fd8f2b5eaeb354d4b2d73acf8f79b93ef77a353f132f8f0fa1ff094e39c4db64

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DFX.for.RealPlayer.v9.103/3ddown.com_setup.exe
Size

1.5MB
MD5

3a34872b306508171c416d87fed93c37
SHA1

019a755e1c6859b12a4e3972ec0f3e8fe5728df6
SHA256

0f691473c15ee1785db529d574a812be62a2e86f6137894bdf4df4e2809b9ec6
SHA512

57fbbfcca0657bbf2662db54db2f85a3ec839b052873ff176154f6ce84aacfbeaab9abb75b2ba0398083cfd7b8643dd33c9df319d1b433f96bde6f29f102bbae
SSDEEP

24576:mQ2yABBtg+DHfrvDJPYGqgXqntR1etIXeClL4d0pJnUTZLYJRP+wekc2iw3d:72fBxXlYu6zc+XeduhZekxt

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1800	3ddown.com_setup.exe
1800	3ddown.com_setup.exe
1800	3ddown.com_setup.exe
1800	3ddown.com_setup.exe
1800	3ddown.com_setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3ddown.com_setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1800	3ddown.com_setup.exe

C:\Users\Admin\AppData\Local\Temp\DFX.for.RealPlayer.v9.103\3ddown.com_setup.exe
"C:\Users\Admin\AppData\Local\Temp\DFX.for.RealPlayer.v9.103\3ddown.com_setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd9A1F.tmp\ask_email_page_IO.ini

Filesize
679B

MD5
372d98e50bcb0bf1806cb5394213a251

SHA1
7decf16e0d63290eba5d8554c78d01c59c717bbb

SHA256
5ddb5b6634b41bc1e699d3546b7abff3c92107fd4f12be9d99c2019477fa9da7

SHA512
745f4f9029a918f3b732f837cb0bd2a89bba2ca8fa596dd0fb81c47860550c252c29c2c0ced6576639fcb0476afa9e841c647684e222ea86d1dff6220ec4c8fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd9A1F.tmp\ioSpecial.ini

Filesize
743B

MD5
b61ac06155196689f8663e03bd09a112

SHA1
83704802eadb2e301bb5bfde5ab26431dc56ee63

SHA256
4410ebf18b146c10bc3a13d4210babedb06f0be1cb70871b59bded5bc61fd65e

SHA512
963b24545c77dc96928522bf60fcd523b14ab3c18c9cd351d3b0b1d94b47d2b04f2aab7b499cb55628d0c7cd6a23a9e40c25dc2b4522b36bacb2d0559544445a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A1F.tmp\InstallOptions.dll

Filesize
14KB

MD5
d7b3f05ff44116b9080b5e69b2e86efd

SHA1
2535ecfa122041edb901ac667944e0f6814c4cd0

SHA256
40d66e085409445202dce1b5419449cc302d91be17614b521e3ccce473205db7

SHA512
414c6b410b35a8bb5a2c9fdd46dad63704484e1535155219b29a5bb886ded73f4b7ca3bafa726ce751e1c711a764938c9256106a90098263d6ff88bc017ec140

Download Submit
\Users\Admin\AppData\Local\Temp\nsd9A1F.tmp\System.dll

Filesize
10KB

MD5
4fbb4a2cd711fc1fe84f3dc30c491dc9

SHA1
888e01ae6e64e7326f88df9a30587f699eab154a

SHA256
c3b05f4faf5e8903d5b4cb4a8ce4bbf2e8144725b98d8787d51c117b6efa9bc2

SHA512
92dcf99672a5935065df6492e27abb653679f1db6dcddfde87cd14260c94a870327826b23cc2f338381b3eb53d07c1a3867806f6ff94533db5195b895a856847

Download Submit