Resubmissions
24-01-2022 12:18
220124-pgyc1sefa6 10General
-
Target
https://download.fileplanet.com/ftp1/022004/d3dna_loft_110fp.exe?st=7BBmHdrpN2J-yLeODYSu7A&e=1643037497
-
Sample
220124-pgyc1sefa6
Score
10/10
Malware Config
Extracted
Path
C:\Program Files (x86)\3DNA\3DNAHelp\3DNA_Helptext.html
Ransom Note
<html>
<head>
<script language="javascript" src="language_redirect.js"></script>
<title>3DNA Desktop Help</title>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<link rel=Edit-Time-Data href="3DNA_Helptext_files/editdata.mso">
<style><!--p
{mso-
mso-
mso-pagination:widow-orphan;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:553679495 -2147483648 8 0 66047 0;}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
mso-
mso-
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:Arial;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";}
h1
{mso-style-next:Normal;
mso-
mso-
text-indent:4.3pt;
line-height:105%;
page-break-before:always;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:1;
border:none;
mso-border-bottom-alt:solid windowtext .5pt;
padding:0in;
mso-padding-alt:0in 0in 1.0pt 0in;
font-size:15.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-bidi-font-family:"Times New Roman";
color:navy;
letter-spacing:1.0pt;
mso-font-kerning:0pt;
font-weight:bold;
mso-bidi-font-weight:normal;}
h2
{mso-style-next:Normal;
mso-
mso-
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:2;
font-size:13.0pt;
mso-bidi-font-size:14.0pt;
font-family:Arial;
color:navy;
font-weight:bold;}
h3
{mso-style-next:Normal;
mso-
mso-
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:3;
font-size:12.0pt;
mso-bidi-font-size:13.0pt;
font-family:Arial;
font-weight:bold;}
h4
{mso-style-next:Normal;
mso-
mso-
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:4;
font-size:11.0pt;
mso-bidi-font-size:14.0pt;
font-family:Arial;
font-weight:normal;
font-style:italic;}
p.MsoCaption, li.MsoCaption, div.MsoCaption
{mso-style-next:Normal;
mso-
mso-
text-align:center;
mso-pagination:widow-orphan;
font-size:9.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";
color:navy;
font-weight:bold;}
p.MsoList2, li.MsoList2, div.MsoList2
{mso-
mso-
text-indent:-.25in;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
p.MsoTitle, li.MsoTitle, div.MsoTitle
{mso-
mso-
text-align:center;
mso-pagination:widow-orphan;
border:none;
mso-border-bottom-alt:solid windowtext .5pt;
padding:0in;
mso-padding-alt:0in 0in 1.0pt 0in;
font-size:14.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-fareast-font-family:"Times New Roman";
letter-spacing:1.0pt;
font-weight:bold;}
p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
{mso-
mso-
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
p.MsoBodyTextIndent, li.MsoBodyTextIndent, div.MsoBodyTextIndent
{mso-
mso-
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:Arial;
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
p.MsoDocumentMap, li.MsoDocumentMap, div.MsoDocumentMap
{mso-
mso-
mso-pagination:widow-orphan;
background:navy;
font-size:10.5pt;
mso-bidi-font-size:10.0pt;
font-family:Tahoma;
mso-fareast-font-family:"Times New Roman";}
p
{mso-
mso-
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@list l0
{mso-list-id:30616537;
mso-list-template-ids:-1425486444;}
-->
</style>
</head>
<body bgcolor=#FFFFFF lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>
<p class=MsoTitle align=left style='text-align:left;border:none;mso-padding-alt:
0in 0in 0in 0in'><span style='color:#000066;font-weight:normal'><img src="images/helptitle.gif" alt="3DNA Help" width=600
height=57 border="1" id="_x0000_i1025" u1:shapes="_x0000_i1025"><br
style='mso-special-character:line-break'>
<br style='mso-special-character:line-break'>
</span></p>
<div style='border:none;border-bottom:solid windowtext 1.0pt;mso-border-bottom-alt:
solid windowtext .5pt;padding:0in 0in 1.0pt 0in'>
<h1><a
name="about">About the 3DNA Desktop</a></h1>
</div>
<h2><a
name="overview">Overview</a></h2>
<font size="2" face="Arial, Helvetica, sans-serif">The 3DNA Desktop is an innovative 3D
graphical user interface (GUI) that replaces the static 2D desktop with a more
intuitive, productive, and enjoyable 3D interface. The 3DNA Desktop makes it easier,
faster, and more fun to use computers and the Internet by seamlessly integrating
personal desktop, Web browsing, and portal functions. </font>
<p class=MsoNormal align=center style='text-align:center;page-break-after:avoid'><img src="images/HelpMain_v1.jpg" alt="3DNA Desktop" width="400" height="300" border=1 id="_x0000_i1026"></p>
<p class=MsoCaption align="center">Figure 1 - The 3DNA Desktop (Loft)</p>
<h2><a name="features"></a><a>Features</a></h2>
<ul>
<li><font size="2" face="Arial, Helvetica, sans-serif"> Launch applications, open files,
play music</font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Retains all Windows� functionality
