f85333a392f2debacbb68c96a04359238204cdb24433bb1349b79b6b2e03161e

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
28/06/2023, 08:49

Target

FortniteLauncher.exe
Size

30.9MB
MD5

00bdf9b943c3c670e7ac24fb1de3cf61
SHA1

c583390c4907fa36e8fd0d9227d652ca1d347856
SHA256

f85333a392f2debacbb68c96a04359238204cdb24433bb1349b79b6b2e03161e
SHA512

93c8ae996171c680eddf2afa0b439383221c61853137b6ca8d0859b5133667752936f48ab64b1f8c554db6ff65fbc7716435b0a67f3f66c302bb15236151bdc8
SSDEEP

786432:1u55/xE6TpX5ovBt/F9zX04rMdlRtTJouvuD4v3K+tvF4+a:U5tvTTovTTL044dlf9ounv3Jttfa

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1972	2024	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1972	2024	FortniteLauncher.exe	28
PID 2024 wrote to memory of 1972	2024	FortniteLauncher.exe	28
PID 2024 wrote to memory of 1972	2024	FortniteLauncher.exe	28

C:\Users\Admin\AppData\Local\Temp\FortniteLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\FortniteLauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2024 -s 648
  2⤵
  - Program crash
  PID:1972

memory/2024-54-0x000000013F660000-0x0000000141550000-memory.dmp

Filesize
30.9MB

Download
memory/2024-55-0x0000000002530000-0x00000000025B0000-memory.dmp

Filesize
512KB

Download
memory/2024-56-0x0000000002530000-0x00000000025B0000-memory.dmp

Filesize
512KB

Download