Overview

overview

7

Static

static

3

CheatyFortnite.exe

windows7-x64

7

CheatyFortnite.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2023 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CheatyFortnite.exe

  • Size

    4.0MB

  • MD5

    b857c8296f3e7394c4ab7946413b4633

  • SHA1

    6e07bf9c7aa0193c6ed59e2910a2a8324b340107

  • SHA256

    ac1c7b6f8df56eceb2027d34dd03caf83c03ca278ada5bf57112545c1c17fde9

  • SHA512

    8bdfc19de71b99f8eb92fcd5636b3e292a0df3f1e5af21d375c91f2a8346f3259a2649624f9a3c52acd9bb1391f95fd1632a891dbedf71b7a021bc48046e4ac5

  • SSDEEP

    49152:N8RhVqU/TT1ZttRfxMSo4VkLKZvRiEDlnQzXJrjLq234GyU0W0VfwtohFvtMUa5F:0VqU/1zBqLKZ5he9rjLF4Gj+VsP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CheatyFortnite.exe
    "C:\Users\Admin\AppData\Local\Temp\CheatyFortnite.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3784
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x33c 0x4a0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\GetSetMasterVolume.mfx
    Filesize

    115KB

    MD5

    95bd1478d106476c63ed50dee89716cb

    SHA1

    e0f2ce64fdbd11bfe29792612761a137d61b3d6f

    SHA256

    5f83e1e1dca0b5937ede1c92db92493172e17f762abd9c5ab38f7072b73c17e0

    SHA512

    44550c7443166cc5f0d65a69d6d2e39522e4f5226a5801e00053294091e715877243e2927ad7f741e62c5f99998a9f89713854092a6fbcd2e0d1f3c0eae96507

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\GetSetMasterVolume.mfx
    Filesize

    115KB

    MD5

    95bd1478d106476c63ed50dee89716cb

    SHA1

    e0f2ce64fdbd11bfe29792612761a137d61b3d6f

    SHA256

    5f83e1e1dca0b5937ede1c92db92493172e17f762abd9c5ab38f7072b73c17e0

    SHA512

    44550c7443166cc5f0d65a69d6d2e39522e4f5226a5801e00053294091e715877243e2927ad7f741e62c5f99998a9f89713854092a6fbcd2e0d1f3c0eae96507

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\HTML5.mfx
    Filesize

    28KB

    MD5

    94ba2e93d991571751af1d5d2686e247

    SHA1

    dfc1aa2eb5741094ff46e14f2a5f2d5b4b7a3a66

    SHA256

    80f73982c7162d04e95621b11d6a9ecfe0b79f6f678c3f09598d4d7fac72d839

    SHA512

    57c667b412b2320fb53ecc871de30895ca28f66ad7cdfa2a41d7daa635bf3474b81a1965f277710c824c3491bdca4fd20a8defb99f34eaea053e313a83c1228a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\WndTransp.mfx
    Filesize

    65KB

    MD5

    6f93111ce72225daab2bcdceee48d204

    SHA1

    1a5156f6e00b47dd4197c933092578aef49a66de

    SHA256

    e8a1af555a3d39b1cb0c6bf6511158d4fd48a1e4e2dac60a6f54af4b486f60a1

    SHA512

    44549a2f29c9b4cb217065cc4f670afe84691fcc9d0bb4898cd8caa408256015b1abc1c29b6ce4083207e56f339f0843757ae07d01e2a2bb945b6ddaa4c8d3f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\WndTransp.mfx
    Filesize

    65KB

    MD5

    6f93111ce72225daab2bcdceee48d204

    SHA1

    1a5156f6e00b47dd4197c933092578aef49a66de

    SHA256

    e8a1af555a3d39b1cb0c6bf6511158d4fd48a1e4e2dac60a6f54af4b486f60a1

    SHA512

    44549a2f29c9b4cb217065cc4f670afe84691fcc9d0bb4898cd8caa408256015b1abc1c29b6ce4083207e56f339f0843757ae07d01e2a2bb945b6ddaa4c8d3f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\bigbox.mfx
    Filesize

