Overview
overview
7Static
static
1!!BEST TWE...he.exe
windows7-x64
1!!BEST TWE...he.exe
windows10-2004-x64
1!!BEST TWE...ng.bat
windows7-x64
1!!BEST TWE...ng.bat
windows10-2004-x64
1!!BEST TWE...SE.bat
windows7-x64
1!!BEST TWE...SE.bat
windows10-2004-x64
1!!BEST TWE...me.lnk
windows7-x64
3!!BEST TWE...me.lnk
windows10-2004-x64
7!!BEST TWE...rs.url
windows7-x64
1!!BEST TWE...rs.url
windows10-2004-x64
1!!BEST TWE...rs.url
windows7-x64
1!!BEST TWE...rs.url
windows10-2004-x64
1!!BEST TWE...rs.url
windows7-x64
1!!BEST TWE...rs.url
windows10-2004-x64
1!!BEST TWE...Us.cmd
windows7-x64
1!!BEST TWE...Us.cmd
windows10-2004-x64
4!!BEST TWE...ll.lnk
windows7-x64
3!!BEST TWE...ll.lnk
windows10-2004-x64
7!!BEST TWE...ps.lnk
windows7-x64
3!!BEST TWE...ps.lnk
windows10-2004-x64
3!!BEST TWE...er.ps1
windows7-x64
3!!BEST TWE...er.ps1
windows10-2004-x64
3!!BEST TWE...er.ps1
windows7-x64
3!!BEST TWE...er.ps1
windows10-2004-x64
3!!BEST TWE...ck.ps1
windows7-x64
3!!BEST TWE...ck.ps1
windows10-2004-x64
3!!BEST TWE...ts.ps1
windows7-x64
3!!BEST TWE...ts.ps1
windows10-2004-x64
3!!BEST TWE...or.ps1
windows7-x64
3!!BEST TWE...or.ps1
windows10-2004-x64
3!!BEST TWE...il.ps1
windows7-x64
3!!BEST TWE...il.ps1
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
01/07/2024, 01:29
Static task
static1
Behavioral task
behavioral1
Sample
!!BEST TWEAKS/PC Cleanup/Clear Memory Cache.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
!!BEST TWEAKS/PC Cleanup/Clear Memory Cache.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
!!BEST TWEAKS/Registry _ Batch/Disable USB Powersaving.bat
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral4
Sample
!!BEST TWEAKS/Registry _ Batch/Disable USB Powersaving.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
!!BEST TWEAKS/Registry _ Batch/EnableFSE.bat
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral6
Sample
!!BEST TWEAKS/Registry _ Batch/EnableFSE.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/# Get Network Drivers/# Get Network Adapter Name.lnk
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral8
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/# Get Network Drivers/# Get Network Adapter Name.lnk
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/# Get Network Drivers/Intel Ethernet Drivers.url
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral10
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/# Get Network Drivers/Intel Ethernet Drivers.url
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/# Get Network Drivers/Intel Wifi Drivers.url
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral12
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/# Get Network Drivers/Intel Wifi Drivers.url
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/# Get Network Drivers/Realtek Ethernet Drivers.url
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral14
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/# Get Network Drivers/Realtek Ethernet Drivers.url
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/1 Disable WUs/2 Disable WUs.cmd
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral16
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/1 Disable WUs/2 Disable WUs.cmd
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/# Revert/PowerShell.lnk
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/# Revert/PowerShell.lnk
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/# Uninstall Apps.lnk
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/# Uninstall Apps.lnk
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall 3D Builder.ps1
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral22
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall 3D Builder.ps1
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall 3D Viewer - Mixed Reality Viewer.ps1
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall 3D Viewer - Mixed Reality Viewer.ps1
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall Alarms and Clock.ps1
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral26
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall Alarms and Clock.ps1
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall Bing Sports.ps1
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall Bing Sports.ps1
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall Calculator.ps1
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall Calculator.ps1
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall Calendar and Mail.ps1
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral32
Sample
!!BEST TWEAKS/Windows Post-Installation Pack/2 Debloat Windows/Safe Method/Uninstall Calendar and Mail.ps1
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
!!BEST TWEAKS/Registry _ Batch/EnableFSE.bat
-
Size
449B
-
MD5
55d6c6bc4bcb289fa38b279abae4cdd5
-
SHA1
1b338d5b1f992e2a44e0a9bd52f6908f4ad44125
-
SHA256
84000ccc7ea1a576cb5a35430b219bccc40b521eaf9befca0f06d3447720d5a3
-
SHA512
a49109c49c52a9aae3738fc20bdd2ab5c990056b985dc0ee42b908f8b97356705b4d6b349c3d4bc4b865d954aed6daf3d03c4f5f7b0b56058ad3e9ee652e0548
Malware Config
Signatures
-
Delays execution with timeout.exe 1 IoCs
pid Process 1448 timeout.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 2452 wrote to memory of 2480 2452 cmd.exe 29 PID 2452 wrote to memory of 2480 2452 cmd.exe 29 PID 2452 wrote to memory of 2480 2452 cmd.exe 29 PID 2452 wrote to memory of 1884 2452 cmd.exe 30 PID 2452 wrote to memory of 1884 2452 cmd.exe 30 PID 2452 wrote to memory of 1884 2452 cmd.exe 30 PID 2452 wrote to memory of 2116 2452 cmd.exe 31 PID 2452 wrote to memory of 2116 2452 cmd.exe 31 PID 2452 wrote to memory of 2116 2452 cmd.exe 31 PID 2452 wrote to memory of 2212 2452 cmd.exe 32 PID 2452 wrote to memory of 2212 2452 cmd.exe 32 PID 2452 wrote to memory of 2212 2452 cmd.exe 32 PID 2452 wrote to memory of 1448 2452 cmd.exe 33 PID 2452 wrote to memory of 1448 2452 cmd.exe 33 PID 2452 wrote to memory of 1448 2452 cmd.exe 33
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\!!BEST TWEAKS\Registry _ Batch\EnableFSE.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Windows\system32\reg.exeReg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d "0" /f2⤵PID:2480
-
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehaviorMode" /t REG_DWORD /d "2" /f2⤵PID:1884
-
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_HonorUserFSEBehaviorMode" /t REG_DWORD /d "1" /f2⤵PID:2116
-
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_DXGIHonorFSEWindowsCompatible" /t REG_DWORD /d "1" /f2⤵PID:2212
-
-
C:\Windows\system32\timeout.exetimeout 52⤵
- Delays execution with timeout.exe
PID:1448
-