</font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Integrated games within the desktop
</font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Move and organize your programs,
shortcuts, and documents to your liking </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Scans your hard drive and creates
a custom desktop </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Real World, recognizable 3D icons
for linking to programs </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif"> Dynamic content feeds from the
Internet </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Seamlessly integrates personal
desktop, Web browsing, and portal functions </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Browser Bay allows you to speed
surf dozens of websites at once </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Dynamically change environment
themes </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">User customizable environments
with movable furniture </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Decorate your environment with
your favorite digital pictures </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Play with 3D toys with lifelike
behavior (it's more fun than it sounds, trust us) </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Complete Drag 'n' Drop from Windows
and the Web to 3DNA </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Beautiful, animated skies that
automatically change from day to night in real time </font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">In-scene controls for playing
music from within 3DNA </font><br>
</li>
</ul>
<h2><a name="specs"></a><a>Minimum System Requirements</a></h2>
<table width="600" border="1" cellpadding="4" cellspacing="0" bordercolor="#999999">
<tr>
<td width="182" bgcolor="#e8e8e8"><font face="Arial, Helvetica, sans-serif" size="2">Processor:</font></td>
<td width="418"><font face="Arial, Helvetica, sans-serif" size="2">Intel Pentium
3 / AMD Athlon 500 MHz</font></td>
</tr>
<tr>
<td width="182" bgcolor="#e8e8e8"><font face="Arial, Helvetica, sans-serif" size="2">Memory:</font></td>
<td width="418"><font face="Arial, Helvetica, sans-serif" size="2">256 MB
of RAM</font></td>
</tr>
<tr>
<td width="182" bgcolor="#e8e8e8"><font face="Arial, Helvetica, sans-serif" size="2">3D
Graphics Card:</font></td>
<td width="418"><font face="Arial, Helvetica, sans-serif" size="2">32 MB of
VRAM, DirectX 7 Compliant</font></td>
</tr>
<tr>
<td width="182" bgcolor="#e8e8e8"><font face="Arial, Helvetica, sans-serif" size="2">Operating
System:</font></td>
<td width="418"><font face="Arial, Helvetica, sans-serif" size="2">Windows
98/ME/2000/XP Home and Professional (English)</font></td>
</tr>
</table>
<p> </p><div style='border:none;border-bottom:solid windowtext 1.0pt;mso-border-bottom-alt:
solid windowtext .5pt;padding:0in 0in 1.0pt 0in'>
<h1><a name="install"></a>Installing the 3DNA Desktop </h1>
</div>
<h2><a name="installcd"></a><a>Installing from CD</a></h2>
<ol>
<li><font size="2" face="Arial, Helvetica, sans-serif">Insert the CD into the CD-ROM drive</font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif"> Double click on the <b>My Computer</b> icon</font></li>
<li> <font size="2" face="Arial, Helvetica, sans-serif">Double click on the CD-ROM drive icon (usually D:)</font></li>
<li> <font size="2" face="Arial, Helvetica, sans-serif">Double click on the
3DNA Desktop installation file <b>d3DNA</b><b>_XXXX.exe</b></font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Follow the installation instructions</font></li>
</ol>
<h2><a name="installdown"></a><a>Installing from Download</a></h2>
<ol>
<li><font face="Arial, Helvetica, sans-serif" size="2">Double click on the <b>My Computer</b> icon</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"> Locate the file <b>d3DNA</b><b>_XXXX.exe
</b>(the location you saved it to)</font></li>
<li> <font face="Arial, Helvetica, sans-serif" size="2">Double click on the
3DNA Desktop installation file <b>d3DNA_XXXX.exe</b></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Follow the installation instructions</font></li>
</ol>
<h2> </h2>
<div style='border:none;border-bottom:solid windowtext 1.0pt;mso-border-bottom-alt:
solid windowtext .5pt;padding:0in 0in 1.0pt 0in'>
<h1><a name="using"></a>Using the 3DNA Desktop</h1>
</div>
<h2><a name="launching"></a>Starting the 3DNA Desktop</h2>
<font size="2" face="Arial, Helvetica, sans-serif">To launch the 3DNA Desktop
at any time you can:</font>
<ol>
<li><font face="Arial, Helvetica, sans-serif" size="2">Click on <b>Start</b>
button</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Click on <b>Programs</b></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Click on <b>3DNA</b></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Click on <b>Launch 3DNA
Desktop</b></font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Right click on the <b>3DNA
