7ff7c005d304d6dc799bd741e8b917c6a35e05b9d45801c7df67d4e0efa699bb

Analysis

max time kernel
1796s
max time network
1804s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2024 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Best Fortnite Tweaks/Best Fortnite Tweaks/9. Mouse and keyboard/Mouse and keyboard Optimizer.bat
Size

11KB
MD5

e677c38cccec3aafd45c8f3dd5eaff66
SHA1

fc30b9f148ecfc926b699dbd0f814939b9a69f93
SHA256

c43e8cebf524659241a7595bd8dd3472f3e0751feadb42216a36f7bdcd9461e0
SHA512

52b5e69a00940c198698648c53abf6616d0a2fac5a287280e0e8a3e3ed5db3d3ec43c88ad20170c2c8fd9b128002e8ec5afa4bf745af75e4f0d56e332600ea7f
SSDEEP

96:60N/DixveGUIwegcDYUcRcc2scM0cGpj1awtWxEtWkNJmjRLTfJxR7a0B:zN/D+veBiwky0cGpjIuJmjRPJxQ2

Score

8^/10

persistence

Malware Config

Signatures

Sets file execution options in registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exereg.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions\CpuPriorityClass = "4"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions\IoPriority = "3"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions	reg.exe

Delays execution with timeout.exe 9 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid process

1428 timeout.exe
2948 timeout.exe
1412 timeout.exe
4924 timeout.exe
4548 timeout.exe
392 timeout.exe
2540 timeout.exe
3128 timeout.exe
2192 timeout.exe

pid	process
1428	timeout.exe
2948	timeout.exe
1412	timeout.exe
4924	timeout.exe
4548	timeout.exe
392	timeout.exe
2540	timeout.exe
3128	timeout.exe
2192	timeout.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 4652 wrote to memory of 1520	4652	cmd.exe	chcp.com
PID 4652 wrote to memory of 1520	4652	cmd.exe	chcp.com
PID 4652 wrote to memory of 2540	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 2540	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 4504	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 4504	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 1428	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 1428	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 4612	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 4612	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 2948	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 2948	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 396	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 396	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 1412	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 1412	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 4460	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 4460	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 3104	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 3104	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 2420	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 2420	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 2348	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 2348	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 3128	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 3128	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 3028	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 3028	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 4924	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 4924	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 3700	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 3700	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 4548	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 4548	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 652	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 652	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 392	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 392	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 5072	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 5072	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 1492	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 1492	4652	cmd.exe	reg.exe
PID 4652 wrote to memory of 2192	4652	cmd.exe	timeout.exe
PID 4652 wrote to memory of 2192	4652	cmd.exe	timeout.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Best Fortnite Tweaks\Best Fortnite Tweaks\9. Mouse and keyboard\Mouse and keyboard Optimizer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4652

C:\Windows\system32\chcp.com
chcp 65001
2⤵
PID:1520

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:2540

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Accessibility\Keyboard Response" /v "Flags" /t REG_SZ /d "122" /f
2⤵
PID:4504

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:1428

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Accessibility\ToggleKeys" /v "Flags" /t REG_SZ /d "58" /f
2⤵
PID:4612

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:2948

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d "506" /f
2⤵
PID:396

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:1412

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "0" /f
2⤵
PID:4460

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Mouse" /v "MouseSpeed" /t REG_SZ /d "0" /f
2⤵
PID:3104

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Mouse" /v "MouseThreshold1" /t REG_SZ /d "0" /f
2⤵
PID:2420

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Mouse" /v "MouseThreshold2" /t REG_SZ /d "0" /f
2⤵
PID:2348

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:3128

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Mouse" /v "MouseSensitivity" /t REG_SZ /d "10" /f
2⤵
PID:3028

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:4924

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Keyboard" /v "KeyboardDelay" /t REG_SZ /d "0" /f
2⤵
PID:3700

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:4548

C:\Windows\system32\reg.exe
Reg.exe add "HKCU\Control Panel\Keyboard" /v "KeyboardSpeed" /t REG_SZ /d "31" /f
2⤵
PID:652

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:392

C:\Windows\system32\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v "CpuPriorityClass" /t REG_DWORD /d "4" /f
2⤵
- Sets file execution options in registry
PID:5072

C:\Windows\system32\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v "IoPriority" /t REG_DWORD /d "3" /f
2⤵
- Sets file execution options in registry
PID:1492

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:2192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2352 --field-trial-handle=2232,i,11267738607351977302,107266978269557304,262144 --variations-seed-version /prefetch:8
1⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4972 --field-trial-handle=2232,i,11267738607351977302,107266978269557304,262144 --variations-seed-version /prefetch:8
1⤵
PID:452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads