220b48bce46e46eb34f3c049b9d47c038fa40e9c7c9e18bc194c6c5d7f16d9f3 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 09:55

Sharing

Report Analysis Logs

General

Target

FortniteSpoofPerm.exe
Size

13.1MB
MD5

ad573405f9df03d594e432620925c7b5
SHA1

05d4d7beb2c809c3a03548204a12a5ea39ee1e95
SHA256

220b48bce46e46eb34f3c049b9d47c038fa40e9c7c9e18bc194c6c5d7f16d9f3
SHA512

f04349c16f8d8c9250faf00b5ff04444c47cc5cfef93e51e47c1de12026232c754b6f1d741dc661ab328603ddea6527342e16e75ffcab500da3195bd3b658496
SSDEEP

393216:niIE7Yo9+4u3wW+eGQRJ9jo7BGcGLY/dt1Wom6:87r9+R3wW+e5RJ9Mjpm6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2616	FortniteSpoofPerm.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2616	3012	FortniteSpoofPerm.exe	30
PID 3012 wrote to memory of 2616	3012	FortniteSpoofPerm.exe	30
PID 3012 wrote to memory of 2616	3012	FortniteSpoofPerm.exe	30

C:\Users\Admin\AppData\Local\Temp\FortniteSpoofPerm.exe
"C:\Users\Admin\AppData\Local\Temp\FortniteSpoofPerm.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\FortniteSpoofPerm.exe
  "C:\Users\Admin\AppData\Local\Temp\FortniteSpoofPerm.exe"
  2⤵
  - Loads dropped DLL
  PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30122\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit