1303791d5361f853607ab0e98fc6f102c7ac3585358d680a05f20c7f365c302c

Resubmissions

11-05-2024 16:53

11-05-2024 16:51

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 16:51

Target

Skiioh's Performance Pack v2 (FREE)/(3) FPS Boost SkiiohTweaks.bat
Size

215KB
MD5

3ece5b21361fc83e72fbb864abe4c9ed
SHA1

d86d5032174463705b5ce5cee2defb10e470ce51
SHA256

31583ea4d2533b0a65254b27e3f892269ba40882ff2b0a7fce698edec64b236a
SHA512

f83790f4ecd5ca030a4af091b277f5a0db610acb9024d7b3ead7e5f030f837a11a87fa8286f20be43c320f4f5c393fe737a744397cc8b4e6c5362d4add62a67a
SSDEEP

6144:pKauGgt13EHVlKAoYKTVN3aaGGd13EHV1KAoYKjNN66+AGg8GBVkwo2DAXeBnIET:sauGgt13EHVlKAoYKTVN3aaGGd13EHV0

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 3304	2888	cmd.exe	82
PID 2888 wrote to memory of 3304	2888	cmd.exe	82
PID 3304 wrote to memory of 3612	3304	cmd.exe	83
PID 3304 wrote to memory of 3612	3304	cmd.exe	83
PID 2888 wrote to memory of 1376	2888	cmd.exe	84
PID 2888 wrote to memory of 1376	2888	cmd.exe	84
PID 2888 wrote to memory of 2168	2888	cmd.exe	85
PID 2888 wrote to memory of 2168	2888	cmd.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Skiioh's Performance Pack v2 (FREE)\(3) FPS Boost SkiiohTweaks.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c chcp
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3304
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:3612
- C:\Windows\system32\chcp.com
  chcp 708
  2⤵
  PID:1376
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\Skiioh's Performance Pack v2 (FREE)\(3) FPS Boost SkiiohTweaks.bat" "
  2⤵
  PID:2168