System Tray </b>icon which is located in the system tray on the Windows Start
bar or on the <b>3DNA Control </b>which is the floating 3DNA icon</font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Single click on <b>Start
3DNA</b></font></li>
</ol>
<p><font size="2" face="Arial, Helvetica, sans-serif"> or
alternatively</font></p>
<ol>
<li><font size="2" face="Arial, Helvetica, sans-serif">Double click on the <b>3DNA
System Tray </b>icon which is located in the system tray on the Windows Start
bar or on the <b>3DNA Control </b>which is the floating 3DNA icon</font></li>
</ol>
<table width="600" border="0" align="center">
<tr>
<td width="50%" valign="bottom"> <p class=MsoNormal align=center style='text-align:center;page-break-after:
avoid'><img width=90 height=29 id="_x0000_i1027" src="images/systrayicon.gif"
u1:shapes="_x0000_i1027" alt="System Tray with 3DNA Icon"></p>
<p class=MsoCaption align="center">Figure 2 - System Tray with 3DNA Icon</p></td>
<td width="50%"> <p class=MsoNormal align=center style='text-align:center'><img width=64 height=64 id="_x0000_i1028"
src="images/controlicon.jpg" border=0 alt="3DNA Control"></p>
<p class=MsoCaption align="center">Figure 3 � 3DNA Control</p></td>
</tr>
</table>
<h3>Launch on Windows Start Up</h3>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would like the 3DNA
Desktop to launch automatically when you start your computer:</font></p>
<ol>
<li><font size="2" face="Arial, Helvetica, sans-serif">Right click on the <b>3DNA
System Tray </b>icon which is located in the system tray on the Windows Start
Bar or on the <b>3DNA Control</b></font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">Single click on <strong>Options</strong></font></li>
<li><font size="2" face="Arial, Helvetica, sans-serif">On the Preferences tab,
in the Start Up section, check the box beside <strong>Launch on Windows start
up<br>
</strong></font></li>
</ol>
<h2><a name=stopping id="stopping"></a>Stopping the 3DNA Desktop</h2>
<p><font face="Arial, Helvetica, sans-serif" size="2">To stop the 3DNA Desktop
when it is running at any time:</font> </p>
<ol>
<li><font face="Arial, Helvetica, sans-serif" size="2">Right click on the <b>3DNA
System Tray</b> icon or the <b>3DNA Control</b></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Single click on <b>Stop
3DNA<br>
</b></font> </li>
</ol>
<h2><a name=exiting></a>Exiting the 3DNA Desktop</h2>
<font face="Arial, Helvetica, sans-serif" size="2">To exit the 3DNA Desktop and
the 3DNA System Tray whien it is running:</font>
<ol>
<li><font face="Arial, Helvetica, sans-serif" size="2">Right click on the <b>3DNA
System Tray</b> icon or the <b>3DNA Control</b></font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2">Single click on <b>Exit
3DNA</b></font><br>
</li>
</ol>
<h2><a name="systray"></a>3DNA System Tray</h2>
<font face="Arial, Helvetica, sans-serif" size="2">The <b>3DNA System Tray </b>is
what you use to access many of the different options, menus, and settings for
the 3DNA Desktop. The following features are selected by right clicking on the
3DNA System Tray icon, and single clicking on the option of your choice.</font>
<h3>3DNA System Tray Summary</h3>
<table width="600" border="1" cellpadding="4" cellspacing="0" bordercolor="#999999">
<tr>
<td height="30" bgcolor="#e8e8e8"><font size="2" face="Arial, Helvetica, sans-serif"><strong>Option
</strong></font></td>
<td width="418" height="30"><font size="2" face="Arial, Helvetica, sans-serif"><strong>Description</strong></font></td>
</tr>
<tr>
<td width="182" bgcolor="#e8e8e8"><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">Stop/Start
3DNA</font></td>
<td width="418"><font face="Arial, Helvetica, sans-serif" size="2">Stops/starts
the 3DNA Desktop</font></td>
</tr>
<tr>
<td width="182" bgcolor="#e8e8e8"><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">Hide/Show
Control</font></td>
<td width="418"><font face="Arial, Helvetica, sans-serif" size="2">Hides/shows
the floating 3DNA Control icon</font></td>
</tr>
<tr>
<td width="182" bgcolor="#e8e8e8"><font color="#000000" size="2" face="Arial, Helvetica, sans-serif">Small/Large
Control </font></td>
<td width="418"><font face="Arial, Helvetica, sans-serif" size="2">Toggle
between two different sizes for the 3DNA Control icon</font></td>
</tr>
<tr>
<td bgcolor="#e8e8e8"><font face="Arial, Helvetica, sans-serif" size="2">Theme
Chooser</font></td>
<td width="418"><font face="Arial, Helvetica, sans-serif" size="2">Launches
the Theme Chooser to change the look and feel of the environment</font></td>
</tr
URLs
http-equiv=Content-Type
Targets
-
-
Target
https://download.fileplanet.com/ftp1/022004/d3dna_loft_110fp.exe?st=7BBmHdrpN2J-yLeODYSu7A&e=1643037497
Score10/10-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Legitimate hosting services abused for malware hosting/C2
-