d469b1e3b26d9964246ff558d02ae9c3861f27e6ba311541c909b17464095123

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 17:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TurboTweaks.bat
Size

62KB
MD5

64b81cd54105a1ca440e0e3b2e5f2435
SHA1

3a53cd9c5739853bde482b800da8d812016eec84
SHA256

d469b1e3b26d9964246ff558d02ae9c3861f27e6ba311541c909b17464095123
SHA512

2445cca8c6fad9e8fb11e3494f44d0470ab6fe52dbce662755c916480533c6ba173a99deadaa4102446df577870b2835bbfb5c8014ba533ca3db9d6ce35fe0d8
SSDEEP

768:gpgCH3rRcVYlzfX7xTfEVT8DvFrrJQ0WsDRpc4qwHPmdFO3eTVRLUPt4g:gpgKlzfX7xOYpc4pujO3GVR4Pt4g

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2656	cmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 3012	2656	cmd.exe	30
PID 2656 wrote to memory of 3012	2656	cmd.exe	30
PID 2656 wrote to memory of 3012	2656	cmd.exe	30
PID 2656 wrote to memory of 3044	2656	cmd.exe	29
PID 2656 wrote to memory of 3044	2656	cmd.exe	29
PID 2656 wrote to memory of 3044	2656	cmd.exe	29
PID 2656 wrote to memory of 3052	2656	cmd.exe	31
PID 2656 wrote to memory of 3052	2656	cmd.exe	31
PID 2656 wrote to memory of 3052	2656	cmd.exe	31
PID 2656 wrote to memory of 3060	2656	cmd.exe	32
PID 2656 wrote to memory of 3060	2656	cmd.exe	32
PID 2656 wrote to memory of 3060	2656	cmd.exe	32
PID 2656 wrote to memory of 2012	2656	cmd.exe	33
PID 2656 wrote to memory of 2012	2656	cmd.exe	33
PID 2656 wrote to memory of 2012	2656	cmd.exe	33
PID 2656 wrote to memory of 1936	2656	cmd.exe	34
PID 2656 wrote to memory of 1936	2656	cmd.exe	34
PID 2656 wrote to memory of 1936	2656	cmd.exe	34
PID 2656 wrote to memory of 2172	2656	cmd.exe	35
PID 2656 wrote to memory of 2172	2656	cmd.exe	35
PID 2656 wrote to memory of 2172	2656	cmd.exe	35
PID 2656 wrote to memory of 3032	2656	cmd.exe	36
PID 2656 wrote to memory of 3032	2656	cmd.exe	36
PID 2656 wrote to memory of 3032	2656	cmd.exe	36
PID 2656 wrote to memory of 2096	2656	cmd.exe	37
PID 2656 wrote to memory of 2096	2656	cmd.exe	37
PID 2656 wrote to memory of 2096	2656	cmd.exe	37
PID 2656 wrote to memory of 2288	2656	cmd.exe	38
PID 2656 wrote to memory of 2288	2656	cmd.exe	38
PID 2656 wrote to memory of 2288	2656	cmd.exe	38
PID 2656 wrote to memory of 2572	2656	cmd.exe	39
PID 2656 wrote to memory of 2572	2656	cmd.exe	39
PID 2656 wrote to memory of 2572	2656	cmd.exe	39
PID 2656 wrote to memory of 2596	2656	cmd.exe	40
PID 2656 wrote to memory of 2596	2656	cmd.exe	40
PID 2656 wrote to memory of 2596	2656	cmd.exe	40
PID 2656 wrote to memory of 2616	2656	cmd.exe	41
PID 2656 wrote to memory of 2616	2656	cmd.exe	41
PID 2656 wrote to memory of 2616	2656	cmd.exe	41
PID 2656 wrote to memory of 2660	2656	cmd.exe	42
PID 2656 wrote to memory of 2660	2656	cmd.exe	42
PID 2656 wrote to memory of 2660	2656	cmd.exe	42
PID 2656 wrote to memory of 2676	2656	cmd.exe	43
PID 2656 wrote to memory of 2676	2656	cmd.exe	43
PID 2656 wrote to memory of 2676	2656	cmd.exe	43
PID 2656 wrote to memory of 2680	2656	cmd.exe	44
PID 2656 wrote to memory of 2680	2656	cmd.exe	44
PID 2656 wrote to memory of 2680	2656	cmd.exe	44
PID 2656 wrote to memory of 2688	2656	cmd.exe	45
PID 2656 wrote to memory of 2688	2656	cmd.exe	45
PID 2656 wrote to memory of 2688	2656	cmd.exe	45
PID 2656 wrote to memory of 2692	2656	cmd.exe	46
PID 2656 wrote to memory of 2692	2656	cmd.exe	46
PID 2656 wrote to memory of 2692	2656	cmd.exe	46
PID 2656 wrote to memory of 2884	2656	cmd.exe	47
PID 2656 wrote to memory of 2884	2656	cmd.exe	47
PID 2656 wrote to memory of 2884	2656	cmd.exe	47
PID 2656 wrote to memory of 2620	2656	cmd.exe	48
PID 2656 wrote to memory of 2620	2656	cmd.exe	48
PID 2656 wrote to memory of 2620	2656	cmd.exe	48
PID 2656 wrote to memory of 2720	2656	cmd.exe	49
PID 2656 wrote to memory of 2720	2656	cmd.exe	49
PID 2656 wrote to memory of 2720	2656	cmd.exe	49
PID 2656 wrote to memory of 2612	2656	cmd.exe	50

