Analysis

  • max time kernel
    7s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-11-2024 17:54

General

  • Target

    Danger/Data/Fortnite_Gift_Card.txt

  • Size

    34B

  • MD5

    431702faeeb079ffa7d7cc0b58d0cbde

  • SHA1

    254040f350ad5edf4882d376a5057972e445c215

  • SHA256

    e8141f9d6b2f04b35ca0b30d0e0482f9c6d351bea49d2bfe41896c318d57de0b

  • SHA512

    b9d67c10abcd074baa3224688227157becbba691f10bb2bb04e6093e9ed101f0cf7f45805b0307d1d863122572f9055bad18d6add41838e52e19b7c4984f12f6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Fortnite_Gift_Card.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4140
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\Data\Fortnite_Gift_Card.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads