Analysis
-
max time kernel
209s -
max time network
144s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
04-02-2022 23:49
Static task
static1
Behavioral task
behavioral1
Sample
delete fortnie cheat + spoofer/deletefortnitecheat.exe
Resource
win7-en-20211208
windows7_x64
Behavioral task
behavioral2
Sample
delete fortnie cheat + spoofer/deletefortnitecheat.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral3
Sample
delete fortnie cheat + spoofer/deletespoofer.exe
Resource
win7-en-20211208
windows7_x64
Behavioral task
behavioral4
Sample
delete fortnie cheat + spoofer/deletespoofer.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
General
-
Target
delete fortnie cheat + spoofer/deletefortnitecheat.exe
-
Size
271KB
-
MD5
9bbf2e88e6ba430797350cbaaaccc532
-
SHA1
0d32ac3a2cba07cdda18c18844bfd77babc586bc
-
SHA256
c82d2bb57555ea8f65b5a37841044b2d5f569ea16955358ed55b03ea0a0eed14
-
SHA512
f2b5ff57a8ce0bf5d23892a96492ef081db6db88553075cb05e5c6f3c08b5a7e17bb25e2536afae601de21f9ea493e0fd7f4fbf22e4b62fd7061aeb667ade25d
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe 1216 deletefortnitecheat.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1216 wrote to memory of 1536 1216 deletefortnitecheat.exe 28 PID 1216 wrote to memory of 1536 1216 deletefortnitecheat.exe 28 PID 1216 wrote to memory of 1536 1216 deletefortnitecheat.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\delete fortnie cheat + spoofer\deletefortnitecheat.exe"C:\Users\Admin\AppData\Local\Temp\delete fortnie cheat + spoofer\deletefortnitecheat.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1216 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:1536
-