File name: | Faaster_v3.bat |
Full analysis: | https://app.any.run/tasks/ce38cf10-1347-4aef-b0dd-0d78d1ee63d4 |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 22:06:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | data |
MD5: | 48A39D9846ACB93876995799BF6581CC |
SHA1: | B5C8FD02CC5C1E9801DBFEBDE391E70039A99B7D |
SHA256: | F063EF539AFF78F91A7A664D99175B1880902BD1D15339C3A4E6DAD9497CA474 |
SSDEEP: | 3072:UrgTnp7O7krgTnp7OprgTnp7OIrgTnp7O9rgTnp7OZrgTnp7OBrgTnp7OBrgTnpl:J |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2208 | cmd /c ""C:\Users\admin\AppData\Local\Temp\Faaster_v3.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 3221225786 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2996 | mode 80,60 | C:\Windows\system32\mode.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: DOS Device MODE Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4020 | C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1264 | mode 80,60 | C:\Windows\system32\mode.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: DOS Device MODE Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2488 | findstr /v /a:0c /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "________________________________________________________________________________" nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2540 | msg * ===---III---=== Welcome to ƒaaster Tweaker ===---III---=== | C:\Windows\system32\msg.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Message Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2836 | msg * ===---III---=== ƒaaster Tweaker is Loading... ===---III---=== | C:\Windows\system32\msg.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Message Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3012 | findstr /v /a:0f /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " [" nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1712 | findstr /v /a:0d /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " Version v3.0" nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2220 | findstr /v /a:0f /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " ]" nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Control Panel\Desktop |
Operation: | write | Name: | AutoEndTasks |
Value: 1 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Control Panel\Desktop |
Operation: | write | Name: | HungAppTimeout |
Value: 1000 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Control Panel\Desktop |
Operation: | write | Name: | MenuShowDelay |
Value: 8 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Control Panel\Desktop |
Operation: | write | Name: | WaitToKillAppTimeout |
Value: 2000 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Control Panel\Desktop |
Operation: | write | Name: | LowLevelHooksTimeout |
Value: 1000 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Control Panel\Mouse |
Operation: | write | Name: | MouseHoverTime |
Value: 8 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\________________________________________________________________________________ | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ [ | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ Version v3.0 | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ ] | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ [ | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\Thanks for buying ƒaaster Tweaker admin | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\================================================================================ | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ Tweaker | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ ClearPC | — | |
MD5:— | SHA256:— | |||
2208 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ Regedit Remover | — | |
MD5:— | SHA256:— |