Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-02-2024 00:34

General

  • Target

    FоrtniteHack/libraryfolder.vdf

  • Size

    125B

  • MD5

    8760dccce6639e32519fae960c77e4c6

  • SHA1

    9b21a349868ebcb3c11764e12366d7f301cdff93

  • SHA256

    44d80569fa294e24ae57f189fe5a587f51e46e3ee2360b888b44d69b516c89b4

  • SHA512

    a980c5e8809b32606849e97a95b3a4b5e9e8b131cf69cd36fc60275ad7173eceaad3fc3a6fa03cc0cafbc2545076172e983c0734637ca11374f3e7f1bceadb84

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\FоrtniteHack\libraryfolder.vdf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FоrtniteHack\libraryfolder.vdf
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\FоrtniteHack\libraryfolder.vdf"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    c10ddf500ba8690b7b33c7641c961664

    SHA1

    03a303f1b31aafd5734e10413304082d98443767

    SHA256

    544a228e8283e9190a7c109dd662cf5c270e1f04bb87085cb1d15b8e35fd40f6

    SHA512

    3f4358aae80d53540548cf619c4e86c65b388006d786ad1ab9c71a1b0044c31f14e5e3e8c387e4041e502b016320721f7cc82086fd415944dcccec8c66300c76