ae4c8d37a496b43f8974ba8f07f708e22a9570ba0cddc3dc3a36edbccd4d2a20

Analysis

max time kernel
37s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03/04/2023, 00:42

Target

scrcpy-win64-v2.0/scrcpy-console.bat
Size

90B
MD5

4cf35ee151e711be8d8d8ad5e4e929da
SHA1

7c8f5111c968b435dd64fb781806b6dc72a4ea52
SHA256

dc797a0ba51b42e3f965b5368adfa7accbd280aee8efa46f313b69ff8f403e16
SHA512

f33616df6a9dcc92b463a690928e88be65a229b72ad933243d4c56966ea44644e13df26faf170852a0ad79f6fa0cf22f44855a3c6b1990bac046940f3b2da5d2

Score

1^/10

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 932	2040	cmd.exe	29
PID 2040 wrote to memory of 932	2040	cmd.exe	29
PID 2040 wrote to memory of 932	2040	cmd.exe	29
PID 932 wrote to memory of 912	932	scrcpy.exe	30
PID 932 wrote to memory of 912	932	scrcpy.exe	30
PID 932 wrote to memory of 912	932	scrcpy.exe	30
PID 932 wrote to memory of 912	932	scrcpy.exe	30
PID 912 wrote to memory of 888	912	adb.exe	31
PID 912 wrote to memory of 888	912	adb.exe	31
PID 912 wrote to memory of 888	912	adb.exe	31
PID 912 wrote to memory of 888	912	adb.exe	31
PID 932 wrote to memory of 304	932	scrcpy.exe	32
PID 932 wrote to memory of 304	932	scrcpy.exe	32
PID 932 wrote to memory of 304	932	scrcpy.exe	32
PID 932 wrote to memory of 304	932	scrcpy.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\scrcpy-win64-v2.0\scrcpy-console.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\scrcpy-win64-v2.0\scrcpy.exe
  scrcpy.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:932
- - C:\Users\Admin\AppData\Local\Temp\scrcpy-win64-v2.0\adb.exe
    adb start-server
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\scrcpy-win64-v2.0\adb.exe
      adb -L tcp:5037 fork-server server --reply-fd 240
      4⤵
      PID:888
- - C:\Users\Admin\AppData\Local\Temp\scrcpy-win64-v2.0\adb.exe
    adb devices -l
    3⤵
    PID:304

memory/932-57-0x000000013F260000-0x000000013F36D000-memory.dmp

Filesize
1.1MB

Download
memory/932-58-0x000007FEF6880000-0x000007FEF6AEE000-memory.dmp

Filesize
2.4MB

Download
memory/932-59-0x000007FEF63C0000-0x000007FEF6719000-memory.dmp

Filesize
3.3MB

Download
memory/932-60-0x000007FEFB0B0000-0x000007FEFB0DA000-memory.dmp

Filesize
168KB

Download
memory/932-61-0x000007FEF61B0000-0x000007FEF63B3000-memory.dmp

Filesize
2.0MB

Download
memory/932-62-0x000007FEFB020000-0x000007FEFB047000-memory.dmp

Filesize
156KB

Download
memory/932-63-0x000007FEFAE00000-0x000007FEFAE84000-memory.dmp

Filesize
528KB

Download
memory/932-64-0x0000000070980000-0x00000000709B4000-memory.dmp

Filesize
208KB

Download