Overview
overview
10Static
static
3FоrtniteHack.rar
windows7-x64
3FоrtniteHack.rar
windows10-2004-x64
7FоrtniteH...ck.exe
windows7-x64
3FоrtniteH...ck.exe
windows10-2004-x64
10FоrtniteH...-8.dll
windows7-x64
1FоrtniteH...-8.dll
windows10-2004-x64
1FоrtniteH...16.dll
windows7-x64
1FоrtniteH...16.dll
windows10-2004-x64
1FоrtniteH...er.vdf
windows7-x64
3FоrtniteH...er.vdf
windows10-2004-x64
3FоrtniteH...ns.txt
windows7-x64
1FоrtniteH...ns.txt
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25-02-2024 00:34
Static task
static1
Behavioral task
behavioral1
Sample
FоrtniteHack.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FоrtniteHack.rar
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
FоrtniteHack/FоrtniteHack.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
FоrtniteHack/FоrtniteHack.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
FоrtniteHack/libnettle-8.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
FоrtniteHack/libnettle-8.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
FоrtniteHack/libpng16-16.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
FоrtniteHack/libpng16-16.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
FоrtniteHack/libraryfolder.vdf
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
FоrtniteHack/libraryfolder.vdf
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
FоrtniteHack/options.txt
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
FоrtniteHack/options.txt
Resource
win10v2004-20240221-en
General
-
Target
FоrtniteHack/FоrtniteHack.exe
-
Size
468KB
-
MD5
8b852cbf0b1bbf444ebd2c77f552c805
-
SHA1
3d8211d3d0dc7160c5a521bb33f4798f1f5eb645
-
SHA256
6c9b77655d90734fc9754ba92c004e80bbb662e325a42954a4df065f1384005c
-
SHA512
e50fead8f489a2b0998d55dc584b548456a8e06cc47710e258c4a6a5ade76ea1c2454c0408f62d83e6d999b16e2fd7aed8d48928ccd19e8b7d1fb863cde73166
-
SSDEEP
12288:TgG0n+NMoSDsim+8/Ndwtul/QmDaPJ4D6fdKtiDFNfUVHmA:Z0n+NMoSTmPFdip4UKtuNC3
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2372 3064 WerFault.exe FоrtniteHack.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
FоrtniteHack.exedescription pid process target process PID 3064 wrote to memory of 2372 3064 FоrtniteHack.exe WerFault.exe PID 3064 wrote to memory of 2372 3064 FоrtniteHack.exe WerFault.exe PID 3064 wrote to memory of 2372 3064 FоrtniteHack.exe WerFault.exe PID 3064 wrote to memory of 2372 3064 FоrtniteHack.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\FоrtniteHack\FоrtniteHack.exe"C:\Users\Admin\AppData\Local\Temp\FоrtniteHack\FоrtniteHack.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 1282⤵
- Program crash
PID:2372
-