analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Fortnite Chapter 2 Season 2 Cheat.rar

Full analysis: https://app.any.run/tasks/fb851bda-0931-4655-b891-9bfcc55dda08
Verdict: Malicious activity
Threats:

NanoCore is a Remote Access Trojan or RAT. This malware is highly customizable with plugins which allow attackers to tailor its functionality to their needs. Nanocore is created with the .NET framework and it’s available for purchase for just $25 from its “official” website.

Malware Trends Tracker     >>>
Analysis date: February 21, 2020, 20:52:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
rat
nanocore
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

9DCAB3B186DB9240E2B5B0AF409ECDF6

SHA1:

AA9FD0CB786593755A1796E864C86CB56E1C223F

SHA256:

924B2FA72C0402ACFF4AB31D49F409E4597062C628A427AFB47936E1B478FB37

SSDEEP:

12288:3h8dNFBdsTxAMgepQqmeUYNqmfToCQATh9rKCLZcgBUNt1lGlNIuPgEjMEoX+aBc:36v0ASXPZJUuNZccUNt3GlNIyJjMJpBc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Cheat Fortnite S02.exe (PID: 2704)
      • InstallUtil.exe (PID: 1380)
      • InstallUtil.exe (PID: 1928)
      • Cheat Fortnite S02.exe (PID: 3576)
      • InstallUtil.exe (PID: 3052)
      • InstallUtil.exe (PID: 3796)

    • NANOCORE was detected

      • InstallUtil.exe (PID: 1928)

    • Changes the autorun value in the registry

      • Cheat Fortnite S02.exe (PID: 2704)
      • InstallUtil.exe (PID: 1928)
      • InstallUtil.exe (PID: 3052)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1720)
      • Cheat Fortnite S02.exe (PID: 2704)
      • InstallUtil.exe (PID: 1928)

    • Creates files in the user directory

      • Cheat Fortnite S02.exe (PID: 2704)
      • InstallUtil.exe (PID: 1928)

    • Application launched itself

      • InstallUtil.exe (PID: 1928)
      • InstallUtil.exe (PID: 3052)

  • INFO

    • Manual execution by user

      • Cheat Fortnite S02.exe (PID: 2704)
      • Cheat Fortnite S02.exe (PID: 3576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
7
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start winrar.exe cheat fortnite s02.exe #NANOCORE installutil.exe installutil.exe cheat fortnite s02.exe no specs installutil.exe installutil.exe

Process information

PID
CMD
Path
Indicators
Parent process
1720"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Fortnite Chapter 2 Season 2 Cheat.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2704"C:\Users\admin\Desktop\Cheat Fortnite S02.exe" C:\Users\admin\Desktop\Cheat Fortnite S02.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
0.0.0.0
1928"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Cheat Fortnite S02.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
.NET Framework installation utility
Exit code:
0
Version:
4.7.3062.0 built by: NET472REL1
1380"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
InstallUtil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Framework installation utility
Exit code:
4294967295
Version:
4.7.3062.0 built by: NET472REL1
3576"C:\Users\admin\Desktop\Cheat Fortnite S02.exe" C:\Users\admin\Desktop\Cheat Fortnite S02.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
0.0.0.0
3052"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Cheat Fortnite S02.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
.NET Framework installation utility
Exit code:
0
Version:
4.7.3062.0 built by: NET472REL1
3796"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
InstallUtil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
.NET Framework installation utility
Exit code:
4294967295
Version:
4.7.3062.0 built by: NET472REL1
Total events
539
Read events
506
Write events
33
Delete events
0

Modification events

(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1720) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Fortnite Chapter 2 Season 2 Cheat.rar
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(1720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
3
Suspicious files
1
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
1928InstallUtil.exeC:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\run.datbinary
MD5:DA4F18B4436523DB120094CB3E111791
SHA256:D22A672D893FCDA1EB541984B11F392B1993FC284D0DBBC73E957431C5FA78D3
2704Cheat Fortnite S02.exeC:\Users\admin\AppData\Roaming\JavaLog\java.exeexecutable
MD5:25E02056759FB84C431594C821DCE49A
SHA256:8587BD21E419E2EF024E3E2F2209A85A7B78C09411FAF97C193725A6927FE903
1720WinRAR.exeC:\Users\admin\Desktop\Cheat Fortnite S02.exeexecutable
MD5:25E02056759FB84C431594C821DCE49A
SHA256:8587BD21E419E2EF024E3E2F2209A85A7B78C09411FAF97C193725A6927FE903
1928InstallUtil.exeC:\Users\admin\AppData\Roaming\90059C37-1320-41A4-B58D-2B75A9850D2F\TCP Monitor\tcpmon.exeexecutable
MD5:91C9AE9C9A17A9DB5E08B120E668C74C
SHA256:E56A7E5D3AB9675555E2897FC3FAA2DD9265008A4967A7D54030AB8184D2D38F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Fortnite Chapter 2 Season 2 Cheat.rar