Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
02-06-2024 02:20
General
-
Target
Subz.rar
-
Size
705KB
-
MD5
f0703571bafb59196a372099890a8be8
-
SHA1
bb5358a9e54a77aab91bf1a3b47a0c675f76d2aa
-
SHA256
ca6d4462d7f57c219043efbe84a1b6ac402c731a17cf822ca1b209cb1c0150c3
-
SHA512
6c32f6ec2ef40d7d03966af20d382d5b6f10b1ca0a3516945ca50a970c394b04d07b7dad22ba8a52bc7b86d50f59d61ba3beed2e7d3fc416c2831906f02ce6c8
-
SSDEEP
12288:Tu8+l+Wm099Yycps+UZMyYWzKvVNGUZOw0WsoDwuCGCq6RheXuAIxP43tZtqLg:acHuSHpshZZ/zGKUZOTW1DojEpvt0g
Score
8/10
Malware Config
Signatures
-
Sets service image path in registry 2 TTPs 1 IoCs
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Kills process with taskkill 63 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Subz.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Subz.rar"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zO40A749B6\injector_1.exe"C:\Users\Admin\AppData\Local\Temp\7zO40A749B6\injector_1.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\INJECTOR (2).EXE"C:\Users\Admin\AppData\Local\Temp\INJECTOR (2).EXE"4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 5925⤵
- Loads dropped DLL
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\INJECTOR.EXE"C:\Users\Admin\AppData\Local\Temp\INJECTOR.EXE"4⤵
- Sets service image path in registry
- Executes dropped EXE
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill /F /T /IM FortniteClient-Win64-Shipping.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM EpicGamesLauncher.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM EpicGamesLauncher.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_BE.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_BE.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM FortniteClient-Win64-Shipping_EAC.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM FortniteClient-Win64-Shipping_EAC.exe6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM RiotClientServices.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM RiotClientServices.exe6⤵
- Kills process with taskkill
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM vgtray.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM vgtray.exe6⤵
- Kills process with taskkill
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C taskkill/F /T /IM SteamService.exe5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /T /IM SteamService.exe6⤵
- Kills process with taskkill
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\7zO40A749B6\injector_1.exeFilesize
6.1MB
MD56ef4b97c3b24f3f387f4f757287097ae
SHA112547946c8d4f50218464b29184337cbc2f4a8b6
SHA256a179d9407628e966168c8c1cffbb0c85d5551864b70ab06aa5ffa65e8a6eb66e
SHA5120469252f08301837003d8ffd90d9ecc21d43541bffe56c83dcedebf9625bac53d62f897f245a5a359e08c213686a495a62bba7ce7a08064502b283cd81b7853d
-
C:\Users\Admin\AppData\Local\Temp\INJECTOR.EXEFilesize
6.0MB
MD5883f82d264966f767d881d0247d35782
SHA1a255b679824c4514d296cddeebb4bf5ab66aa3b6
SHA2568f3abe6f403520bd76e9969da8f57c48eca0840c9c631ed12aeaa390f089a07e
SHA51231d5aa29355c1a1d8b67546bfc32b3f9bbd81d7082b43e74e52f1fc7fcfd35a90e199ef9aded7752c8f88965ecb7f0a7eb8bb5771be0c1600915b3e3622c4936
-
\Users\Admin\AppData\Local\Temp\INJECTOR (2).EXEFilesize
12KB
MD5ea74d941f3d9b92bd05de9ef96b5f6c5
SHA1e912ddd0828cbef8ff6555818fabf06e235d08f5
SHA256fe6a6d1e57b00eef714b1e3bedbc96a786f6749d6eb822bc14a7a7e4913ce1b0
SHA51211cdb3412abb0acfc3598f89741691094147bd421d0f4fd21cc66bff3797e40e9ff0c8f913821b898759d67e852584fb868e705c4fa217618589f8078b2a3213
-
memory/2420-48-0x0000000000E30000-0x0000000000E3C000-memory.dmpFilesize
48KB
-
memory/2420-49-0x00000000001A0000-0x00000000001BA000-memory.dmpFilesize
104KB
-
memory/2420-50-0x0000000000250000-0x000000000025A000-memory.dmpFilesize
40KB
-
memory/2544-51-0x000000013FBD0000-0x00000001401D6000-memory.dmpFilesize
6.0MB
-
memory/2544-58-0x0000000002F90000-0x0000000003578000-memory.dmpFilesize
5.9MB
-
memory/2544-59-0x000000013FBD0000-0x00000001401D6000-memory.dmpFilesize
6.0MB