6ddaadc624ff9cbf20d7b768591ce49673bd818d8201e746254a1bd329d44f63

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 08:42

Target

FPS Boost Pack/Gpu (Nvidia only)/Hidden Reg Tweaks/Advanced Hidden Nvidia Gpu Tweaks.bat
Size

7KB
MD5

ee9b5a28dcc9850e7fa76bd0e4c54ac1
SHA1

1063b099a04cbc982f1ef5f40172e3e20a3ce1ca
SHA256

dc2a200acc6f9385c9d1047a161086be1fed4481ca155268c5467e1e594a4be4
SHA512

cefea46a25fcf020ca021a3644d4a68bddddac495acd17bea80c05e10565c90cca75d12c10d0391be9458260ad44de17dd53c7ca34f32c002df4c4f5e654abac
SSDEEP

48:Zp+kQGmdqC2+Cn9j6rt404N4ig4iW4iY4iOg4i3Z4nJ4lf3pBFpq4PplB4MXg94W:Zp+kcdqC4np6BQipBdTOfzt

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1524	2980	cmd.exe	29
PID 2980 wrote to memory of 1524	2980	cmd.exe	29
PID 2980 wrote to memory of 1524	2980	cmd.exe	29
PID 1524 wrote to memory of 2096	1524	cmd.exe	30
PID 1524 wrote to memory of 2096	1524	cmd.exe	30
PID 1524 wrote to memory of 2096	1524	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\FPS Boost Pack\Gpu (Nvidia only)\Hidden Reg Tweaks\Advanced Hidden Nvidia Gpu Tweaks.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\FPS Boost Pack\Gpu (Nvidia only)\Hidden Reg Tweaks\Advanced Hidden Nvidia Gpu Tweaks.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Windows\system32\findstr.exe
    findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\FPS Boost Pack\Gpu (Nvidia only)\Hidden Reg Tweaks\Advanced Hidden Nvidia Gpu Tweaks.bat"
    3⤵
    PID:2096