fd8f2b5eaeb354d4b2d73acf8f79b93ef77a353f132f8f0fa1ff094e39c4db64

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DFX.for.RealPlayer.v9.103/3ddown.com_setup.exe
Size

1.5MB
MD5

3a34872b306508171c416d87fed93c37
SHA1

019a755e1c6859b12a4e3972ec0f3e8fe5728df6
SHA256

0f691473c15ee1785db529d574a812be62a2e86f6137894bdf4df4e2809b9ec6
SHA512

57fbbfcca0657bbf2662db54db2f85a3ec839b052873ff176154f6ce84aacfbeaab9abb75b2ba0398083cfd7b8643dd33c9df319d1b433f96bde6f29f102bbae
SSDEEP

24576:mQ2yABBtg+DHfrvDJPYGqgXqntR1etIXeClL4d0pJnUTZLYJRP+wekc2iw3d:72fBxXlYu6zc+XeduhZekxt

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
3108	3ddown.com_setup.exe
3108	3ddown.com_setup.exe
3108	3ddown.com_setup.exe
3108	3ddown.com_setup.exe
3108	3ddown.com_setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3ddown.com_setup.exe

C:\Users\Admin\AppData\Local\Temp\DFX.for.RealPlayer.v9.103\3ddown.com_setup.exe
"C:\Users\Admin\AppData\Local\Temp\DFX.for.RealPlayer.v9.103\3ddown.com_setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsxC073.tmp\InstallOptions.dll

Filesize
14KB

MD5
d7b3f05ff44116b9080b5e69b2e86efd

SHA1
2535ecfa122041edb901ac667944e0f6814c4cd0

SHA256
40d66e085409445202dce1b5419449cc302d91be17614b521e3ccce473205db7

SHA512
414c6b410b35a8bb5a2c9fdd46dad63704484e1535155219b29a5bb886ded73f4b7ca3bafa726ce751e1c711a764938c9256106a90098263d6ff88bc017ec140

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxC073.tmp\System.dll

Filesize
10KB

MD5
4fbb4a2cd711fc1fe84f3dc30c491dc9

SHA1
888e01ae6e64e7326f88df9a30587f699eab154a

SHA256
c3b05f4faf5e8903d5b4cb4a8ce4bbf2e8144725b98d8787d51c117b6efa9bc2

SHA512
92dcf99672a5935065df6492e27abb653679f1db6dcddfde87cd14260c94a870327826b23cc2f338381b3eb53d07c1a3867806f6ff94533db5195b895a856847

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxC073.tmp\ask_email_page_IO.ini

Filesize
640B

MD5
f532a9f5d64265a1793312a062a1999e

SHA1
117abfe168844d386bdf48b41e8865c271588a1b

SHA256
7ee3ae72a05325910d07afd245b29a098a1a0ccd1a1473eca6364cd577aaefd8

SHA512
21204cc5c4276f7019207de0522809b3f068034a8d6132b1eea53d1c008a1bfd86df79864f4304737ed2f675cb5a3a1b3ee444f431501bf7248a7ed746d88deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxC073.tmp\ioSpecial.ini

Filesize
704B

MD5
2d4484ca2df5d5759cf53caaba175b5f

SHA1
c6264d60ebae08b32b7427a4b2ed8c970768e06f

SHA256
4f254843851f0cfacd81242ff959504e5e0c2654ec09f6e3cc139cb6bb12212e

SHA512
d71a06e831f3c3a7e1df4479cdede309db5e2f951276b70bceb8095cdb78a637859dd88caaebc94fe67e41aeddb2459726c37bcb7209efb40ccc1200727ab992

Download Submit