88f51af987c4632ef1841cc4cde114614bb5d91219abc2dd4970cb162421376d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-01-2025 13:53

Target

Fortnite/vosfn.exe
Size

21.3MB
MD5

9ba7486280499dc54dff9a02b80baac6
SHA1

cca0585028bce98398c39b885ba4461a7b5b6ea1
SHA256

1a6e578000faaaf8b3ba921009ac9208480d33cf0e08b6bec9781c9f684fb237
SHA512

3d61aee358117c4e3420314bf5669994e7ce862bc354e129ce120d66bfd7a201ac6da779dea8257349e75b2fc5976d595dbf8a2db1e535f472e7a2469ffb2a25
SSDEEP

393216:ymkILbJ6LmC8+ocQtN2dZQmyfcnXThRleRso9urEUWjC3zDbF4frp:yxcILmC8BcQ72dZQoXde68dbCp4f9

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2360	vosfn.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019284-22.dat	upx
behavioral1/memory/2360-24-0x000007FEF59A0000-0x000007FEF5F92000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2360	1992	vosfn.exe	31
PID 1992 wrote to memory of 2360	1992	vosfn.exe	31
PID 1992 wrote to memory of 2360	1992	vosfn.exe	31

C:\Users\Admin\AppData\Local\Temp\Fortnite\vosfn.exe
"C:\Users\Admin\AppData\Local\Temp\Fortnite\vosfn.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\Fortnite\vosfn.exe
  "C:\Users\Admin\AppData\Local\Temp\Fortnite\vosfn.exe"
  2⤵
  - Loads dropped DLL
  PID:2360

C:\Users\Admin\AppData\Local\Temp\_MEI19922\python311.dll

Filesize
1.6MB

MD5
ccdbd8027f165575a66245f8e9d140de

SHA1
d91786422ce1f1ad35c528d1c4cd28b753a81550

SHA256
503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971

SHA512
870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311

Download Submit
memory/2360-24-0x000007FEF59A0000-0x000007FEF5F92000-memory.dmp

Filesize
5.9MB

Download