b0aec18f1777269542cf6c7d0e917b5f4be2176c957db62424e7c551f1f2dd59

Analysis

max time kernel
3s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22/08/2024, 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Optimizar Nvidia.bat
Size

4KB
MD5

ac9748be9dc4f4658366ffca1b6f7617
SHA1

1d577ee5e6f93a83dd53f0d5bff147ad31372051
SHA256

b0aec18f1777269542cf6c7d0e917b5f4be2176c957db62424e7c551f1f2dd59
SHA512

85196dd9d467170bbd3417c7cbe1587ea2298040ecedd473b55735bb86bc66896e0b8911417a6d0c5c0c62ccb332185aceccee4e6dba1cf0157caabd4c280d5f
SSDEEP

48:EeQtVIMfRFV8Dlf3prg94X4dKpapQ/d7vKJjpjvqprqIHxQ:7C74aoq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 1940	2564	cmd.exe	83
PID 2564 wrote to memory of 1940	2564	cmd.exe	83
PID 2564 wrote to memory of 1056	2564	cmd.exe	84
PID 2564 wrote to memory of 1056	2564	cmd.exe	84
PID 2564 wrote to memory of 5040	2564	cmd.exe	85
PID 2564 wrote to memory of 5040	2564	cmd.exe	85
PID 2564 wrote to memory of 1560	2564	cmd.exe	86
PID 2564 wrote to memory of 1560	2564	cmd.exe	86
PID 2564 wrote to memory of 2596	2564	cmd.exe	87
PID 2564 wrote to memory of 2596	2564	cmd.exe	87
PID 2564 wrote to memory of 2224	2564	cmd.exe	88
PID 2564 wrote to memory of 2224	2564	cmd.exe	88
PID 2564 wrote to memory of 2728	2564	cmd.exe	89
PID 2564 wrote to memory of 2728	2564	cmd.exe	89
PID 2564 wrote to memory of 4304	2564	cmd.exe	90
PID 2564 wrote to memory of 4304	2564	cmd.exe	90
PID 2564 wrote to memory of 1980	2564	cmd.exe	91
PID 2564 wrote to memory of 1980	2564	cmd.exe	91
PID 2564 wrote to memory of 1868	2564	cmd.exe	92
PID 2564 wrote to memory of 1868	2564	cmd.exe	92
PID 2564 wrote to memory of 3972	2564	cmd.exe	93
PID 2564 wrote to memory of 3972	2564	cmd.exe	93
PID 2564 wrote to memory of 232	2564	cmd.exe	94
PID 2564 wrote to memory of 232	2564	cmd.exe	94
PID 2564 wrote to memory of 3460	2564	cmd.exe	95
PID 2564 wrote to memory of 3460	2564	cmd.exe	95

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Optimizar Nvidia.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\system32\chcp.com
  chcp 437
  2⤵
  PID:1940
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:1056
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "QosManagesIdleProcessors" /t REG_DWORD /d "0" /f
  2⤵
  PID:5040
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InitialUnparkCount" /t REG_DWORD /d "100" /f
  2⤵
  PID:1560
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f
  2⤵
  PID:2596
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f
  2⤵
  PID:2224
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f
  2⤵
  PID:2728
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f
  2⤵
  PID:4304
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
  2⤵
  PID:1980
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\NVTweak" /v "DisplayPowerSaving" /t Reg_DWORD /d "0" /f
  2⤵
  PID:1868
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "EnergyEstimationEnabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:3972
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\ControlSet001\Services\nvlddmkm\Global\NVTweak" /v "DisplayPowerSaving" /t REG_DWORD /d "0" /f
  2⤵
  PID:232
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\NVIDIA Corporation\Global\NVTweak" /v "DisplayPowerSaving" /t REG_DWORD /d "0" /f
  2⤵
  PID:3460

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads