Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

FortnitePorting.exe

windows7-x64

1

FortnitePorting.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FortnitePorting.exe

  • Size

    63.5MB

  • MD5

    44426de404f535e8745ee7de91be06e7

  • SHA1

    2a6d8ba9f24496658247a6f3fa8fe335e71eb844

  • SHA256

    a63c9a28ea93633e43e95d6955649973be10868d6a0ae8cfd2e461edd41afd86

  • SHA512

    b02b2b70fc94371e70b7a7e488ad56c0b5bd083a422f23faa53b5ae5abc1dd35f80787c672823550f25e18b89662a5714acb8b194a91a3e940efb82e86106075

  • SSDEEP

    393216:9INc2TBoscUx2BRuVnzWECKyi4PjvIZOzGnOY51/nX:OWsosDIBRYzfDy7Ldqb1v

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 20 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe
    "C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.net\FortnitePorting\_s87JREphP_TbkplLlyJ7BseT5UXITs=\av_libglesv2.dll
    Filesize

    4.2MB

    MD5

    73d2fb4c35d323813a86e3bf5c85c345

    SHA1

    81f751a34e0c25bdea93902a19a94a49ce1495df

    SHA256

    85b3aee47c0e0eaf3a5ea5c75ba8131387a12639b6a0ef280c28531fb77695ae

    SHA512

    e81677cc9b99ff3d54f67000a60489603e01a896f90c4ef0c883b82e2fdb7b90d2899c078958b3f060a20373b99cb6c4deb7f64cc4c7e0ba2a708209f4684ca4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\FortnitePorting\_s87JREphP_TbkplLlyJ7BseT5UXITs=\libHarfBuzzSharp.dll
    Filesize

    1.5MB

    MD5

    f121a2afb03f1b8ca1784e544464a346

    SHA1

    9346297a66989dbe88bc459ee8bf936e7acb3d24

    SHA256

    f13d0dae00a598620a436fd991219a2e0fe6157eac90faa025d4d76845cd996c

    SHA512

    ebbb8c2d7d97521286af0f6b02195890b193e660a28e6b1e5112ed9f1fcc081c66587a7a82c8a9468d1a55d477880487d1b3edf1deb2ea285e17d70fbd56c6f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\FortnitePorting\_s87JREphP_TbkplLlyJ7BseT5UXITs=\libSkiaSharp.dll
    Filesize

    9.0MB

    MD5

    26d723bd75b5c6591dfde18b71281920

    SHA1

    47c05d42af2968f83877bb9cbf744c938489f466

    SHA256

    2ca940b7c4621ecd27d2f07c5f46fafa0375f493692cd4e6e1e66c07fbc8109a

    SHA512

    90bbdd48588616177354402b91a3fac363f8eb7959af570e6cee1174eeab950077b71ed47645262daf0957ced5b90b3aa5a7146a5d04d52b5c7975a5d31c5ef7

    Download Submit