Overview
overview
10Static
static
1Best Fortn...nt.bat
windows7-x64
1Best Fortn...nt.bat
windows10-2004-x64
1Best Fortn...ns.exe
windows7-x64
1Best Fortn...ns.exe
windows10-2004-x64
1Best Fortn...er.exe
windows7-x64
10Best Fortn...er.exe
windows10-2004-x64
10Best Fortn...ps.bat
windows7-x64
1Best Fortn...ps.bat
windows10-2004-x64
1Best Fortn...Up.lnk
windows7-x64
7Best Fortn...Up.lnk
windows10-2004-x64
7Best Fortn...d).bat
windows7-x64
6Best Fortn...d).bat
windows10-2004-x64
6Best Fortn...er.bat
windows7-x64
8Best Fortn...er.bat
windows10-2004-x64
8Best Fortn...t).bat
windows7-x64
1Best Fortn...t).bat
windows10-2004-x64
3Analysis
-
max time kernel
1773s -
max time network
1176s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06-04-2024 13:24
Static task
static1
Behavioral task
behavioral1
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/0. Start/Make a restore point.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/0. Start/Make a restore point.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/1. Disable startup apps via autoruns/Autoruns.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/1. Disable startup apps via autoruns/Autoruns.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/2. Windows Update Blocker/Windows Update Blocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/2. Windows Update Blocker/Windows Update Blocker.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/3. Uninstall Useless Apps/Uninstall Useless Apps.bat
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/3. Uninstall Useless Apps/Uninstall Useless Apps.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/5. Clean Useless files/Disk Clean-Up.lnk
Resource
win7-20240319-en
Behavioral task
behavioral10
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/5. Clean Useless files/Disk Clean-Up.lnk
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/6. Completely Optimize Your pc/Open MOH.PREMIUM.TWEAKS (Discord).bat
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/6. Completely Optimize Your pc/Open MOH.PREMIUM.TWEAKS (Discord).bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/9. Mouse and keyboard/Mouse and keyboard Optimizer.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/9. Mouse and keyboard/Mouse and keyboard Optimizer.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/Tutorial (run this to open it).bat
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Best Fortnite Tweaks/Best Fortnite Tweaks/Tutorial (run this to open it).bat
Resource
win10v2004-20240226-en
General
-
Target
Best Fortnite Tweaks/Best Fortnite Tweaks/3. Uninstall Useless Apps/Uninstall Useless Apps.bat
-
Size
12KB
-
MD5
91bbfd9723935de97c758e9daa88e7d6
-
SHA1
f4a9573dfe3ba1402fa8a6687eddd327a3173d4a
-
SHA256
9fbc353f29474cedc35fcac9fb81a2f3128c3e8d8647d8fbaec600e83ea90702
-
SHA512
be8b04a5f6a6ce901ee175c8f5a4c520f82be6908ab3965a4f2dc53adbeba0c80373343bce3aade6f01b9b71842c2839772b2e424bf48a857e4fca4f578518e6
-
SSDEEP
384:ug/mveoB81EnSj+x+tZCJDKJus+w/tKQ8pox0:7EnSj+xSKDMus+w/tKQWI0
Malware Config
Signatures
-
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 4240 timeout.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
svchost.exedescription pid process Token: SeManageVolumePrivilege 2748 svchost.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
cmd.exedescription pid process target process PID 236 wrote to memory of 1164 236 cmd.exe chcp.com PID 236 wrote to memory of 1164 236 cmd.exe chcp.com PID 236 wrote to memory of 4240 236 cmd.exe timeout.exe PID 236 wrote to memory of 4240 236 cmd.exe timeout.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Best Fortnite Tweaks\Best Fortnite Tweaks\3. Uninstall Useless Apps\Uninstall Useless Apps.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:236 -
C:\Windows\system32\chcp.comchcp 650012⤵PID:1164
-
C:\Windows\system32\timeout.exetimeout /t 1 /nobreak2⤵
- Delays execution with timeout.exe
PID:4240
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:2632
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2748