7ff7c005d304d6dc799bd741e8b917c6a35e05b9d45801c7df67d4e0efa699bb

General

Target

Best Fortnite Tweaks/Best Fortnite Tweaks/9. Mouse and keyboard/Mouse and keyboard Optimizer.bat
Size

11KB
MD5

e677c38cccec3aafd45c8f3dd5eaff66
SHA1

fc30b9f148ecfc926b699dbd0f814939b9a69f93
SHA256

c43e8cebf524659241a7595bd8dd3472f3e0751feadb42216a36f7bdcd9461e0
SHA512

52b5e69a00940c198698648c53abf6616d0a2fac5a287280e0e8a3e3ed5db3d3ec43c88ad20170c2c8fd9b128002e8ec5afa4bf745af75e4f0d56e332600ea7f
SSDEEP

96:60N/DixveGUIwegcDYUcRcc2scM0cGpj1awtWxEtWkNJmjRLTfJxR7a0B:zN/D+veBiwky0cGpjIuJmjRPJxQ2

Score

8^/10

persistence

Malware Config

Signatures

Sets file execution options in registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exereg.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions\CpuPriorityClass = "4"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions\IoPriority = "3"	reg.exe

Delays execution with timeout.exe 9 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid process

3012 timeout.exe
4700 timeout.exe
3508 timeout.exe
4972 timeout.exe
1764 timeout.exe
4620 timeout.exe
2912 timeout.exe
5060 timeout.exe
3556 timeout.exe

pid	process
3012	timeout.exe
4700	timeout.exe
3508	timeout.exe
4972	timeout.exe
1764	timeout.exe
4620	timeout.exe
2912	timeout.exe
5060	timeout.exe
3556	timeout.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 4860 wrote to memory of 4796	4860	cmd.exe	chcp.com
PID 4860 wrote to memory of 4796	4860	cmd.exe	chcp.com
PID 4860 wrote to memory of 3012	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 3012	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 2888	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 2888	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 1764	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 1764	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 4608	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 4608	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 4700	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 4700	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 4216	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 4216	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 3508	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 3508	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 4124	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 4124	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 1036	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 1036	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 776	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 776	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 5104	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 5104	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 4620	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 4620	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 5084	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 5084	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 2912	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 2912	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 2228	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 2228	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 5060	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 5060	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 4752	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 4752	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 4972	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 4972	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 2108	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 2108	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 1584	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 1584	4860	cmd.exe	reg.exe
PID 4860 wrote to memory of 3556	4860	cmd.exe	timeout.exe
PID 4860 wrote to memory of 3556	4860	cmd.exe	timeout.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Best Fortnite Tweaks\Best Fortnite Tweaks\9. Mouse and keyboard\Mouse and keyboard Optimizer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4860

C:\Windows\system32\chcp.com
chcp 65001
2⤵
PID:4796

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:3012

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Accessibility\Keyboard Response" /v "Flags" /t REG_SZ /d "122" /f
2⤵
PID:2888

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:1764

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Accessibility\ToggleKeys" /v "Flags" /t REG_SZ /d "58" /f
2⤵
PID:4608

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:4700

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d "506" /f
2⤵
PID:4216

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:3508

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "0" /f
2⤵
PID:4124

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Mouse" /v "MouseSpeed" /t REG_SZ /d "0" /f
2⤵
PID:1036

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Mouse" /v "MouseThreshold1" /t REG_SZ /d "0" /f
2⤵
PID:776

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Mouse" /v "MouseThreshold2" /t REG_SZ /d "0" /f
2⤵
PID:5104

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:4620

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Mouse" /v "MouseSensitivity" /t REG_SZ /d "10" /f
2⤵
PID:5084

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:2912

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Keyboard" /v "KeyboardDelay" /t REG_SZ /d "0" /f
2⤵
PID:2228

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:5060

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Keyboard" /v "KeyboardSpeed" /t REG_SZ /d "31" /f
2⤵
PID:4752

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:4972

C:\Windows\system32\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v "CpuPriorityClass" /t REG_DWORD /d "4" /f
2⤵
- Sets file execution options in registry
PID:2108

C:\Windows\system32\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v "IoPriority" /t REG_DWORD /d "3" /f
2⤵
- Sets file execution options in registry
PID:1584