Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3Five Night...re.dll
windows7-x64
1Five Night...re.dll
windows10-2004-x64
1Five Night...l).exe
windows7-x64
1Five Night...l).exe
windows10-2004-x64
1Five Night...ns.dll
windows7-x64
1Five Night...ns.dll
windows10-2004-x64
1Five Night...s0.ps1
windows7-x64
1Five Night...s0.ps1
windows10-2004-x64
1Five Night...ly.dll
windows7-x64
1Five Night...ly.dll
windows10-2004-x64
1Five Night...64.exe
windows7-x64
1Five Night...64.exe
windows10-2004-x64
1Five Night...er.dll
windows7-x64
1Five Night...er.dll
windows10-2004-x64
1Five Night...ib.dll
windows7-x64
1Five Night...ib.dll
windows10-2004-x64
1Analysis
-
max time kernel
151s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/02/2024, 01:11
Static task
static1
Behavioral task
behavioral1
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/D3D12/D3D12Core.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/D3D12/D3D12Core.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/Five Nights At Shreks Hotel 2 (Official).exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/Five Nights At Shreks Hotel 2 (Official).exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/Five Nights At Shreks Hotel 2 (Official)_Data/Plugins.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/Five Nights At Shreks Hotel 2 (Official)_Data/Plugins.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/Five Nights At Shreks Hotel 2 (Official)_Data/sharedassets0.ps1
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/Five Nights At Shreks Hotel 2 (Official)_Data/sharedassets0.ps1
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/GameAssembly.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/GameAssembly.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/UnityCrashHandler64.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/UnityCrashHandler64.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/UnityPlayer.dll
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/UnityPlayer.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/baselib.dll
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/baselib.dll
Resource
win10v2004-20231215-en
General
-
Target
Five Nights At Shrets Hotel 2 - V2.0 - Win x64/Five Nights At Shreks Hotel 2 (Official)_Data/sharedassets0.ps1
-
Size
180KB
-
MD5
29eb435b92c7cba02dec6271f6ac779d
-
SHA1
e9c77d27258c46c63069389699199c6bb5c175d5
-
SHA256
21c550016f05ebd5ab1aacbf41100fafee09cd83a607b681a2c86084eacd930c
-
SHA512
5c2aa8caf04b0f42256eca7373b9e297f2ff8cbcc86afa7e9589fb3c0a20d4450b7359c98137177102cebccfa6c9c50795ec0c638ef215b5ecdd6466fafdf2af
-
SSDEEP
3072:xubNsGoiSs9dwiix1CnP5+XF7ieOS+ysv1KH71XzExPeePQDLMPKeH/id9cibDW:2GRs9dQ1sYV7QSIv1KHasDwIuiW
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3560 powershell.exe 3560 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3560 powershell.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4312 wrote to memory of 4576 4312 msedge.exe 94 PID 4312 wrote to memory of 4576 4312 msedge.exe 94
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Five Nights At Shrets Hotel 2 - V2.0 - Win x64\Five Nights At Shreks Hotel 2 (Official)_Data\sharedassets0.ps1"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Suspicious use of WriteProcessMemory
PID:4312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff921c146f8,0x7ff921c14708,0x7ff921c147182⤵PID:4576
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82