URL:

https://github.com/jopalinka/fortnite-hack-fishstick

Full analysis: https://app.any.run/tasks/d4faaecd-a352-47a5-b159-f2dae5245070
Verdict: Malicious activity
Analysis date: November 29, 2023, 03:28:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
Indicators:
MD5:

BD938243C2B6E39678D8D1591B825C25

SHA1:

329F171B9F3335080E9C15515063B04CB54909A4

SHA256:

B5DE90E81579C11E9507F2EAB7A154DE086A67C79063C8463B041919EB923BB0

SSDEEP:

3:N8tEd/OVBctNvnDMQZn:2uczONvQC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 3100)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3100)

    • Application launched itself

      • iexplore.exe (PID: 2692)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3100)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2516"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2692 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2692"C:\Program Files\Internet Explorer\iexplore.exe" "https://github.com/jopalinka/fortnite-hack-fishstick"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3100"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
Total events
21 658
Read events
21 570
Write events
85
Delete events
3

Modification events

(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2692) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
36
Text files
83
Unknown types
0

Dropped files

PID
Process
Filename
Type
2516iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565binary
MD5:BD44F39F445142A238560F418C746753
SHA256:7FFBB91A606A3410A8A4925451E06B0496B447B02650A0AC0BDFCC87B501AA50
2516iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:AB9812AA20CDA9BA463AC524F682BC02
SHA256:5A30E24C72D11D93C14706F8D5AD8EB9E11C1AFBA39474E086EE36B4AD318D2D
2516iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:6644EAEECDCB7EDB56B36567B5C65FB9
SHA256:38B87BCBA3F77217251ED86CADB6D7F2188B7CBEE8AEAEEF040914A69EA9FF38
2516iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:EBB787B631E1DCD42E169AE402DA47E8
SHA256:9DE9D64AAEA8328D7A6D9E41B412B3CD1ADC9CB5C05EF68B0FE14EBB5D20138D
2516iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1Cbinary
MD5:95E0FE980C247B0E9C092807005C19B1
SHA256:813FE28C9CDB6CD82713B36D45640E4FF0D17C8601999962BB72DB8D0C8031CC
2516iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\fortnite-hack-fishstick[1].htmhtml
MD5:6ADB8F2A50FE8CD5DC327B2A50233191
SHA256:0B496A7B85E76D0D390D659031D73385F5184123A054D98592139B164DD10ED8
2516iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1Cbinary
MD5:50098BF77FCB8203B8398F757668C9AC
SHA256:14EEDEBDF0770B80987482CD6B4EA8958E52C5BFB2143CF6C4BD695AAB8AB489
2516iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8DW6D61.txttext
MD5:9BCDA5F908F69923A8400F88B381DE86
SHA256:A2C39D55AE020B0B2CA200C744F943F6AD3D074064E75F272BF268B8815DBC80
2516iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\primer-primitives-363ec1831c26[1].csstext
MD5:16198770F3BA5C2E7E146E7D34D411BD
SHA256:8E195F041948942AD5659B150DBF7555431588DE232CF1723D9F816C1FFDA833
2516iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\dark-4a5ce21c3d04[1].csstext
MD5:1C8644BCD753D5BA53BE196F58EE0CA7
SHA256:120710C8C4672904690587B91499475E361E271B36C652BF327834F5D1F4C0C6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
97
DNS requests
26
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2516
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAzQqL7GMs%2FmReygqbCE%2Bxw%3D
unknown
binary
313 b
unknown
2516
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c698a3da1f9590d6
unknown
compressed
4.66 Kb
unknown
2516
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e569524345d4d114
unknown
compressed
4.66 Kb
unknown
2516
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D
unknown
binary
471 b
unknown
2692
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
unknown
binary
471 b
unknown
2516
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
binary
471 b
unknown
2516
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
binary
471 b
unknown
2516
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAHWlVhJ1rvbwVVZSZDShpE%3D
unknown
binary
471 b
unknown
2516
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEA31bkAO%2Bi8Ck%2FQzSKQ0pSE%3D
unknown
binary
471 b
unknown
2692
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2516
iexplore.exe
140.82.121.3:443
github.com
GITHUB
US
unknown
2516
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2516
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
868
svchost.exe
95.101.148.135:80
armmf.adobe.com
Akamai International B.V.
NL
unknown
1080
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2516
iexplore.exe
185.199.110.154:443
github.githubassets.com
FASTLY
US
unknown
2692
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2516
iexplore.exe
185.199.108.133:443
avatars.githubusercontent.com
FASTLY
US
unknown
2692
iexplore.exe
185.199.110.154:443
github.githubassets.com
FASTLY
US
unknown
2692
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
github.com
  • 140.82.121.3
shared
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 2.23.209.187
  • 2.23.209.130
whitelisted
github.githubassets.com
  • 185.199.110.154
  • 185.199.109.154
  • 185.199.108.154
  • 185.199.111.154
whitelisted
avatars.githubusercontent.com
  • 185.199.111.133
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.109.133
whitelisted
github-cloud.s3.amazonaws.com
  • 3.5.29.33
  • 3.5.25.172
  • 52.217.225.33
  • 52.217.69.36
  • 52.217.126.33
  • 54.231.230.241
  • 16.182.101.1
  • 52.217.133.201
  • 16.182.106.225
  • 52.216.206.163
  • 16.182.106.129
  • 54.231.230.41
  • 16.182.73.33
  • 3.5.20.172
  • 3.5.29.174
  • 52.216.130.107
  • 52.217.112.249
  • 3.5.24.104
  • 54.231.203.193
  • 54.231.160.105
  • 52.216.154.172
  • 3.5.28.121
  • 16.182.99.105
  • 52.217.116.121
shared
user-images.githubusercontent.com
  • 185.199.109.133
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.111.133
whitelisted
private-user-images.githubusercontent.com
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.111.133
  • 185.199.109.133
unknown

Threats

PID
Process
Class
Message
1080
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)
2516
iexplore.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)
2516
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY Dropbox.com Offsite File Backup in Use
2516
iexplore.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/jopalinka/fortnite-hack-fishstick