Overview

overview

3

Static

static

1

Release-Mu...er.rar

windows7-x64

3

Release-Mu...er.rar

windows10-2004-x64

3

FortMPClient.dll

windows7-x64

3

FortMPClient.dll

windows10-2004-x64

3

FortniteLauncher.exe

windows7-x64

1

FortniteLauncher.exe

windows10-2004-x64

1

INIFileParser.dll

windows7-x64

1

INIFileParser.dll

windows10-2004-x64

1

Microsoft....ns.dll

windows7-x64

1

Microsoft....ns.dll

windows10-2004-x64

1

Microsoft....ll.dll

windows7-x64

1

Microsoft....ll.dll

windows10-2004-x64

1

Microsoft....ns.dll

windows7-x64

1

Microsoft....ns.dll

windows10-2004-x64

1

Microsoft....ck.dll

windows7-x64

1

Microsoft....ck.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

System.ValueTuple.dll

windows7-x64

1

System.ValueTuple.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    22/03/2023, 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Release-Multiplayer.rar

  • Size

    31.5MB

  • MD5

    9237d04ed69e5fdc5fe464e8ad84f767

  • SHA1

    535d4fc0b6332bd1ff8c18d581b466fab891596e

  • SHA256

    5182940b85ed5e39140d33bc39dc69b5ea53b658a9e68ef3f34ac14d50fa4386

  • SHA512

    900b79286b2151610a854ebaf81ef2b364f4e4fe8127f70cfdd7776aae47ebf6a9858e4ee158af717cd333b4bd1b6068c1e7894b48be8fd2fa20f11c8defacb8

  • SSDEEP

    786432:btuFc2BlwB0wEn6uB8vde1xoJVfB4AAVSNd/w10V:Buy2BQEneVeEJd44

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 32 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Release-Multiplayer.rar
    1⤵
    • Modifies registry class
    PID:3816
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:996
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" "C:\Users\Admin\AppData\Local\Temp\Release-Multiplayer.rar"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2972
  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2464

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
    Filesize

    28KB

    MD5

    d12cd991b913732e7ca6fb2eeff0e18a

    SHA1

    7566ab6dc8c4b65d14b4e6a3908255e34e5bd1b3

    SHA256

    50a1a80b519eff0b32b06ecf150d8d3737402a8059d7f931fc300fcc26d45487

    SHA512

    dea2b7b5d35f4f076f3a5257238255e6732fbabb5857e28ee09905bff70114f7b812f8f70add8f0cae723600cceaa7fc2601270c1a35a4ee0b1ac8b91ba437a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
    Filesize

    28KB

    MD5

    8e8c664c1945838b76647aac8fe8a0a4

    SHA1

    77a528044ca358eb430707531e2acd536faa5acc

    SHA256

    4f76cad96341ac9c14d5c800ae8af9bd6b57f0ec90a5b7665d0f3f25fee941e8

    SHA512

    d10ab3b7c934d8ad89f6a73d6b371c91a339238f8d1d52edf4f11ebca34296c27fd424dc9fb26c94c90b7ad71c8538cb1502bb44c14a3f502108bff5ef4b41ef

    Download Submit