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\TurboTweaks.bat"
1⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "ExitLatencyCheckEnabled" /t REG_DWORD /d "1" /f
  2⤵
  PID:3044
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "ExitLatency" /t REG_DWORD /d "1" /f
  2⤵
  PID:3012
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "Latency" /t REG_DWORD /d "1" /f
  2⤵
  PID:3052
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "LatencyToleranceDefault" /t REG_DWORD /d "1" /f
  2⤵
  PID:3060
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "LatencyToleranceFSVP" /t REG_DWORD /d "1" /f
  2⤵
  PID:2012
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "LatencyTolerancePerfOverride" /t REG_DWORD /d "1" /f
  2⤵
  PID:1936
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "LatencyToleranceScreenOffIR" /t REG_DWORD /d "1" /f
  2⤵
  PID:2172
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "LatencyToleranceVSyncEnabled" /t REG_DWORD /d "1" /f
  2⤵
  PID:3032
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "RtlCapabilityCheckLatency" /t REG_DWORD /d "1" /f
  2⤵
  PID:2096
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "QosManagesIdleProcessors" /t REG_DWORD /d "0" /f
  2⤵
  PID:2288
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DisableVsyncLatencyUpdate" /t REG_DWORD /d "0" /f
  2⤵
  PID:2572
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DisableSensorWatchdog" /t REG_DWORD /d "1" /f
  2⤵
  PID:2596
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
  2⤵
  PID:2616
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InterruptSteeringDisabled" /t REG_DWORD /d "1" /f
  2⤵
  PID:2660
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "LowLatencyScalingPercentage" /t REG_DWORD /d "100" /f
  2⤵
  PID:2676
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f
  2⤵
  PID:2680
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f
  2⤵
  PID:2688
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f
  2⤵
  PID:2884
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
  2⤵
  PID:2620
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InitialUnparkCount" /t REG_DWORD /d "100" /f
  2⤵
  PID:2720
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultD3TransitionLatencyActivelyUsed" /t REG_DWORD /d "0" /f
  2⤵
  PID:2612
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultD3TransitionLatencyIdleLongTime" /t REG_DWORD /d "1" /f
  2⤵
  PID:2592
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultD3TransitionLatencyIdleMonitorOff" /t REG_DWORD /d "1" /f
  2⤵
  PID:2476
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultD3TransitionLatencyIdleNoContext" /t REG_DWORD /d "1" /f
  2⤵
  PID:2296
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultD3TransitionLatencyIdleShortTime" /t REG_DWORD /d "1" /f
  2⤵
  PID:2728
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultD3TransitionLatencyIdleVeryLongTime" /t REG_DWORD /d "1" /f
  2⤵
  PID:2736
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceIdle0" /t REG_DWORD /d "1" /f
  2⤵
  PID:2628
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceIdle0MonitorOff" /t REG_DWORD /d "1" /f
  2⤵
  PID:2132
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceIdle1" /t REG_DWORD /d "1" /f
  2⤵
  PID:2836
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceIdle1MonitorOff" /t REG_DWORD /d "1" /f
  2⤵
  PID:2848
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceMemory" /t REG_DWORD /d "1" /f
  2⤵
  PID:2508
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceNoContext" /t REG_DWORD /d "1" /f
  2⤵
  PID:2496
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceNoContextMonitorOff" /t REG_DWORD /d "1" /f
  2⤵
  PID:2632
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceOther" /t REG_DWORD /d "1" /f
  2⤵
  PID:2636
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultLatencyToleranceTimerPeriod" /t REG_DWORD /d "1" /f
  2⤵
  PID:2704
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultMemoryRefreshLatencyToleranceActivelyUsed" /t REG_DWORD /d "1" /f
  2⤵
  PID:1780
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultMemoryRefreshLatencyToleranceMonitorOff" /t REG_DWORD /d "1" /f
  2⤵
  PID:2468
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "DefaultMemoryRefreshLatencyToleranceNoContext" /t REG_DWORD /d "1" /f
  2⤵
  PID:2464
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "Latency" /t REG_DWORD /d "1" /f
  2⤵
  PID:2484
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaxIAverageGraphicsLatencyInOneBucket" /t REG_DWORD /d "1" /f
  2⤵
  PID:2500
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MonitorLatencyTolerance" /t REG_DWORD /d "1" /f
  2⤵
  PID:2540
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MiracastPerfTrackGraphicsLatency" /t REG_DWORD /d "1" /f
  2⤵
  PID:2524
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MonitorRefreshLatencyTolerance" /t REG_DWORD /d "1" /f
  2⤵
  PID:2588
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "TransitionLatency" /t REG_DWORD /d "1" /f
  2⤵
  PID:2824
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "EnablePreemption" /t REG_DWORD /d "0" /f
  2⤵
  PID:2528

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads