e7a092b0cef73c26119d5e638a8016f3f40ba2269cf66e0746c7b6356c1798f0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 06:54

Target

KingRoot PC 1.5Beta/install-root.bat
Size

255B
MD5

b4c8c9780429b6e66875849b7f9bfaca
SHA1

23bb0fc1ea3de918789c95d98efa563571633b35
SHA256

8a9846b37e85e0cae2a450e020d4019f6d92110f6f6712afd1238127eb96e400
SHA512

7020379fac2435caeda41a5f27865cb36f38681a564dfb284c99a48f3e0bc697b8fe41f60bbe3eca1e134d05d39e443ccafef4e5d6559c8e0a267805ddd5c849

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 992	2288	cmd.exe	89
PID 2288 wrote to memory of 992	2288	cmd.exe	89
PID 2288 wrote to memory of 992	2288	cmd.exe	89
PID 992 wrote to memory of 776	992	adb.exe	93
PID 992 wrote to memory of 776	992	adb.exe	93
PID 992 wrote to memory of 776	992	adb.exe	93

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KingRoot PC 1.5Beta\install-root.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\KingRoot PC 1.5Beta\adb.exe
  adb wait-for-device
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:992
- - C:\Users\Admin\AppData\Local\Temp\KingRoot PC 1.5Beta\adb.exe
    adb fork-server server
    3⤵
    PID:776

memory/776-1-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/776-3-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/776-5-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/776-7-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/992-0-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download