File name:

five-nights-at-freddy-s-3 (1).exe

Full analysis: https://app.any.run/tasks/a9df7a1e-b6f6-4e00-bc6a-98e690c6d383
Verdict: Malicious activity
Analysis date: February 29, 2024, 00:10:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

9CF7DADB1CE489200610282E1787A288

SHA1:

D9DD907BC130790E2AEF91415ED99B96527F1017

SHA256:

58B0FDC5CDCB4CF99A44B84440E83E3AE34BAF56E00531B9747CD86001C4AD6E

SSDEEP:

98304:YUVSFlL7R5Jcedh1ArnNk4eTaDKhuIWBB+OzinfE9Cqu8ohcyj3lQkFRuZDqrI51:o3MlwTBA6PN4Lmkt/Ib+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • five-nights-at-freddy-s-3 (1).exe (PID: 3672)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • five-nights-at-freddy-s-3 (1).exe (PID: 3672)

  • INFO

    • Checks supported languages

      • five-nights-at-freddy-s-3 (1).exe (PID: 3672)
      • stdrtex.exe (PID: 3700)

    • Reads the computer name

      • stdrtex.exe (PID: 3700)

    • Create files in a temporary directory

      • five-nights-at-freddy-s-3 (1).exe (PID: 3672)
      • stdrtex.exe (PID: 3700)

    • Creates files or folders in the user directory

      • stdrtex.exe (PID: 3700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:18 18:42:17+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 265728
InitializedDataSize: 359424
UninitializedDataSize: -
EntryPoint: 0x74ee
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 0.2535.0.0
ProductVersionNumber: 0.2535.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: RansomTrap2535
FileDescription: RansomTrap2535
FileVersion: RansomTrap2535
LegalCopyright: RansomTrap2535
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start five-nights-at-freddy-s-3 (1).exe stdrtex.exe

Process information

PID
CMD
Path
Indicators
Parent process
3672"C:\Users\admin\AppData\Local\Temp\five-nights-at-freddy-s-3 (1).exe" C:\Users\admin\AppData\Local\Temp\five-nights-at-freddy-s-3 (1).exe
explorer.exe
User:
admin
Company:
RansomTrap2535
Integrity Level:
MEDIUM
Description:
RansomTrap2535
Exit code:
0
Version:
RansomTrap2535
Modules
Images
c:\users\admin\appdata\local\temp\five-nights-at-freddy-s-3 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3700"C:\Users\admin\AppData\Local\Temp\mrtF433.tmp\stdrtex.exe" /SF "C:\Users\admin\AppData\Local\Temp\five-nights-at-freddy-s-3 (1).exe" /SO621568C:\Users\admin\AppData\Local\Temp\mrtF433.tmp\stdrtex.exe
five-nights-at-freddy-s-3 (1).exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\mrtf433.tmp\stdrtex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\mrtf433.tmp\mmfs2.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
1 171
Read events
1 170
Write events
1
Delete events
0

Modification events

(PID) Process:(3700) stdrtex.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
stdrtex.exe
Executable files
12
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\stdrtex.exeexecutable
MD5:8578B5F3D3810F14195AE031B4D217C5
SHA256:150BB9E4D9F21C68BFF41D6FD74B50142B0BF9DB31A053F5739F49D42E953CED
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mmf2d3d8.dllexecutable
MD5:2B9033417D4630569225D477A3D6C589
SHA256:AAD3C93F3F12B3469A0F6794F7FB5928727702DBA5FE69DD43047CC2ADB25095
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mmfs2.dllexecutable
MD5:200520E6E8B4D675B77971DFA9FB91B3
SHA256:763EF4484BA9B9E10E19268C045732515F0AC143CF075E6D1EA1F5ADCC77633B
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\Layer.mfxexecutable
MD5:8BBA7602E13F66901207E4D7BDC99FF2
SHA256:9E9D49C81E02CDEF2EA10F53FEE958BB750A96E7567D680F86202F0E28E267A8
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\Textfile.mfxexecutable
MD5:2394D12A80698BA149F2524B11D8D98E
SHA256:5F0227E898CCABA747465189B768A269432B2BA5AE2B7498AEF41F3BECE393A8
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mmf2d3d11.dllexecutable
MD5:839633898178F35F6DE0B385B7DE0EC7
SHA256:5F6563D6BF2F3CEAB8B2CA2C15BA4F7FE882A82C1F72B10041B5692C6515A53A
3700stdrtex.exeC:\Users\admin\AppData\Local\Temp\HackLog$$RTtext
MD5:D94039CCA6AF1558CC2C75AAD1944E0F
SHA256:9F8F3C926CA616008CA2B8CB9610C6136B6D506AED786F11DA8275EFCF05BA3A
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mp3flt.sftexecutable
MD5:5BEBC3AE0122702B89F9262888D3A393
SHA256:81C9A9459A8E124793ADDF142CD513945D6FE600E1D67F74897898D7570E56B2
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\mmf2d3d9.dllexecutable
MD5:C85BCC9F3049B57AA8CCBB290342FF14
SHA256:BDDDA991185A9E83B9855A109F2FCFA78CD2D5402E9DB344C6EC77F6CE69A0C5
3672five-nights-at-freddy-s-3 (1).exeC:\Users\admin\AppData\Local\Temp\mrtF433.tmp\kcwctrl.mfxexecutable
MD5:FA3AA3C51150EB5410DC3D74484D84BB
SHA256:0666E52EA54BB2BDB81216443EA0787B8FCC6292B64D6BDF285EEBF42E1BBAE6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
stdrtex.exe
Start app
stdrtex.exe
Start Frame 0
stdrtex.exe
End Frame 0
stdrtex.exe
Start Frame 1
stdrtex.exe
End Frame 1
stdrtex.exe
Start Frame 2
stdrtex.exe
End Frame 2
stdrtex.exe
Start Frame 3
stdrtex.exe
End Frame 3
stdrtex.exe
End app
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
five-nights-at-freddy-s-3 (1).exe