862cd7ab7c81b20a4e848888bc2493dda0181759c39958a42cc5c3d02dfb195a

Analysis

max time kernel
119s
max time network
145s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FiveNightsatFreddys.exe
Size

220.7MB
MD5

d926fee3666c1c854a475a9766ad7ff7
SHA1

6459df8e4ae6d8b4dd77273f6337bd77874a8276
SHA256

862cd7ab7c81b20a4e848888bc2493dda0181759c39958a42cc5c3d02dfb195a
SHA512

0e5ff32ab864651e8dc54ca9488394d619316cf6bb1678f82cee758b0a5f973f3f436abeed1eac5dfbed6c7473c0d986cc317d0c8eaa34b4f98a1539440cec25
SSDEEP

6291456:f/aRHk3y95IDXNBvbYrQOKKtE8DDY+XA+WKqg4Zn4XEboaN0yG:f/a23y95OXzMQOK2dXA+TqJn4XEboaZG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1016	FiveNightsatFreddys.exe
1016	FiveNightsatFreddys.exe
1016	FiveNightsatFreddys.exe
1016	FiveNightsatFreddys.exe
1016	FiveNightsatFreddys.exe
1016	FiveNightsatFreddys.exe
1016	FiveNightsatFreddys.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1016	FiveNightsatFreddys.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1016	FiveNightsatFreddys.exe

C:\Users\Admin\AppData\Local\Temp\FiveNightsatFreddys.exe
"C:\Users\Admin\AppData\Local\Temp\FiveNightsatFreddys.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mrt9EA0.tmp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
\Users\Admin\AppData\Local\Temp\mrt9EA0.tmp\cctrans.dll

Filesize
64KB

MD5
a20165b7e7dfee46a59e48c175523af0

SHA1
6ed627806753d11e1a121689369668294d15be74

SHA256
cba1c0fa69bc6b106408d06878390a5699cd2b25adfed1a2610ee01ae2524cbe

SHA512
a9295b814fe77aa4ba4dec5cbed790858852f775799fe9da01bf07d67fa294d4ca1c5a68c9255c3fb716d0dbeb8b5a5ea38b8ec72263f40957beafe7bf323cd4

Download Submit
\Users\Admin\AppData\Local\Temp\mrt9EA0.tmp\kcclock.mfx

Filesize
36KB

MD5
35fa0df588606e5a382e7c155b28d0ff

SHA1
0552d9a6124b11d3ccea7ff8170b3a84c2afd0a7

SHA256
d320a4aeb6940a6a8589a99e5e16abb086e96c4c3376fdf4f066c0e125302247

SHA512
0421292d49fcf3bc87091f52fdc6def36cf7ace90123ee16289e6893c57d8ff23b72c8e9ad2261b9267c7c13f9de9d8c38246d6d68d3bad97c8967470d81ef64

Download Submit
\Users\Admin\AppData\Local\Temp\mrt9EA0.tmp\kcini.mfx

Filesize
28KB

MD5
5522465eba7c81f1fb67d6ad1a5df233

SHA1
0ec415bfaa9db6984cf922d5503d9fde67d0b3e2

SHA256
82c4f5af3c25a8daf60185833d3d61f2e8e2851ad640b59af54060eab6bc859e

SHA512
30d0ed91bf072e7b7367a708eb6a7d92cc0f326249ffdd44a0d94c3b8feb37b38387141c88add61a578393a186e9fb379d42ab0018aa14e917705e4344233f6a

Download Submit
\Users\Admin\AppData\Local\Temp\mrt9EA0.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
22284d6bb382967ff72363f828050e13

SHA1
5c98e25d24aacafffded9353c9526be0128c6dbd

SHA256
9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

SHA512
2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

Download Submit
\Users\Admin\AppData\Local\Temp\mrt9EA0.tmp\mmfs2.dll

Filesize
459KB

MD5
4cf7bb74d8104280b7e986f4df21109d

SHA1
edc21a43136afddbf4786593e84b934d40591b74

SHA256
c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

SHA512
2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

Download Submit
\Users\Admin\AppData\Local\Temp\mrt9EA0.tmp\waveflt.sft

Filesize
8KB

MD5
f76739536860a0bdb4a7e3bbb0c06d08

SHA1
b21581aa36eda87db8845caf58c668749e26b29f

SHA256
41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

SHA512
6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

Download Submit
memory/1016-23-0x0000000000AA0000-0x0000000000AB0000-memory.dmp

Filesize
64KB

Download