    84KB

    MD5

    ad6530e01a4827fba383291847e33036

    SHA1

    6ec72ed182478c050807c0e3270974bf34304aaa

    SHA256

    a427377e56a804f82a5bcf07b7d5afae920f8bbda2dc5f52ce6a7f84448a8bb1

    SHA512

    33cccc49302f3c257a3ed3b9d3bf0b2dbb347ccba3b6196a01ac317f83c2bd47c5cb9bf47fb677374b95590d62f5626aaf246a318999a4b07c5ee60c4c4ac863

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\kcwctrl.mfx
    Filesize

    79KB

    MD5

    2c34e977f898ab60eddb72075c4be223

    SHA1

    adf883dd06e5ae340a03e6c22a56a4c0caf909ea

    SHA256

    a0ada42e3a4760097c1c2f98905f12b19de47159543aa21e1c604dbcac7337f2

    SHA512

    73402857d09e5a0e8049bb7adf3bbfdfc9ac65966217751cbf6db2bf532aa3f92ffc3a1a5dcda638e83d6ede29ebe6e760cbad74d27aa6fa006c9296607d3c37

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\mmf2d3d11.dll
    Filesize

    538KB

    MD5

    1434160b1f4d7d014f1ea1d82b43338a

    SHA1

    538cd2b038607c2e32cfb75e857e3e68a5698b38

    SHA256

    acdc49f4d9581d31ea53940362a08bfa793765f963247c70a6bb6d992f074029

    SHA512

    2f1b07dc443afc5e29f67bc61a810639baaa2c7586ffafedcd98ff037e5c9e36b5389e25f4183bc454713008e02dbbf6209b6afcecb1253990ebb5c29d389145

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\mmf2d3d9.dll
    Filesize

    1.1MB

    MD5

    3ae47534f1224c4797176107a9a41683

    SHA1

    5c4af10c0afa5233a21a661d7ba9130c808a961d

    SHA256

    53edf5138930d52b473104ce0d085413248d15a4aa891ac02a718e89625de6ef

    SHA512

    6dc285765b4726708afaab793b7b384121476fa807114490824a5513c5c80b6278e376dae3b0d82a7360cd65cdbce8d3f60ed23271453a08e2a5af311715e8d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\mmfs2.dll
    Filesize

    506KB

    MD5

    efaebf8b1628c22289be3adbb83fe614

    SHA1

    efa4dd19ceda4e60069f0b7d8e0bbcd4f78438fb

    SHA256

    3d89c4fe6c2fa379b203286c9db649ab83f9934ac1be21302057a563a3707563

    SHA512

    6921ad80c36ce3a9fd774f6785c45d5c56f68fb29712cac6472c8878a685e641adbe2077d2b96b4d59aaa7b978b3e8357cffca1628583986474de67765e1e48e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\mp3flt.sft
    Filesize

    24KB

    MD5

    dadc138be9d36e6e4b8e4bf9ef2de4bc

    SHA1

    2758db786c544ec7889f26edf9bc4634c9240af0

    SHA256

    ddeafda7b28bf7545e3ba164aa4a74219eb961c36bb974e0f5085a07daf18f44

    SHA512

    63a21c5eda225c7fb8a67595c3180d4fdc1bc37d3b45f839e1b562ef946bf5b2237a9ff17c3f6f5de489779bbb9652ac2a1a74b83f153883bd436756acf249e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\148061f6-85f7-44cc-8fac-932078738a53.FusionApp\mp3flt.sft
    Filesize

    24KB

    MD5

    dadc138be9d36e6e4b8e4bf9ef2de4bc

    SHA1

    2758db786c544ec7889f26edf9bc4634c9240af0

    SHA256

    ddeafda7b28bf7545e3ba164aa4a74219eb961c36bb974e0f5085a07daf18f44

    SHA512

    63a21c5eda225c7fb8a67595c3180d4fdc1bc37d3b45f839e1b562ef946bf5b2237a9ff17c3f6f5de489779bbb9652ac2a1a74b83f153883bd436756acf249e1

    Download Submit

  • memory/3784-19-0x0000000000AB0000-0x0000000000AC5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3784-29-0x0000000000AF0000-0x0000000000B13000-memory.dmp

    Filesize

    140KB

    Download