66e8b0db840adfe6ab65f2948fe1b27d6a77b5eee5f94da20800e57bb9e7ea18

Resubmissions

17-07-2023 08:45

230717-kntaesah79 7

15-07-2023 16:42

230715-t7wz4abe26 7

Analysis

max time kernel
137s
max time network
35s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15-07-2023 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Five Nights at Freddy's 2 FullHD_3.0.exe
Size

543.4MB
MD5

72c6642a8c70c1029428e239e13deb56
SHA1

35e4850cf10858511ec507a551f26e3d7363146c
SHA256

66e8b0db840adfe6ab65f2948fe1b27d6a77b5eee5f94da20800e57bb9e7ea18
SHA512

c92e27e48c221743020aefb8650cf1012644f744d1a3654a317e71366708ad109447eb31252463943dcbbc078e0f7c11b780758eb3cada90cfe2c58d70942fe4
SSDEEP

12582912:WE7FWUkNWFM+uS+O1qVAX+lmc4hANYB3J/lCCVbLzmga5gEQmGyeoiOxSvXM:WYWUkx+uS3NX+lvQDN/TVbLBHmLeotS0

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\	Five Nights at Freddy's 2 FullHD_3.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Five Nights at Freddy's 2 FullHD_3.0.exe"	Five Nights at Freddy's 2 FullHD_3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236	Five Nights at Freddy's 2 FullHD_3.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236\URL Protocol	Five Nights at Freddy's 2 FullHD_3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236\shell\open\command	Five Nights at Freddy's 2 FullHD_3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236\shell	Five Nights at Freddy's 2 FullHD_3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236\shell\open	Five Nights at Freddy's 2 FullHD_3.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236\ = "URL:Run game 955852686459273236 protocol"	Five Nights at Freddy's 2 FullHD_3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236\DefaultIcon	Five Nights at Freddy's 2 FullHD_3.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_CLASSES\discord-955852686459273236\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Five Nights at Freddy's 2 FullHD_3.0.exe"	Five Nights at Freddy's 2 FullHD_3.0.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1076	Five Nights at Freddy's 2 FullHD_3.0.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe
1076	Five Nights at Freddy's 2 FullHD_3.0.exe

C:\Users\Admin\AppData\Local\Temp\Five Nights at Freddy's 2 FullHD_3.0.exe
"C:\Users\Admin\AppData\Local\Temp\Five Nights at Freddy's 2 FullHD_3.0.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\MMFApplications\fnaf2fh

Filesize
35B

MD5
51505249d884a75bf229cbdc0dfa315e

SHA1
65d727bab6b3e8d7454db66d667efa4f2802967f

SHA256
60c41c90bb63619fe461bfc5d206da841b2f8fb787f78e9c39a3122bb65d92c0

SHA512
e6549937853f67c594ee3ddc1f13b2edc322883eac0673682556fc6875e26fda4235140759b61deb02584dfd025e11f87034fcf6f577ca29504048ca0f6d1835

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\fnaf2fh

Filesize
50B

MD5
40b567933662a993489e344e9c725d6b

SHA1
a91f17c08d39ac8811e61253f304944b8b50f1f2

SHA256
d299eb3f653a85e129e5242652e2c5955a7b3613d584e033542054115f780f92

SHA512
762875bec6929cb9fb0483b3480db79c228ec32ae9caa1d4c5a04899231bf46753650d20e4635c62b9bac4cd4deb4594792bdf1aee7ee297636bbb528cd87020

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\fnaf2fh

Filesize
322B

MD5
c03114184cbeee15ad2c30493f8430a1

SHA1
1ff35921d906c777757237e00907ddb1f7628e61

SHA256
743026ce421176b98af8cfa174b1aef9b5eead0462e4b729505a27187770d080

SHA512
23433bb2ebf33b4c1d22b5b1518d5cee1491356f3a50fe10c26a92b7f8eb6468b48b983e42f7a91aee77d2d2930b9b134a70b31502a5f6acee28d8823e75478c

