Overview

overview

9

Static

static

7

BruteForce...te.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...32.exe

windows10-2004-x64

3

BruteForce....1.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...st.exe

windows10-2004-x64

7

BruteForce...O2.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...to.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...32.exe

windows10-2004-x64

7

BruteForce...AM.exe

windows10-2004-x64

9

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ce.exe

windows10-2004-x64

9

BruteForce...te.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...gs.exe

windows10-2004-x64

7

BruteForce...te.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...mt.exe

windows10-2004-x64

5

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ti.exe

windows10-2004-x64

1

BruteForce...ER.exe

windows10-2004-x64

7

BruteForce...ck.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ET.exe

windows10-2004-x64

3

BruteForce...ce.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ys.exe

windows10-2004-x64

1

BruteForce...AM.exe

windows10-2004-x64

7

BruteForce...er.exe

windows10-2004-x64

7

BruteForce...ml.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    29s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-06-2023 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BruteForcers PACK/BruteForcers PACK/FortNite Brute Checker 1 0 0 - Cracked By PC-RET/procs/RLSettings.exe

  • Size

    1.4MB

  • MD5

    32373185ece79936dfd0fd41d2848a2e

  • SHA1

    591f92bcaeeea85e8bba6988ef0d1afcea35fbbd

  • SHA256

    5390fc20629a4a350dc8f0482472f9962f50364b7818b2d510beb4e520581ad4

  • SHA512

    443b8df46dd6009285500148d2c4e0654e20e24b897fb29a9eded1cb21da6c495feaa1df81043ed4818f6ea511813c926e9f645b3ec4c8ab5c2c79f0fb5859dc

  • SSDEEP

    24576:odLgKtbMn52LmBs9MGfof321RnkcRWiZES8bLg8iPznpJy5OfH3bOn+BYSYu:odUrnow4gG1XWj7OpJy5OPrOnE

Score
7/10
spywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\FortNite Brute Checker 1 0 0 - Cracked By PC-RET\procs\RLSettings.exe
    "C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\FortNite Brute Checker 1 0 0 - Cracked By PC-RET\procs\RLSettings.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4296
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C ping 1.1.1.1 -n 3 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\FortNite Brute Checker 1 0 0 - Cracked By PC-RET\procs\RLSettings.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1128
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 3 -w 3000
        3⤵
        • Runs ping.exe
        PID:1928

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4296-133-0x00000000008D0000-0x0000000000CC9000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4296-164-0x00000000008D0000-0x0000000000CC9000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4296-165-0x00000000008D0000-0x0000000000CC9000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4296-166-0x00000000008D0000-0x0000000000CC9000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4296-167-0x00000000008D0000-0x0000000000CC9000-memory.dmp

    Filesize

    4.0MB

    Download