Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
04-06-2024 12:09
General
-
Target
https://www.kinitopet.com/
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 12 IoCs
-
Suspicious use of SendNotifyMessage 11 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.kinitopet.com/1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4732 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4760 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4504 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3940 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5920 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=3680 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6028 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:11⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\f555dd698b854dbdb8c0f42abb1b25db /t 3180 /p 24481⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.0.1764115236\1064299088" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e897d7-a9c1-4657-be9f-e2f34f5dddff} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 1944 267e5ffcd58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.1.206994127\989201642" -parentBuildID 20221007134813 -prefsHandle 2300 -prefMapHandle 2296 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2630f8da-61be-436f-b445-300173b3c945} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 2344 267e5b43a58 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.2.2065379884\376973285" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44dd0d83-ffad-4422-b51c-f3bb4144c628} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 3108 267e9fa0458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.3.300042943\602052407" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8055b4ac-6043-45cf-bc92-74fa63c3a04d} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 3628 267eaf05658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.4.4808669\59460135" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edbeab0b-fb74-4798-935f-e3e368a0276c} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 3804 267ea08bb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.5.1503243009\820385095" -childID 4 -isForBrowser -prefsHandle 5236 -prefMapHandle 2488 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {043e6d8b-6443-421e-b7f1-f86a5ecfea64} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 5244 267e870ab58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.6.1309589695\1766485525" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 5172 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e812dd24-d689-4531-b7a0-fad62c709126} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 5368 267d9662258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.7.115767556\832200470" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 2716 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7731b78f-abdd-4c2e-9ebd-65bd18d92706} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 5080 267ecdd7258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4020.8.628308623\251597709" -childID 7 -isForBrowser -prefsHandle 5912 -prefMapHandle 5908 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {829aa552-0383-4f35-9300-a4cc9e365a7c} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" 5924 267ede69458 tab3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2dc,0x2f0,0x7ff986982e98,0x7ff986982ea4,0x7ff986982eb02⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5b5973ac0f6222483f36928de7d2afc0a
SHA1e1ac4058050d4fb5201092489f1f01802f6d48a3
SHA256fd4f6f93f9d53c28faa8a3df096c71b48f264b5a3a2f59a012fa02cbbca84b09
SHA512962bbdc88a5f98958d3bc6ff91d9afafd8c9e6e0d535ce54173144a71e2b8ed018ad5a5841c11b68f923bf31946982a5c76cad9f1dbaa5b3c04de94793526980
-
Filesize
216KB
MD57e3aa2a484111b16ddce3aad47c2cea5
SHA154d8d223855454c8a2ccc24c682266ae24e837fc
SHA25696c0c89f72e14c150e2b448b62c00548664321592ccffe0b989d3d00f6328d94
SHA512d3ed8b8439289ac6c0ba294a698ca25c444835c41546ecf9f77921d122265f8d01e43286e956b801faf6bb22ff47a4804a48ece48a1f41da6ae9488e4a8a561a
-
Filesize
60KB
MD552574c725048904c075775e581ab4d2c
SHA19e30ed4bf7c2c4d0b7949fd642e6f83de742d348
SHA25665a532074cc864b945ae279351382ebe9da9dd8e5ab876a77f7d802e3e36ad98
