Overview
overview
10Static
static
3FortniteEx...in.zip
windows7-x64
7FortniteEx...in.zip
windows10-2004-x64
1FortniteEx...ot.hpp
windows7-x64
3FortniteEx...ot.hpp
windows10-2004-x64
3FortniteEx...es.hpp
windows7-x64
3FortniteEx...es.hpp
windows10-2004-x64
3FortniteEx...re.cpp
windows7-x64
3FortniteEx...re.cpp
windows10-2004-x64
3FortniteEx...re.hpp
windows7-x64
3FortniteEx...re.hpp
windows10-2004-x64
3FortniteEx...pi.hpp
windows7-x64
3FortniteEx...pi.hpp
windows10-2004-x64
3FortniteEx...ICENSE
windows7-x64
1FortniteEx...ICENSE
windows10-2004-x64
1FortniteEx...er.exe
windows7-x64
7FortniteEx...er.exe
windows10-2004-x64
10FortniteEx...DME.md
windows7-x64
3FortniteEx...DME.md
windows10-2004-x64
3FortniteEx...th.hpp
windows7-x64
3FortniteEx...th.hpp
windows10-2004-x64
3FortniteEx...ok.cpp
windows7-x64
3FortniteEx...ok.cpp
windows10-2004-x64
3FortniteEx...ok.hpp
windows7-x64
3FortniteEx...ok.hpp
windows10-2004-x64
3FortniteEx...in.cpp
windows7-x64
3FortniteEx...in.cpp
windows10-2004-x64
3Analysis
-
max time kernel
65s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
08/11/2024, 22:14
Static task
static1
Behavioral task
behavioral1
Sample
FortniteExternalCheat-main.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
FortniteExternalCheat-main.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
FortniteExternalCheat-main/Aimbot.hpp
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
FortniteExternalCheat-main/Aimbot.hpp
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
FortniteExternalCheat-main/Classes.hpp
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
FortniteExternalCheat-main/Classes.hpp
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
FortniteExternalCheat-main/Core.cpp
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
FortniteExternalCheat-main/Core.cpp
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
FortniteExternalCheat-main/Core.hpp
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
FortniteExternalCheat-main/Core.hpp
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
FortniteExternalCheat-main/CustomWinApi.hpp
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
FortniteExternalCheat-main/CustomWinApi.hpp
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
FortniteExternalCheat-main/LICENSE
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
FortniteExternalCheat-main/LICENSE
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
FortniteExternalCheat-main/Loader.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
FortniteExternalCheat-main/Loader.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
FortniteExternalCheat-main/README.md
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
FortniteExternalCheat-main/README.md
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
FortniteExternalCheat-main/auth.hpp
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
FortniteExternalCheat-main/auth.hpp
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
FortniteExternalCheat-main/d3d_Hook.cpp
Resource
win7-20241023-en
Behavioral task
behavioral22
Sample
FortniteExternalCheat-main/d3d_Hook.cpp
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
FortniteExternalCheat-main/d3d_Hook.hpp
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
FortniteExternalCheat-main/d3d_Hook.hpp
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
FortniteExternalCheat-main/dllmain.cpp
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
FortniteExternalCheat-main/dllmain.cpp
Resource
win10v2004-20241007-en
General
-
Target
FortniteExternalCheat-main/d3d_Hook.hpp
-
Size
480B
-
MD5
dc9c03ce97ed34f5df7ed6a12b9bdf20
-
SHA1
445b14f7bd53c638f85981e1c9864291def57f4a
-
SHA256
33c8b94e133540c737622cc6ad29065a0f2e7f76ac505374b753e201391671b0
-
SHA512
9e18c3e2204442375efa1f12893d0df321fa01c1a3dfbde5bfdefbf5034c00aebdbc962c96d061093b78eec028ae9d75c707f995f07d4f3567a84c07ea0fda9b
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2772 wrote to memory of 2876 2772 cmd.exe 31 PID 2772 wrote to memory of 2876 2772 cmd.exe 31 PID 2772 wrote to memory of 2876 2772 cmd.exe 31 PID 2876 wrote to memory of 2660 2876 rundll32.exe 32 PID 2876 wrote to memory of 2660 2876 rundll32.exe 32 PID 2876 wrote to memory of 2660 2876 rundll32.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\FortniteExternalCheat-main\d3d_Hook.hpp1⤵
- Suspicious use of WriteProcessMemory
PID:2772 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FortniteExternalCheat-main\d3d_Hook.hpp2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\FortniteExternalCheat-main\d3d_Hook.hpp3⤵PID:2660
-
-