Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ForniteCheatUD.rar

windows11-21h2-x64

7

Analysis

  • max time kernel
    294s
  • max time network
    300s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/03/2024, 23:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ForniteCheatUD.rar

  • Size

    9KB

  • MD5

    9684baf24c8244b66fd147dffd1176ec

  • SHA1

    6353430a8f0e267362f867766224ab0073056b02

  • SHA256

    4d68fb781aec96b4f0b625addf2b27b8179a3cdf01b68597aaef0e4b178d14f7

  • SHA512

    3f98eceb28efa678874c7cdf06c2948d95449ea57427e5dfdb3e37e2ca677d69f88fb7177223606cd3b156216389c3ae8d91133626f1ca787429f8ed29be85d7

  • SSDEEP

    192:9eshE7h204ptFHNy+vY654kUjbpjXNGSWXYQnEY0u6FQSAfYlEcHuhwM2J:9ePOpdy+vH5IbTK1TNgl62M2J

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ForniteCheatUD.rar
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ForniteCheatUD.rar"
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2844
  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    "C:\Users\Admin\Desktop\ForniteCheatUD.exe"
    1⤵
    • Executes dropped EXE
    PID:780
  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    "C:\Users\Admin\Desktop\ForniteCheatUD.exe"
    1⤵
    • Executes dropped EXE
    PID:2896
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4564
  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    "C:\Users\Admin\Desktop\ForniteCheatUD.exe"
    1⤵
    • Executes dropped EXE
    PID:1732
  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    "C:\Users\Admin\Desktop\ForniteCheatUD.exe"
    1⤵
    • Executes dropped EXE
    PID:4388
  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    "C:\Users\Admin\Desktop\ForniteCheatUD.exe"
    1⤵
    • Executes dropped EXE
    PID:2916
  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    "C:\Users\Admin\Desktop\ForniteCheatUD.exe"
    1⤵
    • Executes dropped EXE
    PID:3416
  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    "C:\Users\Admin\Desktop\ForniteCheatUD.exe"
    1⤵
    • Executes dropped EXE
    PID:3640
  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    "C:\Users\Admin\Desktop\ForniteCheatUD.exe"
    1⤵
    • Executes dropped EXE
    PID:5112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ForniteCheatUD.exe.log
    Filesize

    1KB

    MD5

    94aaadf8fa4c31d238b961fcb2a519d5

    SHA1

    608175ecf723861c59796d3989fee3dfdf3bb6d2

    SHA256

    744cf26c0641b62c0daa1d5508613d6f1417778c242d3d79220121f70f9515b5

    SHA512

    574d80ffabd249da41a8c4618123aa2e88595cf3ac55b9e3e4c2dd2a3c2cee52c954119f5ed54d36941da78a4bc1963cdaa7dfdd4f19d3c1e954ced86deafecf

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
    Filesize

    10KB

    MD5

    eebfb84605e05222e3ad98f4b9f62db2

    SHA1

    36ddd440df5b2776281ad245a6a57e7a183c09a0

    SHA256

    4a9b70f7113d5c252937ad9bbfa110031124ffe3643648db3f944111b61bd559

    SHA512

    90e6f46d36c30783af4032f72beb58eb157849a8197e39945542da8a0c1313cb87e91f18a732f5718ec6a676fcd790458419bcc22c608824416fa6df14bf5ba6

    Download Submit

  • C:\Users\Admin\Desktop\ForniteCheatUD.exe
    Filesize

    20KB

    MD5

    c728c2a864887a9b6e60c689a666fd21

    SHA1

    0b2727fb5357e65f30061a4b2bbcbb7233222ee2

    SHA256

    58203dfd57f20ed4ab12cd2432588bc00803c062c4cd48bae3f14c06fa862f61

    SHA512

    bbf1309b45c05b3129ebb090efb13ff3fd3c883508224ece71339c51bd5e276c528474b131522d1c42dd4ba05cab773f21b748a01b64ba2deb804e48a0905e47

    Download Submit

  • memory/780-6-0x00000000006A0000-0x00000000006AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/780-7-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/780-8-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/780-9-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/780-10-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1732-23-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1732-27-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2896-26-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2896-13-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2916-30-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2916-37-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3416-32-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3416-38-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3640-34-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4388-28-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4388-25-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5112-36-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5112-39-0x00007FF829470000-0x00007FF829F32000-memory.dmp

    Filesize

    10.8MB

    Download