SHA512d1b5f4eae72ded4d6089f99e62fd75b3552345f70539897df292656986b916cb45d59071ce9ccde25860f2569e2d1d118c31b828130698dc56b79e4d04a53d26
-
Filesize
2KB
MD57002448519fd38978f9d32ac48a8b34b
SHA14a169a2c946ecbe54421ce53128c121bc88e0d4f
SHA256c5a9dfe1023ae4d0a924197b7b9bb79a3665e835d0660b9b56da4e1cbbcf3618
SHA5129aaba55854ffc917c95075c025e3d9ad786c0dd738ed3df47e1df3ed948426aecdf3dbff887402f7748ffba1e754536f33f7004538689289e3813b5de51ad6ba
-
Filesize
746B
MD5e100f20e9d85c16d27f29111ffc10caf
SHA187bd18712cd47bc68ba3bc2bb711acfafa0a6d90
SHA25660426fcf81256396b9337747052e05dc5847b997b054c4a0fefcc4333e071b15
SHA512cea387bb582c0ff5aa84f13372eb11a71b9099c54f1da5582303041adc00156b41a222cb2e1e70ca59ecd6f44a5347cacd0aa4be0dd9274efef60efe20972f4d
-
Filesize
11KB
MD5126bd7b45f2984d6417914df382c928b
SHA107c11689c1b7972b72b9edaf7577c9ad100cf473
SHA25663623c2726182e41c6a8d8c50f9ad79d0c40b21cbf21598cabd57c2c9ed0ac5a
SHA512f3ff68b24187274df6105809d595ceaeefd8ca8d3d644c2f93d3cbc68af298d4d3eea827de761e94a90814c87f9f20dee156bbef8cb7d1db8faecfcfbc063300
-
Filesize
6KB
MD5e6c4e2d2243b2d1f1cc9cca82132e974
SHA1258b2314e4c0c1be59fe0c6915d17a994d71f9e0
SHA256b62dded62a138c191eacf4c32d0b37347ebf1bd772296dd053f36f0ca34c4931
SHA512c167512aed3ae2af0c855ef0017926bee3313037f451abfc6fe7011019274ea5e8e32d64b6a6492464bdb62fa3e6af1d5965efbde2b443b87a1688a4497dfb44
-
Filesize
6KB
MD56265f60c008d3c72cb12854f52e187dc
SHA130093230d04db76744c6fb1677227205a98becef
SHA256b692dcda031712cd3873666d3a2d7d481d7fadbdf23aa8759759a17772d11d51
SHA51233a6f3a9e46f9a9e661299f5214c400a0bbc4f3f46bd12713a66235d7be9caf8a9fc074137ae533b515c4483e27cbbce082b62a51353b484c8e41f0c4a4fcbf4
-
Filesize
6KB
MD5aeb36ff506b564b508cb9da44dd769f5
SHA1639827abb29c79d07d143fe35d74abb1e388d103
SHA2566ce21c96bbcd796f194dcec33cf61993ace5e7fd023a4fc27550018f7ad382b8
SHA5128289df2d9c9590133c4a32dfe48b1b2e2d8bfb932d9a7a26050784af04fcf744ee6911e0466dff37dc37a81f7b98c4bd6986433c925e9b077d5406271b128ceb
-
Filesize
6KB
MD53b0619b4604ce1bd3be604e803562e85
SHA1b3eeb46abe2237e40c5d13afaf527fd408767cac
SHA2564a99c3488e330da094522286e7d5724e0a8c632a58f2eb95cd482694ed2fe99a
SHA5127ace76ab20507dee9a774d6f7701c7f62b2c3c08f2693640636a2231d2b94b9fdd55ab270f5b402be19d542be7430d23bc16ba865a670f98d6723537c880c1c8
-
Filesize
4KB
MD5335da12a61903af43e3de568da62ebe4
SHA18c6c6192c776368a62d84cc40419a39528a4c86a
SHA256649a3015586ed30429ecc3ade4f830eae5503e9065a655452a90e19367ed2e6b
SHA5123a4a13ad193a30b6a00ec096ecc8f4a4786061676e978a0c8a3e8e139fcf61b50805e7938e99cc433126fcda7a9ccdb3f7295c5574b06703e5698e15984dd1a3
-
Filesize
4KB
MD56a48b784e7ba3ff67b6742f1011a770d
SHA19992a83be99e476b4e7188037c6b15cee8482ab2
SHA25674f26ba7358a9fb1b29efc5c70ad761b4cf6f38a885021bac383c0dd92315f79
SHA51275a2ba507ff363f6cd2d192b13c2e1b75619925ae0ba6ac069561e3d8d29a431279fcbe71ad4f796b301fcb6ecd63ea382b69121a595ee10ebb7a46f6981aa20
-
Filesize
4KB
MD57cf4d3599363c6f21e06d0ac694504b6
SHA167b8acf2b26d04c85b8bc25c085d0a9a565494b0
SHA2563cfd3f569db5de635bbc76ead8560ac17f05408ff204f922c77cf2273d737623
SHA512503baa56369c04d035adf85d6603ffeaa577bc4e88bab0cfc241e1c3ad5cc41615b79486fa7664498613e4cd4704f3f17ca2032b34499a17f21e53e1d43ca47b
-
Filesize
3KB
MD5ca6d3fa80cf6e708e1722b3ef9eafc89
SHA10f0f0f0e1eb25ec86f98c4b21d5e89e9ee6c98d0
SHA2561a1b3718b635675cd24da4671aa9b505218d57a3f5d7bce1a5727ec7aae7c834
SHA512f8e1a8135b2aea116e200bf97be58141861653f322d3ccb66bf0318c66d4a7dcb38709d9cc3e2b7f11a527a4b8670fd825dd0b35807547d480b54a9566c1fc09
-
Filesize
4KB
MD5cedc592e231aff53818cc419e561eb70
SHA138171e0b8ba66135ceaffc171ee482927c328c55
SHA256bd116b87da0bf2be61b81350a9a4768452c98dbe03336ec8140ca6782347de94
SHA5120b733ada1bda661c989a4d1ca4d7215460dcee0135963b271026231f538c72fa0ac69dbd35b7a5cae91bbd7bcce79e2f6a78c1d89fa409b13afa845304be9b7f
-
Filesize
4KB
MD5aaf02a6a6416ecef92433b2204f95f09
SHA1be9f5e902c7ce014a17886a15499630d55ea6634
SHA25641117cff2bf07f5b92f31d8770554af515e9527e4e4ffde3a2884fba86aa508e
SHA51283c4d2689edfd1a0cb23118bde0d6a80247ccf24fa7fc98920a5fef63ca344299efd7e75178021add43103a5032bb762e694f7eafb33c20054b2b0ae9e1ea68e
-
Filesize
184KB
MD5b01efd0877d8bb4a5d754d6d5a5922cf
SHA16dfaecd4219afbb206185171c64c777e9c73ae21
SHA256ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90
SHA5126f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086