32ad60e9143ec254502ca197c2b8fe913cce1dd91f1ac6a94c5009b71aba5baa

Analysis

max time kernel
140s
max time network
154s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13-07-2023 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

five-nights-at-maggie-s.exe
Size

354.6MB
MD5

da30baeab6ee4cf48a99bfa8a8ccec5b
SHA1

2538f3702cc88cd0c1e636c2d5715ef08c09e9bf
SHA256

32ad60e9143ec254502ca197c2b8fe913cce1dd91f1ac6a94c5009b71aba5baa
SHA512

6cc09e06ce7b3956aeb0855fa63ddc377ab6aec052cc898cc9054c4a759c672bf4ea8fca25596db52de165e7d7404755b2af4e4f40f7418754a946ee7228a8e2
SSDEEP

3145728:oNOz92wf315ZpuWAVZnxojEMCjKZI1EqHrdy58:oNoLf3/ZpA7nkad1EwRym

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
744	five-nights-at-maggie-s.exe
744	five-nights-at-maggie-s.exe
744	five-nights-at-maggie-s.exe
744	five-nights-at-maggie-s.exe
744	five-nights-at-maggie-s.exe
744	five-nights-at-maggie-s.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
744	five-nights-at-maggie-s.exe

C:\Users\Admin\AppData\Local\Temp\five-nights-at-maggie-s.exe
"C:\Users\Admin\AppData\Local\Temp\five-nights-at-maggie-s.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\kcini.mfx

Filesize
114KB

MD5
7c0cb7fdc0d3519520cd4b8137edbd80

SHA1
bd4eddd8316a51baf4a3ae68b56acfbba734f46c

SHA256
d1471b2685d45956c323baa2cab11dfe479eb1021f04e2949f03557527c5fc84

SHA512
601c16892bef77d5842e0778f27d4f82e19ae66333b2b75c9a34b3ba6441169946e1167ceb21ed270bddba305abfe50f2e8f8ab2e9dc410c96a31944e597034a

Download Submit
\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\mmf2d3d9.dll

Filesize
1.1MB

MD5
72bb9180f8905c0da95566b778cdac5e

SHA1
e96145e8120514092b35f67f1f120b958997f921

SHA256
3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

SHA512
c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

Download Submit
\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\mmfs2.dll

Filesize
509KB

MD5
98f647d1ed220e1d715aed9dcf69f387

SHA1
d1d9f5361672553a394bee9afe1d30814dd0ac53

SHA256
3a288448e88a296b2bceeaf093e76a22e3083e937a3c4efeb6a61565ca7e35df

SHA512
e950658b0afdad722a9f243bb8ae7fbc1c541dd0513379ef9e1d99becf8b31b4098c6789204baf3f15ea26f43af665edaa9799a6617373009def81bb20f02a06

Download Submit
\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
\Users\Admin\AppData\Local\Temp\2f5d0121-e325-4135-8f88-3de2cdbc93a3.FusionApp\waveFlt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
memory/744-73-0x00000000002D0000-0x00000000002F4000-memory.dmp

Filesize
144KB

Download