7ff7c005d304d6dc799bd741e8b917c6a35e05b9d45801c7df67d4e0efa699bb

Analysis

max time kernel
458s
max time network
1178s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06-04-2024 13:28

Target

Best Fortnite Tweaks/Best Fortnite Tweaks/3. Uninstall Useless Apps/Uninstall Useless Apps.bat
Size

12KB
MD5

91bbfd9723935de97c758e9daa88e7d6
SHA1

f4a9573dfe3ba1402fa8a6687eddd327a3173d4a
SHA256

9fbc353f29474cedc35fcac9fb81a2f3128c3e8d8647d8fbaec600e83ea90702
SHA512

be8b04a5f6a6ce901ee175c8f5a4c520f82be6908ab3965a4f2dc53adbeba0c80373343bce3aade6f01b9b71842c2839772b2e424bf48a857e4fca4f578518e6
SSDEEP

384:ug/mveoB81EnSj+x+tZCJDKJus+w/tKQ8pox0:7EnSj+xSKDMus+w/tKQWI0

Score

1^/10

Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

3812 timeout.exe

pid	process
3812	timeout.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 3724 wrote to memory of 4248	3724	cmd.exe	chcp.com
PID 3724 wrote to memory of 4248	3724	cmd.exe	chcp.com
PID 3724 wrote to memory of 3812	3724	cmd.exe	timeout.exe
PID 3724 wrote to memory of 3812	3724	cmd.exe	timeout.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Best Fortnite Tweaks\Best Fortnite Tweaks\3. Uninstall Useless Apps\Uninstall Useless Apps.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3724

C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
2⤵
- Delays execution with timeout.exe
PID:3812