | udp |
| US | 8.8.8.8:53 | app2.winsoft46.com | udp |
| US | 8.8.8.8:53 | app2.winsoft47.com | udp |
| US | 8.8.8.8:53 | app2.winsoft48.com | udp |
| US | 8.8.8.8:53 | app2.winsoft49.com | udp |
| US | 8.8.8.8:53 | app2.winsoft50.com | udp |
| US | 8.8.8.8:53 | app2.winsoft51.com | udp |
| US | 8.8.8.8:53 | app2.winsoft52.com | udp |
| US | 8.8.8.8:53 | app2.winsoft53.com | udp |
| US | 8.8.8.8:53 | app2.winsoft54.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft55.com | udp |
| US | 8.8.8.8:53 | app2.winsoft56.com | udp |
| US | 8.8.8.8:53 | app2.winsoft57.com | udp |
| US | 8.8.8.8:53 | app2.winsoft58.com | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft59.com | udp |
| US | 8.8.8.8:53 | app2.winsoft60.com | udp |
| US | 8.8.8.8:53 | app2.winsoft61.com | udp |
| US | 8.8.8.8:53 | app2.winsoft62.com | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft63.com | udp |
| US | 8.8.8.8:53 | app2.winsoft64.com | udp |
| US | 8.8.8.8:53 | app2.winsoft65.com | udp |
| US | 8.8.8.8:53 | app2.winsoft66.com | udp |
| US | 8.8.8.8:53 | app2.winsoft67.com | udp |
| US | 8.8.8.8:53 | app2.winsoft68.com | udp |
| US | 8.8.8.8:53 | app2.winsoft69.com | udp |
| US | 8.8.8.8:53 | app2.winsoft70.com | udp |
| US | 8.8.8.8:53 | app2.winsoft71.com | udp |
| US | 8.8.8.8:53 | app2.winsoft72.com | udp |
| US | 8.8.8.8:53 | app2.winsoft73.com | udp |
| US | 8.8.8.8:53 | app2.winsoft74.com | udp |
| US | 8.8.8.8:53 | app2.winsoft75.com | udp |
| US | 8.8.8.8:53 | app2.winsoft76.com | udp |
| US | 8.8.8.8:53 | app2.winsoft77.com | udp |
| US | 8.8.8.8:53 | app2.winsoft78.com | udp |
| US | 8.8.8.8:53 | app2.winsoft79.com | udp |
| US | 8.8.8.8:53 | app2.winsoft80.com | udp |
| US | 8.8.8.8:53 | app2.winsoft81.com | udp |
| US | 8.8.8.8:53 | app2.winsoft82.com | udp |
| US | 8.8.8.8:53 | app2.winsoft83.com | udp |
| US | 8.8.8.8:53 | app2.winsoft84.com | udp |
| US | 8.8.8.8:53 | app2.winsoft85.com | udp |
| US | 8.8.8.8:53 | app2.winsoft86.com | udp |
| US | 8.8.8.8:53 | app2.winsoft87.com | udp |
| US | 8.8.8.8:53 | app2.winsoft88.com | udp |
| US | 8.8.8.8:53 | app2.winsoft89.com | udp |
| US | 8.8.8.8:53 | app2.winsoft90.com | udp |
| US | 8.8.8.8:53 | app2.winsoft91.com | udp |
| US | 8.8.8.8:53 | app2.winsoft92.com | udp |
| US | 8.8.8.8:53 | app2.winsoft93.com | udp |
| US | 8.8.8.8:53 | app2.winsoft94.com | udp |
| US | 8.8.8.8:53 | app2.winsoft95.com | udp |
| US | 8.8.8.8:53 | app2.winsoft96.com | udp |
| US | 8.8.8.8:53 | app2.winsoft97.com | udp |
| US | 8.8.8.8:53 | app2.winsoft98.com | udp |
| US | 8.8.8.8:53 | app2.winsoft99.com | udp |
| US | 8.8.8.8:53 | app2.winsoft100.com | udp |
| US | 8.8.8.8:53 | app2.winsoft0.com | udp |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | p2.winsoft3.com | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
memory/3000-0-0x0000000002400000-0x0000000002487000-memory.dmp
memory/3000-1-0x0000000002400000-0x0000000002487000-memory.dmp
memory/3000-6-0x0000000002400000-0x0000000002487000-memory.dmp