3f5585fef37aa1eddea8a1b6a8b0ad8e68f117df4fc0832b5cdf2910a1a1b368

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 01:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Size

289.6MB
MD5

ad44eb1f122de6f12e9bb712a08d7b99
SHA1

d54acd04a89d477c0a15e455489c9fd3a31251c2
SHA256

3f5585fef37aa1eddea8a1b6a8b0ad8e68f117df4fc0832b5cdf2910a1a1b368
SHA512

f4ea03bc89a456a04cb3de6a21c6538b44b88b4815c6fb3e198b0fdeeb0368b8a3ec8c4e54a2333e343a4dbd839ef0d35a82f1802ec5ba14f4ba607d2f720626
SSDEEP

6291456:XcxY2V0YtFxgJE+ms8Bbov12zUGMXjAk+A5Z9gn/W6/VWfF8nFVG:XcaAFeENsybyIzUGMXj19zm9/VYUFE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 34 IoCs

pid	Process
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049\ = "URL:Run game 1210404681973506049 protocol"	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049\DefaultIcon	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\five-nights-at-sonic-2-reopened-full-game-v1.07.exe"	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049\shell\open\command	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049\URL Protocol	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049\shell	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049\shell\open	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\discord-1210404681973506049\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\five-nights-at-sonic-2-reopened-full-game-v1.07.exe"	five-nights-at-sonic-2-reopened-full-game-v1.07.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4948	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4948	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe
1560	five-nights-at-sonic-2-reopened-full-game-v1.07.exe

C:\Users\Admin\AppData\Local\Temp\five-nights-at-sonic-2-reopened-full-game-v1.07.exe
"C:\Users\Admin\AppData\Local\Temp\five-nights-at-sonic-2-reopened-full-game-v1.07.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\Box2DBase.mfx

Filesize
284KB

MD5
15c1f5c080b99d1ea6f3b70c7a69af8c

SHA1
79e85e2d054dc6a07c0f9f611978e129e98ebf69

SHA256
286605641cdba584c563d7241c106bc9ea9d3e5a22028ed92e7f5cabd33e1e4b

SHA512
c540e8a1d1dfb60daec7694ff0f1cad210f7a061f80f6aea1a507b172a6295960c6ceaf80a808d1f752ec0ad8e4e97ad9941fd85c3926a4351095ae00aaaf1c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\Box2DParticules.mfx

Filesize
116KB

MD5
620484ac56c6d8820f97f1b270780f4d

SHA1
0ffa10053fc6102662846c69c3caead76177d577

SHA256
d96b7d91eebd3ae5f967d2726d00beb834be41a113aded49298da94cbdae48db

SHA512
a8cbba36d670035fdda66ba2bda124963e27c2fbb23514f2f5c3d6775ba1ebafbe59494938cb6bf7e5f7cc8e949422c208f7e80124ca24af371ebe3b9234873f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\DRPC.mfx

Filesize
861KB

MD5
66726fdf933ad94bf73ab40430abadd0

SHA1
77bfe6fd11acb69d9735af1fd291c496773e1249

SHA256
163f8e16167f79bf88a4175af056d31256775b6c68f33e00528f26585e4d0354

SHA512
83f6b4d61a5366bd6cf6b99f55a8d0681b413271fdfa8e9164b73032a9c972c7a1a1b2ecc2ded30c7a352a2895e1780facefc66f1436abd62d148a30300ce4f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\Easing.mfx

Filesize
168KB

MD5
052d1c7eed7b50a18eddc10dfad3ae22

SHA1
6f88687f930e73106d2b8af00f5317eca74e0c61

SHA256
1b5e79e999c4cff19fe0260bdeaeeaea0fcda6057bf6d17bf0f121e9797d20ef

SHA512
ef89c692a47d2ad66d6f4e722e9b330a85cca0faea2f022abfc3da3c1d32fc7c0cf01d6a6e36fddd0b82c97eebc707c9e00e2431792d551b7178fb8d50452966

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\Get.mfx

Filesize
305KB

MD5
0836ffc32147508400f557286e7574e5

SHA1
402d0c938eb8982611496f388737595616516040

SHA256
b339ba20b3341cf3da19301eada3370f59e193513a06c90f401f19aec774e757

SHA512
4b31fdae9e1c37812cbe365ca3bbe28949cd9b34df1478b9c7834021cde9361d5fbbdfd7fa53177a13d34b2305ae31611afcc7a3a3025720e5ba805b28b36e4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\INI++15.mfx

Filesize
439KB

MD5
760454c677adda4b319272641680e331

SHA1
348f18fb00889c3058451c2f034b51d6965522af

SHA256
4f7e3cc575de56d815589db22a1d96760e2f309e58b9bde1a57e108bda069393

SHA512
62f4d9c151adf2ce2430028185241f890849b3b0c2a11b5cc8c0e74bb3c02f3246e3abdc4031b75d2aaba9f24c26e60b165c410c2bf7c4e0569b34882b8477a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\clickteam-circular.mvx

Filesize
28KB

MD5
670cfc229784a242beb960a430ae9764

SHA1
9818a8a255e58e28c1e7617aa7ab38f29067e4f5

SHA256
671a01a39fa56a32fc0a43b16038d3077202734a7beacd50d73439011a74a4cb

SHA512
7eb59b4391fed479803c2c2ba075d3fa4581473495f2458b0a86fc3d27f8b7e56a012b920bf2b5f1697b4eb498c8d16de17ebed9f10eb55686048cd4f96df1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\clickteam-simple_ellipse.mvx

