Overview

overview

10

Static

static

1

Best Fortn...nt.bat

windows11-21h2-x64

1

Best Fortn...ns.exe

windows11-21h2-x64

1

Best Fortn...er.exe

windows11-21h2-x64

10

Best Fortn...ps.bat

windows11-21h2-x64

1

Best Fortn...Up.lnk

windows11-21h2-x64

7

Best Fortn...d).bat

windows11-21h2-x64

6

Best Fortn...er.bat

windows11-21h2-x64

8

Best Fortn...t).bat

windows11-21h2-x64

3

Analysis

  • max time kernel
    456s
  • max time network
    1176s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06-04-2024 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Best Fortnite Tweaks/Best Fortnite Tweaks/0. Start/Make a restore point.bat

  • Size

    7KB

  • MD5

    7833222cf4cf687702192684ec62a32b

  • SHA1

    f9efed8e489052651b4746ad4c95aced6b1dc82a

  • SHA256

    215748c3761499da3a3c5b1ac63044e85f3e2ede92784574049d1a76aba336d1

  • SHA512

    0ab94d7719f3ce349ebd50691de7a3d68f813663716295c8106c49bdd4bc99763b2985e5dfcc94a73edb9a371bd230f6f725fbf5dea62b6d45c06bc13d850c26

  • SSDEEP

    96:h0g/DixvelmsmEo7Oy63axt5V0emVGGQqg1sFhIYl9h:ug/D+velmsmEo7OX3aHc+ke8v

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Best Fortnite Tweaks\Best Fortnite Tweaks\0. Start\Make a restore point.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4140
    • C:\Windows\system32\chcp.com
      chcp 65001
      2⤵
        PID:2992
      • C:\Windows\system32\timeout.exe
        timeout /t 1 /nobreak
        2⤵
        • Delays execution with timeout.exe
        PID:1376
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:828

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      11KB

      MD5

      f2de638a4259125fdc63c3e174803714

      SHA1

      c2dc76d32dbc368e8b576a5dd9e0a2a7a5d6fa66

      SHA256

      c76921cb128864fa1ede8f5f96285a688474149a4d0ef6f15ae131250649a297

      SHA512

      625a76f433d1b50172950eea73425706e5be7547d589f0b660d7ffab6440f9f1542acc1944d20d64ba493c15c420593b12b53e6ad8fe181c0134001581aa7b19

      Download Submit