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\fnaf2fh

Filesize
322B

MD5
c03114184cbeee15ad2c30493f8430a1

SHA1
1ff35921d906c777757237e00907ddb1f7628e61

SHA256
743026ce421176b98af8cfa174b1aef9b5eead0462e4b729505a27187770d080

SHA512
23433bb2ebf33b4c1d22b5b1518d5cee1491356f3a50fe10c26a92b7f8eb6468b48b983e42f7a91aee77d2d2930b9b134a70b31502a5f6acee28d8823e75478c

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\DRPC.mfx

Filesize
861KB

MD5
0aa331b547d0650059a75dbad66248f6

SHA1
df01d62ecb2d263c80248c144d0b6212c0910767

SHA256
5e7c4bcc7b722179ca5de3933d0e807d0d1630d8e5a0a51b98cce85199051ea5

SHA512
9f4c0917cf39676c0c7145a21f1349d8ba981023a8c33990cf4046e852824a76ebab89371065ba546376fed95eeecf0accdbbf8fa99935ff4cb4622086c219bb

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\KcSyso.mfx

Filesize
24KB

MD5
4f344a32138c2db1824a9d5502f7edae

SHA1
7ebdd28c348073cabd7df361a88e57afc05b050c

SHA256
6fba807e4327c18c01c478c532d2e19c32ec8fdb04a14682b7e9ca38a293cec8

SHA512
14185b93b7dbaee83c1ae0bf3262e1860c4b749128fb5ca98feba967973a296ad0d379036944d3e11f999fe78df9eb9dff33301e38cde49551a723155ce53b5a

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\cctrans.dll

Filesize
347KB

MD5
21e093d52a3afe8ed5532fcaa189c067

SHA1
8aa7bcb26e3064cd4d1172090ff00d083ee19cc4

SHA256
9b834b5d26983451ef3a11c8c2a715724daa188fbd28597081ecb1e9ed672f87

SHA512
b4c2205c234e8ed4973fca9c64c0ec11753eb200c1d2eb3c66b9f4509426c8774f14ae1271583e0eaff268eae9c8375c5993af107e4db8d7c87b817bd1ccd9e8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\kcclock.mfx

Filesize
108KB

MD5
3aa5cbe7b31e550511ce011457c44790

SHA1
93c22c4f9ddb40d72865ec5dc169cef3feb3e337

SHA256
58588b5e12d0c5629ee481ad7ed9e8b4d6798cfa83004aecaa600a6924bc97e6

SHA512
c29a54368badaae841eb27dfb3a9ca74571828618888021c45949d1d999242e07bf240b08f602dfacded4c82e12fb6a13f501a09efe68fd5a310541099fa4a42

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\kcini.mfx

Filesize
330KB

MD5
a6ad14845999c5aa7adf2911671a7c5b

SHA1
98dfd5a9584d1c1b330c2c104c1779bd55ded211

SHA256
5af175ffb932fb653873dad095dd40f2ab8d3fb56f287213c21bb68652ddad2d

SHA512
32bb59826b82d47ec420ac2532e1387a85422d2f0ce5370ad2c95b914a7615d3b122dbf4dd045105eb8ffea49324dac57659f0e5f2500b4d0eb75047cb36dfd8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\mmf2d3d11.dll

Filesize
541KB

MD5
839633898178f35f6de0b385b7de0ec7

SHA1
5396e52c45954f0953cc8cf2095b122f7353180e

SHA256
5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

SHA512
b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
c85bcc9f3049b57aa8ccbb290342ff14

SHA1
38f5b81a540f1c995ff8d949702440b70921acc5

SHA256
bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

SHA512
5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\mmfs2.dll

Filesize
768KB

MD5
200520e6e8b4d675b77971dfa9fb91b3

SHA1
0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

SHA256
763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

SHA512
8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
\Users\Admin\AppData\Local\Temp\mrt454.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
memory/1076-87-0x0000000000B00000-0x0000000000B24000-memory.dmp

Filesize
144KB

Download
memory/1076-107-0x00000000FFF70000-0x00000000FFF80000-memory.dmp

Filesize
64KB

Download
memory/1076-72-0x00000000742E0000-0x0000000074337000-memory.dmp

Filesize
348KB

Download