IOC Report
5kplayer-setup.exe

Files

File Path

Type

Category

Malicious

5kplayer-setup.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_5kp.exe_3b92e18cc83f109fc4ff47897356e7efcb1d37ba_f76daea9_1e85dae6-22fa-41a1-80c6-96351ecc220e\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

modified

C:\ProgramData\Microsoft\Windows\WER\Temp\WER21FB.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER221B.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER50B.tmp.dmp

Mini DuMP crash report, 15 streams, Fri Apr 19 04:26:09 2024, 0x1205a4 type

dropped

C:\Users\user\AppData\Local\Temp\5kplayer\5kp.7z

7-zip archive data, version 0.4

dropped

C:\Users\user\AppData\Local\Temp\5kplayer\5kp.exe

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nss8647.tmp\nsis7zU.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Digiarty\unique.bin

ASCII text, with no line terminators

dropped

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

Domains

Name

IP

Malicious

www.5kplayer.com

67.228.121.196

Details

Name:	www.5kplayer.com
IP:	67.228.121.196
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

dl1.5kplayer.com

67.228.121.193

IPs

IP

Domain

Country

Malicious

13.89.179.12

unknown

United States

67.228.121.196

www.5kplayer.com

United States

Details

IP:	67.228.121.196
TargetID:	2
Current Path:	C:\Users\user\AppData\Local\Temp\5kplayer\5kp.exe
Country:	United States
Countrycode:	USA
ASN number:	36351
ASN name:	SOFTLAYERUS
Private:	false
Domain:	www.5kplayer.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

67.228.121.193

dl1.5kplayer.com

United States