bbf390f8cdf28360ba59075b2cddb53fe45825e1e00ba82057735a107e2c5791

Analysis

max time kernel
120s
max time network
145s
platform
windows7_x64
resource
win7-20230712-es
resource tags

arch:x64arch:x86image:win7-20230712-eslocale:es-esos:windows7-x64systemwindows
submitted
17-07-2023 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Five Nights at Freddy's 3.exe
Size

109.1MB
MD5

bef8084ea1f95c2c199c54bd537e90e4
SHA1

8ff5d032cae4efa7d2f6c06b4da26893a4ea4756
SHA256

bbf390f8cdf28360ba59075b2cddb53fe45825e1e00ba82057735a107e2c5791
SHA512

937cdbcdfc335041d3c7287d22477757a82788e71e93d329e44d81608ac7a7e01d5b83b716c236fd79a60bc42cdf1085c271c31659c9d68fc91e87dbab15f851
SSDEEP

3145728:LYMHjTN0w3CSIh19g3USWejwq7M4fg/HOY1ECqcQ:kM1f3CSIv0TrwqjKHZPqp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2260	Five Nights at Freddy's 3.exe
2260	Five Nights at Freddy's 3.exe
2260	Five Nights at Freddy's 3.exe
2260	Five Nights at Freddy's 3.exe
2260	Five Nights at Freddy's 3.exe
2260	Five Nights at Freddy's 3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2260	Five Nights at Freddy's 3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2260	Five Nights at Freddy's 3.exe

C:\Users\Admin\AppData\Local\Temp\Five Nights at Freddy's 3.exe
"C:\Users\Admin\AppData\Local\Temp\Five Nights at Freddy's 3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2260

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mrtB27D.tmp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
\Users\Admin\AppData\Local\Temp\mrtB27D.tmp\cctrans.dll

Filesize
64KB

MD5
b1bce28b7dd711f299785f35b5d30d9e

SHA1
54948c118fd5866c7b6c3efada3ae4b87548e392

SHA256
1a2e6bd6ce00288a3fcfa6d1544e32b00543559ac8ffcddc17aa2e19bd3a71aa

SHA512
4d22e9dfef85869502f7f9372c918c006575dfa405daebe075a9618907b0139ada75465e8ea1694c07dcd1b0c5f6d26411a6cdfb6603f9ee5643d04b8de5dd7a

Download Submit
\Users\Admin\AppData\Local\Temp\mrtB27D.tmp\kcini.mfx

Filesize
28KB

MD5
6464b32ef16f0026334fbd2a8f2b6b62

SHA1
efd9199bdf6e056d446efa32700fc00f27782d31

SHA256
a0bc50d0fc19e83a7ce7892c29540818a47a2085ae512bf102d2891ee59a81d3

SHA512
11d9c94c3bbf9d659f82d06492216f150025c4cd9129f887b19cf1cac4e9fbb779c48e4405a6821ac559bcad167e415243d043d52e492453d2f507d1c1a61c0b

Download Submit
\Users\Admin\AppData\Local\Temp\mrtB27D.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
280eccc6206500938ac9daa5baadbf1a

SHA1
19217ffbfa924b795a90fddfc3c5a1e4e0e88301

SHA256
ca8b234eb31dae750b33f89aab906362c898074e32e9042ea8fdf50cec2d5766

SHA512
913fff38b373dc37dbca9eec8d3b164c2613a02ba34abcbbd5de06c67407e0a2fa7fac5e1d1a6adaa772138a21343594fdcb08ddea67431081f81ea6f13da58d

Download Submit
\Users\Admin\AppData\Local\Temp\mrtB27D.tmp\mmfs2.dll

Filesize
459KB

MD5
4c240ac059ebca98706100798ab42133

SHA1
28fbb81a59fc892c58ea9c0b9277a0181de0c523

SHA256
3d81578a59699b82d812c59db7ef03b141da1700dc2ef20c5728feb83af08e4b

SHA512
5869f161de4df77c53631b82b6ebfca8cf71749592c0c83a6a1f3683c52c0e6ac5c764df3bc2d19db7fb84f9635abfd235d0c57ca7c6827930bb48eeb4dc7a59

Download Submit
\Users\Admin\AppData\Local\Temp\mrtB27D.tmp\waveflt.sft

Filesize
8KB

MD5
f76739536860a0bdb4a7e3bbb0c06d08

SHA1
b21581aa36eda87db8845caf58c668749e26b29f

SHA256
41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

SHA512
6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

Download Submit
memory/2260-74-0x0000000000AE0000-0x0000000000AF0000-memory.dmp

Filesize
64KB

Download