Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

FortniteCl...ng.exe

windows7-x64

3

FortniteCl...ng.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    6s
  • max time network
    3s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 17:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FortniteClient-Win64-Shipping.exe

  • Size

    1.1MB

  • MD5

    e8214324bb5ce0105326b2a3a01f48e7

  • SHA1

    3bd693f9f2ac62a5aa765368a5f49b49ae27ae75

  • SHA256

    f2b83004071570e33f329838c4b15967af291431af3ab19f1c283ef55713ecab

  • SHA512

    b30e9336124b958ec9baa53806ff318dc5997ac96dcfd7220ebe465b095802c91af70193eb06d8c052a7304183e7023bc69a4797826e8be20c72d2009615cffd

  • SSDEEP

    24576:99E6C1uGKFnnPx1sUj2c+liwKWBXUS0swK9:P3PnPcUiPligBXQs

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Network Service Discovery 1 TTPs 1 IoCs

    Attempt to gather information on host's network.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FortniteClient-Win64-Shipping.exe
    "C:\Users\Admin\AppData\Local\Temp\FortniteClient-Win64-Shipping.exe"
    1⤵
    • System Network Configuration Discovery: Internet Connection Discovery
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c exit
      2⤵
        PID:3060
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c exit
        2⤵
          PID:2280
      • C:\Windows\System32\GameBarPresenceWriter.exe
        "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
        1⤵
        • Network Service Discovery
        PID:4480
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1144
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
        1⤵
        • Drops desktop.ini file(s)
        PID:2884

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Videos\Captures\desktop.ini
        Filesize

        190B

        MD5

        b0d27eaec71f1cd73b015f5ceeb15f9d

        SHA1

        62264f8b5c2f5034a1e4143df6e8c787165fbc2f

        SHA256

        86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

        SHA512

        7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

        Download Submit