hxxps://telegra[.]ph/FortniteHack-06-12-2

Analysis

max time kernel
17s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://telegra.ph/FortniteHack-06-12-2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661336655568473"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 3028	4868	chrome.exe	85
PID 4868 wrote to memory of 3028	4868	chrome.exe	85
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3568	4868	chrome.exe	86
PID 4868 wrote to memory of 3512	4868	chrome.exe	87
PID 4868 wrote to memory of 3512	4868	chrome.exe	87
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88
PID 4868 wrote to memory of 2768	4868	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://telegra.ph/FortniteHack-06-12-2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd45cacc40,0x7ffd45cacc4c,0x7ffd45cacc58
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,5074722003690746653,12732313218328022462,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,5074722003690746653,12732313218328022462,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,5074722003690746653,12732313218328022462,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,5074722003690746653,12732313218328022462,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,5074722003690746653,12732313218328022462,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,5074722003690746653,12732313218328022462,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:4616

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
86601e88717d5c5ed7d64241e97e2841

SHA1
f8b64ca112edf9855b9a34c2ec788dfc2497ff55

SHA256
912a0227f7ccdcb4684146102f409a35514d94415d06d5301e7860948aecbb81

SHA512
d55502b05d61134467a9ce3f5b9cd3a3eed082e55128eb7fd892cf8ea5797f87b3fba2e8948a81fab8f9e65526bf11a509306e44a0d6991b052f2ea73e1a3cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
19894c064c552f52821674b65314900f

SHA1
880c1678f6d65584f1c0be82a47ed195d988ded5

SHA256
fbeab07618c46729c5556726d241ce79ad24f57e7eeddc0543189af9af598b16

SHA512
b5b6e1a5f5ff5f91ff9d17803a8cb4bdb9bbd0ad654af91623dc921bf6f1ffa6a2745ec697781adaa7423656e2afea81913f1ba793e089a2378f6bcdbd0fb782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6c327724b0f224ba291cf2f5087a64a

SHA1
416e4775440d7142d9aad0b8b9bde13897deebf2

SHA256
d73a3a9ffbb725e3a2183c23fd5d09d428159918a3ce820341ac3724fdc6cb56

SHA512
3a74221cc29f5898bb6f2f195bdf7944557025ef509d1afdcc5e24d52ba5e15b98011e1280bd46640a38406ef5d12a21478e1b4e9618d60cb57480995e01c621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
ef9c46c495857588d9d56161c68aba5f

SHA1
dbbc76372ad965a339393fcd7e98f843f47119d4

SHA256
afbae8f3bc68cead97053b6a58d193f248ce6688185ed29263064e18a3a46414

SHA512
d9004626b6cc62fb6092ace750423872ef269b4f7ccde8966f0b71e00efe28209a46f0eb3e818cf3a7e827df4554ab837a4cfbb51bf595015c942bab2a516f62

Download Submit