Overview

overview

10

Static

static

1

FiveM.exe

windows7-x64

1

FiveM.exe

windows10-1703-x64

6

FiveM.exe

windows10-2004-x64

6

FiveM.exe

windows11-21h2-x64

Analysis

  • max time kernel
    386s
  • max time network
    1587s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/06/2024, 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FiveM.exe

  • Size

    5.0MB

  • MD5

    8aa0a7309117d546a9672863016e65f9

  • SHA1

    66ec74e4e5ce2238d6f5b68c9dda80bcda3b6a7e

  • SHA256

    fe7e9e548c9b9bdeb1a42c8ef43087ea58d4b64d72d0d561ba7c7477521444d1

  • SHA512

    dc13a536c005da210499d8dbefa3850cf238b4cf4428e8acadebdaf0ad3bf69e90afa2db0db097c903905614c42314c3c3ba6c5230484a5dc1f82fc9276eec28

  • SSDEEP

    49152:7OjPW6H/UikolCdofyUS6cR7OPQksBH2BAl1mmReL9odoKklkEuFsO5f5B1w2jkC:yckvcR3fj3F7njSBwkChUNniNdh7

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FiveM.exe
    "C:\Users\Admin\AppData\Local\Temp\FiveM.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3816
    • C:\Users\Admin\AppData\Local\FiveM\FiveM.exe
      "C:\Users\Admin\AppData\Local\FiveM\FiveM.exe"
      2⤵
      • Drops desktop.ini file(s)
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5100
      • C:\Users\Admin\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2699_DumpServer
        "C:\Users\Admin\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2699_DumpServer" -dumpserver:1288 -parentpid:5100
        3⤵
        • Executes dropped EXE
        PID:4612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\FiveM\FiveM.app\citizen\platform-2372\data\control\settings.meta.tmp
    Filesize

    37KB

    MD5

    3656c6636cd9dbceaf83230c3c9a2be9

    SHA1

    989f27c6736a943fd4690091fed26f7c17e3c17f

    SHA256

    f9ae094812ce9fbd56b58dab7739451792aba8f56c5f21eee15ef96682b413a6

    SHA512

    52bbb8f2b2d6183f30b908d9171a2ec8c2128bbce145b7af0095d4c199b1ec431d650ec4ed0b1b6cbc7bcc8d29da3285cdcc61368faa8c4e57b45315ced4e4ad

    Download Submit

  • C:\Users\Admin\AppData\Local\FiveM\FiveM.app\citizen\platform-2802\data\control\settings.meta.tmp
    Filesize

    38KB

    MD5

    f4b0befa84f85c366c270e9a301770c6

    SHA1

    ea5e7ea8d41f5fb4d0db4a1f78b42642d696a3f3

    SHA256

    efb166f6c297d8585f0a07113d5510b459734140e874d447424a71a3075dde75

    SHA512

    76f59b8869ce1697e878fcdc33006b1605a122fbed71a191528dd4504f1e63c3d0aadb1f0bb6d785e384699ae6994bd874f07b50b7af429f5118241d192e5f69

    Download Submit

  • C:\Users\Admin\AppData\Local\FiveM\FiveM.app\citizen\release.txt
    Filesize

    6B

    MD5

    fcf3493d4e6141a09a5545ec0e5755ca

    SHA1

    ff9f551c79a827965dcfedf1f16b94fadb6e2f3d

    SHA256

    b9feb5024071270715158aff61173eff9470ae7389a2d15ed14050358b2d7d51

    SHA512

    4c1a75349e428cbcb77364bd6038606238d236846745ff3d05bcd91640cb4145a5c367a26deae84fb1d481f5b94a707e491bfc7ac925d3514358a544dc8209fc

    Download Submit

  • C:\Users\Admin\AppData\Local\FiveM\FiveM.app\citizen\scripting\lua\natives_universal.lua.tmp
    Filesize

    1.8MB

    MD5

    ae63da0d82569609d7a6d74c1f416670

    SHA1

    9095a1bc70f9930f444b9081f3e306c22da402b0

    SHA256

    4de50d88d1aa69f45e5e0266d83e3a4297b8dc377cbc0e58214e733a1e3d9f0f

    SHA512

    8676592b8e4cff95a24b869a21fdc9c0754fab4c787ccd46a06fc5e0cfa215bb24dd0729d73b5c972e9b6ee4696958ae9a735491f347191e58f50d286ef87460

    Download Submit

  • C:\Users\Admin\AppData\Local\FiveM\FiveM.app\citizen\scripting\v8\natives_universal.d.ts.tmp
    Filesize

    2.1MB

    MD5

    b2ed540e76b17be956cfc83bacf7da9d

    SHA1

    a6c636b9ba1b2ca5d669ef56708bc8ab39cfb15d

    SHA256

    dc0118d2ee8119847b5acd4bb403bf5f37a11625491d0c2cd4f6058bb02cf06e

    SHA512

    783af30aa5791764c3590cb242cc9a882cf48464cd6cd5ceaa849ce8a1e19ee7f4432967480be0c5989d0e1a173de82ee0b4f004f10b8ca448e2dc3929ce5a00

    Download Submit

  • C:\Users\Admin\AppData\Local\FiveM\FiveM.app\citizen\scripting\v8\natives_universal.js.tmp
    Filesize

    1.9MB

    MD5

    bfb480a6c455072c020fbfc59045cf49

    SHA1

    bde1d63447a9387f854c1deca0d032283f6b525b

    SHA256

    98c62f812d9e434f88000b0b22dadf029b0142e9bca452b8bc07a216d3d34687

    SHA512

    6fe26fbaa694c26ddb51008f28ec637a4a921ad4e0dbb0e05ec0f0aa4dc6c3b7622c10e53cd4b3a5afc157b6ca87102f2eeceead11816d207e259aadffbe4959

    Download Submit

  • C:\Users\Admin\AppData\Local\FiveM\FiveM.app\desktop.ini
    Filesize

    157B

    MD5

    f9d948aa9426cb1a2a82e651b81a1912

    SHA1

    2d496caeef3b0bff6b91b99e58736cea51366348

    SHA256

    b1fe21f251cf7875783ea162ef86c2a5b5022a1c5157bbb7972b6b34e14ec08a

    SHA512

    a962fae3853f43e4a8e2b33aa5f51a917673d76648845dffcc32037c25cb3f300e4c4fc3ea633bf78b714449dbda84416e41cc16256373c170fb82d8485e3369

    Download Submit

  • C:\Users\Admin\AppData\Local\FiveM\FiveM.exe
    Filesize

    5.0MB

    MD5

    8aa0a7309117d546a9672863016e65f9

    SHA1

    66ec74e4e5ce2238d6f5b68c9dda80bcda3b6a7e

    SHA256

    fe7e9e548c9b9bdeb1a42c8ef43087ea58d4b64d72d0d561ba7c7477521444d1

    SHA512

    dc13a536c005da210499d8dbefa3850cf238b4cf4428e8acadebdaf0ad3bf69e90afa2db0db097c903905614c42314c3c3ba6c5230484a5dc1f82fc9276eec28

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
    Filesize

    2KB

    MD5

    3e586f8219a22672329c910cd13f9929

    SHA1

    7936e52e79b7b9fc13bbd398ef2b519cf0cc7fca

    SHA256

    260bcbd45ac18ae22f34bc7bf2fb5e438e9ac682f1bd87dd3983bd43b84001e1

    SHA512

    e213da74708c19260b9d8648eec285a01617a9d03da6c7cf74b9888906040d721c3bcf949ba34a237e7335b90a70d0255a0f76622233ca07601da6b54553ba92

    Download Submit