Overview

overview

7

Static

static

1

five-night...in.exe

windows7-x64

7

five-night...in.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2023 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    five-nights-at-freddys-4-1-0-en-win.exe

  • Size

    444.8MB

  • MD5

    9301befc0a0c815bed25f7ce331657d7

  • SHA1

    4fdead5eb0224414e25f4ca692227faba45c90ac

  • SHA256

    cde7ba60c8a1f16c99111ce6af3eb58f1342763c23bf130a41f6408454b70ac1

  • SHA512

    fbdd78967b9747833206e39c32fc94cf1c8fa865622214d1bfaaa7b38bead2862ebfcf7aa4c63576939fa576490b501e9116bc986134cf22cf97a22a2476f856

  • SSDEEP

    12582912:oNP42WpzVMs+IAku/y86xOpCV5YkC+auFZgnHTSeJa00ZJ1D3Mz8AC++yeqz4koX:o5TOVMNIAkWy8cF5YkC/uFf100ZJ1D80

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\five-nights-at-freddys-4-1-0-en-win.exe
    "C:\Users\Admin\AppData\Local\Temp\five-nights-at-freddys-4-1-0-en-win.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:796
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3cc 0x424
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4836

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mrtA609.tmp\cctrans.dll
    Filesize

    64KB

    MD5

    a20165b7e7dfee46a59e48c175523af0

    SHA1

    6ed627806753d11e1a121689369668294d15be74

    SHA256

    cba1c0fa69bc6b106408d06878390a5699cd2b25adfed1a2610ee01ae2524cbe

    SHA512

    a9295b814fe77aa4ba4dec5cbed790858852f775799fe9da01bf07d67fa294d4ca1c5a68c9255c3fb716d0dbeb8b5a5ea38b8ec72263f40957beafe7bf323cd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrtA609.tmp\cctrans.dll
    Filesize

    64KB

    MD5

    a20165b7e7dfee46a59e48c175523af0

    SHA1

    6ed627806753d11e1a121689369668294d15be74

    SHA256

    cba1c0fa69bc6b106408d06878390a5699cd2b25adfed1a2610ee01ae2524cbe

    SHA512

    a9295b814fe77aa4ba4dec5cbed790858852f775799fe9da01bf07d67fa294d4ca1c5a68c9255c3fb716d0dbeb8b5a5ea38b8ec72263f40957beafe7bf323cd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrtA609.tmp\kcini.mfx
    Filesize

    28KB

    MD5

    5522465eba7c81f1fb67d6ad1a5df233

    SHA1

    0ec415bfaa9db6984cf922d5503d9fde67d0b3e2

    SHA256

    82c4f5af3c25a8daf60185833d3d61f2e8e2851ad640b59af54060eab6bc859e

    SHA512

    30d0ed91bf072e7b7367a708eb6a7d92cc0f326249ffdd44a0d94c3b8feb37b38387141c88add61a578393a186e9fb379d42ab0018aa14e917705e4344233f6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrtA609.tmp\mmfs2.dll
    Filesize

    459KB

    MD5

    4cf7bb74d8104280b7e986f4df21109d

    SHA1

    edc21a43136afddbf4786593e84b934d40591b74

    SHA256

    c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

    SHA512

    2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mrtA609.tmp\waveflt.sft
    Filesize

    8KB

    MD5

    f76739536860a0bdb4a7e3bbb0c06d08

    SHA1

    b21581aa36eda87db8845caf58c668749e26b29f

    SHA256

    41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

    SHA512

    6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

    Download Submit

  • memory/796-137-0x00000000046B0000-0x00000000046C0000-memory.dmp

    Filesize

    64KB

    Download