66e8b0db840adfe6ab65f2948fe1b27d6a77b5eee5f94da20800e57bb9e7ea18

Resubmissions

17-07-2023 08:45

230717-kntaesah79 7

15-07-2023 16:42

230715-t7wz4abe26 7

Analysis

max time kernel
9s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2023 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Five Nights at Freddy's 2 FullHD_3.0.exe
Size

543.4MB
MD5

72c6642a8c70c1029428e239e13deb56
SHA1

35e4850cf10858511ec507a551f26e3d7363146c
SHA256

66e8b0db840adfe6ab65f2948fe1b27d6a77b5eee5f94da20800e57bb9e7ea18
SHA512

c92e27e48c221743020aefb8650cf1012644f744d1a3654a317e71366708ad109447eb31252463943dcbbc078e0f7c11b780758eb3cada90cfe2c58d70942fe4
SSDEEP

12582912:WE7FWUkNWFM+uS+O1qVAX+lmc4hANYB3J/lCCVbLzmga5gEQmGyeoiOxSvXM:WYWUkx+uS3NX+lvQDN/TVbLBHmLeotS0

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe
2212	Five Nights at Freddy's 2 FullHD_3.0.exe

C:\Users\Admin\AppData\Local\Temp\Five Nights at Freddy's 2 FullHD_3.0.exe
"C:\Users\Admin\AppData\Local\Temp\Five Nights at Freddy's 2 FullHD_3.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x518
1⤵
PID:4872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\DRPC.mfx

Filesize
861KB

MD5
0aa331b547d0650059a75dbad66248f6

SHA1
df01d62ecb2d263c80248c144d0b6212c0910767

SHA256
5e7c4bcc7b722179ca5de3933d0e807d0d1630d8e5a0a51b98cce85199051ea5

SHA512
9f4c0917cf39676c0c7145a21f1349d8ba981023a8c33990cf4046e852824a76ebab89371065ba546376fed95eeecf0accdbbf8fa99935ff4cb4622086c219bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\KcSyso.mfx

Filesize
24KB

MD5
4f344a32138c2db1824a9d5502f7edae

SHA1
7ebdd28c348073cabd7df361a88e57afc05b050c

SHA256
6fba807e4327c18c01c478c532d2e19c32ec8fdb04a14682b7e9ca38a293cec8

SHA512
14185b93b7dbaee83c1ae0bf3262e1860c4b749128fb5ca98feba967973a296ad0d379036944d3e11f999fe78df9eb9dff33301e38cde49551a723155ce53b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\cctrans.dll

Filesize
347KB

MD5
21e093d52a3afe8ed5532fcaa189c067

SHA1
8aa7bcb26e3064cd4d1172090ff00d083ee19cc4

SHA256
9b834b5d26983451ef3a11c8c2a715724daa188fbd28597081ecb1e9ed672f87

SHA512
b4c2205c234e8ed4973fca9c64c0ec11753eb200c1d2eb3c66b9f4509426c8774f14ae1271583e0eaff268eae9c8375c5993af107e4db8d7c87b817bd1ccd9e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\kcclock.mfx

Filesize
108KB

MD5
3aa5cbe7b31e550511ce011457c44790

SHA1
93c22c4f9ddb40d72865ec5dc169cef3feb3e337

SHA256
58588b5e12d0c5629ee481ad7ed9e8b4d6798cfa83004aecaa600a6924bc97e6

SHA512
c29a54368badaae841eb27dfb3a9ca74571828618888021c45949d1d999242e07bf240b08f602dfacded4c82e12fb6a13f501a09efe68fd5a310541099fa4a42

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\kcini.mfx

Filesize
330KB

MD5
a6ad14845999c5aa7adf2911671a7c5b

SHA1
98dfd5a9584d1c1b330c2c104c1779bd55ded211

SHA256
5af175ffb932fb653873dad095dd40f2ab8d3fb56f287213c21bb68652ddad2d

SHA512
32bb59826b82d47ec420ac2532e1387a85422d2f0ce5370ad2c95b914a7615d3b122dbf4dd045105eb8ffea49324dac57659f0e5f2500b4d0eb75047cb36dfd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\mmf2d3d11.dll

Filesize
541KB

MD5
839633898178f35f6de0b385b7de0ec7

SHA1
5396e52c45954f0953cc8cf2095b122f7353180e

SHA256
5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

SHA512
b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
c85bcc9f3049b57aa8ccbb290342ff14

SHA1
38f5b81a540f1c995ff8d949702440b70921acc5

SHA256
bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

SHA512
5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\mmfs2.dll

Filesize
768KB

MD5
200520e6e8b4d675b77971dfa9fb91b3

SHA1
0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

SHA256
763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

SHA512
8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt8018.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\fnaf2fh

Filesize
35B

MD5
51505249d884a75bf229cbdc0dfa315e

SHA1
65d727bab6b3e8d7454db66d667efa4f2802967f

SHA256
60c41c90bb63619fe461bfc5d206da841b2f8fb787f78e9c39a3122bb65d92c0

SHA512
e6549937853f67c594ee3ddc1f13b2edc322883eac0673682556fc6875e26fda4235140759b61deb02584dfd025e11f87034fcf6f577ca29504048ca0f6d1835

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\fnaf2fh

Filesize
50B

MD5
40b567933662a993489e344e9c725d6b

SHA1
a91f17c08d39ac8811e61253f304944b8b50f1f2

SHA256
d299eb3f653a85e129e5242652e2c5955a7b3613d584e033542054115f780f92

SHA512
762875bec6929cb9fb0483b3480db79c228ec32ae9caa1d4c5a04899231bf46753650d20e4635c62b9bac4cd4deb4594792bdf1aee7ee297636bbb528cd87020

Download Submit
memory/2212-176-0x0000000002D50000-0x0000000002D74000-memory.dmp

Filesize
144KB

Download
memory/2212-154-0x0000000074620000-0x0000000074677000-memory.dmp

Filesize
348KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads