Analysis
-
max time kernel
1801s -
max time network
1592s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
04-02-2022 23:58
Static task
static1
Behavioral task
behavioral1
Sample
delete fortnie cheat + spoofer/deletefortnitecheat.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
delete fortnie cheat + spoofer/deletefortnitecheat.exe
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
delete fortnie cheat + spoofer/deletespoofer.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral4
Sample
delete fortnie cheat + spoofer/deletespoofer.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
delete fortnie cheat + spoofer/deletefortnitecheat.exe
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe 1612 deletefortnitecheat.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1612 wrote to memory of 820 1612 deletefortnitecheat.exe 28 PID 1612 wrote to memory of 820 1612 deletefortnitecheat.exe 28 PID 1612 wrote to memory of 820 1612 deletefortnitecheat.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\delete fortnie cheat + spoofer\deletefortnitecheat.exe"C:\Users\Admin\AppData\Local\Temp\delete fortnie cheat + spoofer\deletefortnitecheat.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:820
-