hxxps://fortnitecodes[.]netlify[.]app/

Analysis

max time kernel
299s
max time network
257s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
27/08/2023, 21:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://fortnitecodes.netlify.app/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133376454744415855"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe
1952	chrome.exe
1952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: 33	4988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4988	AUDIODG.EXE
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 4208	4728	chrome.exe	69
PID 4728 wrote to memory of 4208	4728	chrome.exe	69
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 4872	4728	chrome.exe	72
PID 4728 wrote to memory of 1168	4728	chrome.exe	71
PID 4728 wrote to memory of 1168	4728	chrome.exe	71
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73
PID 4728 wrote to memory of 4964	4728	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fortnitecodes.netlify.app/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd01009758,0x7ffd01009768,0x7ffd01009778
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:2
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4516 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3320 --field-trial-handle=1764,i,14648650667079524382,13297345466443152909,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2820

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
950KB

MD5
8a3d0b7d3f13eb522ff90bd3744cf1f2

SHA1
2bfdd0aa0c2e1f8cbda4471df71c7247d28aedf2

SHA256
100d33fba97a81e54dd4664511505b33f2e386234ef226b00b216d4e173bc5ad

SHA512
0f309ec3a55c7743a325d12154bcd92783251fe5d0d1b2cf523c597fa578d5c5447dd92d44d9d9117963a33a3eee05377917ac051e2d15d3e82ac667ce833250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
7ff7301a9537274e220f6bea3eaa0da1

SHA1
085e6a213c72dc01f44dd69a3cf0c94b604d4aad

SHA256
69d0c1fc223eaa57db75c0a7573e9b377071a13e7e6f7031cd24e2704b534900

SHA512
e545bad125aadc5b568ca87c7060eb6edca55781ae356c6802f1871aa453f070fb129fe293276497bd22e6ca0cd859d92177a34726f92cb7a8439ac4fc0e0db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6a6b7e04a33f9a16409e711009610782

SHA1
64903bee8023bbbecfe1be122bbc90d01520ef59

SHA256
47358e88d7b5a15f5a82d1031c1e5670f63f5c886f9572fc5e904ae5e9c236b3

SHA512
3c76128f45c257100580ef36ae52c5322255d3034a247259b88c36ca4e6005d99e04ee34742f1decddbca0a5c94beb6143a68d5c7274b30959ad14683cb97f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
f77d163449527efb8134e50053dc20f8

SHA1
76cdd88bd0ed9c4c09782782d461f237710361f9

SHA256
b456da01b2cc7197884cd669e39396c72ddd9ecf008f88f84438eb320efee3dc

SHA512
fc487cda6239c4082b5a824251f2d4a000e09ae505738173c392b48329d03ec300964aabfaa9e9c79a39e3e4b8ad851d627dccac8d6b46f3a01f6fca8ad91589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a58c6216fd5a41a786edf6b87a69bc2

SHA1
2b1bf82cb78eae02969eba9a308ab9162800feac

SHA256
87d04f7b73ff34141c324e15398d997d54cca1b67ee6ef8e3dfe321966bcd57d

SHA512
384a42a89d4b484138e1ac51253482036adc7596d10c1925562528c58c3f83cb8b73ee45dc6f6914e0a3cf9587d7206add6f0855015dd71bf6f413ed3e1ede30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74582e9752b6d91be329b06527cecb2b

SHA1
114d88bc4466e9c527812fc90d2345367ffc7646

SHA256
a2a0351da3cfb83e52afad95fcbcaf42de7f625e0b6345eb27174bf4e40109ff

SHA512
ad34b449e46eafdf7a92fd366eb0c05de03125fcb1d8bad1ad33e3f1f96595eb62d2d5ac97d6369137c5173a5b1cde88a29b62e8403478dcf869bbdd3c407074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d9b053dfd2285e5517980e17d6409d2

SHA1
7b570cbb8ed43f1dbf64c41767fbedef42f6f899

SHA256
b0a1e15d2eee20e8e20cceac680bc122acebf0adf26bc5020f4b065aa7bd24c2

SHA512
4532ad7f73dff90e13a1768d1af35d9ce5073113420b65c74ce0155b28e8afe81d15fbf1d3323a729902ce85de5245eabd0dc4b093cb7080c763352dde4c2c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
649348a6e444b8b5c74b28b13c981c7e

SHA1
8b48f1019d79774d6f7c3b228cc4bb2cd064da08

SHA256
f911a43f91d75d7e9e9e89871d30835d42c6654ad0b26a45d2a2d01580284c1e

SHA512
5201a44da362105f128483a393c72b3ce1067a682b95b3d81ab6052976fc87063cb072ba6ce28feba09981c71c12e45a5b9a8281c3dd054b3b31ae676d72c5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit