File name:

five-nights-at-freddy-s-3 (1).exe

Full analysis: https://app.any.run/tasks/a9df7a1e-b6f6-4e00-bc6a-98e690c6d383
Verdict: Malicious activity
Analysis date: February 29, 2024, 00:10:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

9CF7DADB1CE489200610282E1787A288

SHA1:

D9DD907BC130790E2AEF91415ED99B96527F1017

SHA256:

58B0FDC5CDCB4CF99A44B84440E83E3AE34BAF56E00531B9747CD86001C4AD6E

SSDEEP:

98304:YUVSFlL7R5Jcedh1ArnNk4eTaDKhuIWBB+OzinfE9Cqu8ohcyj3lQkFRuZDqrI51:o3MlwTBA6PN4Lmkt/Ib+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • five-nights-at-freddy-s-3 (1).exe (PID: 3672)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • five-nights-at-freddy-s-3 (1).exe (PID: 3672)

  • INFO

    • Create files in a temporary directory

      • five-nights-at-freddy-s-3 (1).exe (PID: 3672)
      • stdrtex.exe (PID: 3700)

    • Checks supported languages

      • five-nights-at-freddy-s-3 (1).exe (PID: 3672)
      • stdrtex.exe (PID: 3700)

    • Reads the computer name

      • stdrtex.exe (PID: 3700)

    • Creates files or folders in the user directory

      • stdrtex.exe (PID: 3700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:18 18:42:17+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 265728
InitializedDataSize: 359424
UninitializedDataSize: -
EntryPoint: 0x74ee
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 0.2535.0.0
ProductVersionNumber: 0.2535.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: RansomTrap2535
FileDescription: RansomTrap2535
FileVersion: RansomTrap2535
LegalCopyright: RansomTrap2535
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start five-nights-at-freddy-s-3 (1).exe stdrtex.exe

Process information

PID
CMD
Path
Indicators
Parent process
3672"C:\Users\admin\AppData\Local\Temp\five-nights-at-freddy-s-3 (1).exe" C:\Users\admin\AppData\Local\Temp\five-nights-at-freddy-s-3 (1).exe
explorer.exe
User:
admin
Company:
RansomTrap2535
Integrity Level:
MEDIUM
Description:
RansomTrap2535
Exit code:
0
Version:
RansomTrap2535
Modules
Images
c:\users\admin\appdata\local\temp\five-nights-at-freddy-s-3 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3700"C:\Users\admin\AppData\Local\Temp\mrtF433.tmp\stdrtex.exe" /SF "C:\Users\admin\AppData\Local\Temp\five-nights-at-freddy-s-3 (1).exe" /SO621568C:\Users\admin\AppData\Local\Temp\mrtF433.tmp\stdrtex.exe
five-nights-at-freddy-s-3 (1).exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\mrtf433.tmp\stdrtex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\mrtf433.tmp\mmfs2.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
1 171
Read events
1 170
Write events
1
Delete events
0

Modification events

(PID) Process:(3700) stdrtex.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
stdrtex.exe
Executable files
12
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\stdrtex.exeexecutable
MD5:8578B5F3D3810F14195AE031B4D217C5
SHA256:150BB9E4D9F21C68BFF41D6FD74B50142B0BF9DB31A053F5739F49D42E953CED
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mmf2d3d11.dllexecutable
MD5:839633898178F35F6DE0B385B7DE0EC7
SHA256:5F6563D6BF2F3CEAB8B2CA2C15BA4F7FE882A82C1F72B10041B5692C6515A53A
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\Perspective.mfxexecutable
MD5:9F064BDCB066DAA428DB0ED9E33E785D
SHA256:090925A4CD961F22B1ECD2FBA4CE04AB063E26507A1DC09B1D6A40C4860A8777
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mmf2d3d8.dllexecutable
MD5:2B9033417D4630569225D477A3D6C589
SHA256:AAD3C93F3F12B3469A0F6794F7FB5928727702DBA5FE69DD43047CC2ADB25095
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mmf2d3d9.dllexecutable
MD5:C85BCC9F3049B57AA8CCBB290342FF14
SHA256:BDDDA991185A9E83B9855A109F2FCFA78CD2D5402E9DB344C6EC77F6CE69A0C5
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\Layer.mfxexecutable
MD5:8BBA7602E13F66901207E4D7BDC99FF2
SHA256:9E9D49C81E02CDEF2EA10F53FEE958BB750A96E7567D680F86202F0E28E267A8
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\Textfile.mfxexecutable
MD5:2394D12A80698BA149F2524B11D8D98E
SHA256:5F0227E898CCABA747465189B768A269432B2BA5AE2B7498AEF41F3BECE393A8
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mmfs2.dllexecutable
MD5:200520E6E8B4D675B77971DFA9FB91B3
SHA256:763EF4484BA9B9E10E19268C045732515F0AC143CF075E6D1EA1F5ADCC77633B
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\kcini.mfxexecutable
MD5:A6AD14845999C5AA7ADF2911671A7C5B
SHA256:5AF175FFB932FB653873DAD095DD40F2AB8D3FB56F287213C21BB68652DDAD2D
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\Easing.mfxexecutable
MD5:052D1C7EED7B50A18EDDC10DFAD3AE22
SHA256:1B5E79E999C4CFF19FE0260BDEAEEAEA0FCDA6057BF6D17BF0F121E9797D20EF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
stdrtex.exe
Start app
stdrtex.exe
Start Frame 0
stdrtex.exe
End Frame 0
stdrtex.exe
Start Frame 1
stdrtex.exe
End Frame 1
stdrtex.exe
Start Frame 2
stdrtex.exe
End Frame 2
stdrtex.exe
Start Frame 3
stdrtex.exe
End Frame 3
stdrtex.exe
End app
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
five-nights-at-freddy-s-3 (1).exe