Filesize
28KB

MD5
44acbfa6bc341c33bfb1be7a891b9307

SHA1
fd5005905f632c3456e5bc2f141db11d9fcd67ed

SHA256
73ea8b5011b1c8e18e5c3f12ee4adc33fcc28385593d1371e828d6b9237ce33c

SHA512
a2ee76974cae652cb80e1e1b6ae678b6e38092fdcf813570db40a63c71cb8e07d8c234808833ed2cd1982c392d979f3adcd1b57a52a2da6239005a6e7e1073f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\kcclock.mfx

Filesize
108KB

MD5
3aa5cbe7b31e550511ce011457c44790

SHA1
93c22c4f9ddb40d72865ec5dc169cef3feb3e337

SHA256
58588b5e12d0c5629ee481ad7ed9e8b4d6798cfa83004aecaa600a6924bc97e6

SHA512
c29a54368badaae841eb27dfb3a9ca74571828618888021c45949d1d999242e07bf240b08f602dfacded4c82e12fb6a13f501a09efe68fd5a310541099fa4a42

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\kcedit.mfx

Filesize
32KB

MD5
a00acf3af0958898345fca9893cb6f57

SHA1
561717e33e2877fd0db99411265186ca468041bd

SHA256
b38ad01ad8a22f3f553530b000d6d061356601d308e6a79284605c30cb0674ad

SHA512
9435f612a23864ac7e4d22cff927b4155463fdddd8d143b805d7233dd372e9a5975c9a4170de9bcfc3adce4ab9fffdab2937f053e48743d2791753d2dc727850

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\kcfile.mfx

Filesize
36KB

MD5
147788ae04300afedab921998dbd838e

SHA1
db937ae697f98965084bd6cf7ab024101af0f732

SHA256
1d1a83db2abfea8c92008e99e7dd12bd3c01e92baf5f2297f8874aa400f2e761

SHA512
381d0c0ccea2155a3510d992fd513bda7804432e9d4377c0b35337f037b5ddd8a4eae9d41439a8c12056b4c07fc2191296f88dc53ca8c5fef61008ce57185b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\kclist.mfx

Filesize
32KB

MD5
10a8ccacb046c0dc05adfc6964e99e95

SHA1
48acabc563a9c6d48eae3eda5254306127c00528

SHA256
57d8f859ecf57eed8f2fdc3271ec1d57c879899a527d77a80c9f45b1377742f5

SHA512
e972e0a6d4aa5c0cab99283c27038eb31f0adf2f581b4be9b58768d25a81f71e2aa5482500e4cb16bbc60d41f84ef926cd61a9cbe9fce1fce4adca564a6b147a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\kcwctrl.mfx

Filesize
63KB

MD5
fa3aa3c51150eb5410dc3d74484d84bb

SHA1
3ffca600b9d8b2d580c99021c95e8c6400d9a824

SHA256
0666e52ea54bb2bdb81216443ea0787b8fcc6292b64d6bdf285eebf42e1bbae6

SHA512
81ec7ec2a5877d1b226dfb4ccc8c3946b61fb409d5c53c789e6f8c310a0dc0b3ce1681613cc110a5559540a0ab302e6c36a00d0df07acb41c5a7c35b37d4594a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\mmf2d3d11.dll

Filesize
541KB

MD5
839633898178f35f6de0b385b7de0ec7

SHA1
5396e52c45954f0953cc8cf2095b122f7353180e

SHA256
5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

SHA512
b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
c85bcc9f3049b57aa8ccbb290342ff14

SHA1
38f5b81a540f1c995ff8d949702440b70921acc5

SHA256
bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

SHA512
5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\mmfs2.dll

Filesize
768KB

MD5
200520e6e8b4d675b77971dfa9fb91b3

SHA1
0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

SHA256
763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

SHA512
8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\mp3flt.sft

Filesize
24KB

MD5
5bebc3ae0122702b89f9262888d3a393

SHA1
064731c0f1d493b5b82921fa78f06e3d1db95284

SHA256
81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

SHA512
c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\parser.mfx

Filesize
30KB

MD5
5903e2efe098dae179c07d670ff836b7

SHA1
93a2ce92a28c646735790d2cc9ff8959cc6e0c11

SHA256
9813631f63f79fbaa741094786d4b13c34515ec4a33c0d4e88b75a20973c887c

SHA512
e39bb67dc8765558274f93953de141e17de18550912bf79a94a2cc998918d07631a0251551abc080363ea52444c1511f15458232d0c656d8f62550d33756e740

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\process.mfx

Filesize
16KB

MD5
2369ad12be7db245ec044b13d14096c6

SHA1
21aaf849748710299d3e5406da0e964accf65673

SHA256
b1735ae8a709bb616a1e5ee43b219b81cfe8a792fb3f03ffcbc5de38c11b0080

SHA512
b7b2ee57c50d9790bae33aab063c8f0762befa28c08acc3a3a6e72c98666c7e345b88b99cb01a95203373980e7ef6edef4f39a2462d9b6839bff030850eb7023

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt60BD.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
memory/1560-69-0x0000000003800000-0x0000000003849000-memory.dmp

Filesize
292KB

Download
memory/1560-62-0x00000000031B0000-0x00000000031D0000-memory.dmp

Filesize
128KB

Download
memory/1560-56-0x00000000036E0000-0x00000000037F2000-memory.dmp

Filesize
1.1MB

Download
memory/1560-49-0x00000000031A0000-0x00000000031AB000-memory.dmp

Filesize
44KB

Download
memory/1560-42-0x0000000003140000-0x0000000003190000-memory.dmp

Filesize
320KB

Download
memory/1560-107-0x00000000038B0000-0x00000000038D4000-memory.dmp

Filesize
144KB

Download
memory/1560-35-0x0000000001AE0000-0x0000000001B10000-memory.dmp

Filesize
192KB

Download