109426ad13c1d5fb387faee9bf5350f893eb34268c1827d4828d157785f367db

Analysis

max time kernel
174s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 12:11

Target

驱动教程ROOT/A60-Tools-v2.exe
Size

93KB
MD5

bb5b2c080f9ef1bcfa10be0540115f27
SHA1

e3d0087a4ceffcdaf6f6bbe489a5f0fe88a7818c
SHA256

5eb7531f677f67e6a0eff5d245cc811d6f04edc6e17df48fd43a7ec0f491f966
SHA512

25e5e38bbe533719fab3fe367396f2389214b647e07ace6a0e79d99e14d6f3bbf8d2ff9615292554b6bd1bc2040b99d2404d555f4c7937c0460c0535c7cf2d06
SSDEEP

1536:vQQ2aTmzPfYPpIGmMQ5qwsVHYDP2KaruZUp8gPLiv9tUHx:vQQ2aS7u7XQ5qTx+P2KarJpxiv9tqx

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2752	2816	A60-Tools-v2.exe	28
PID 2816 wrote to memory of 2752	2816	A60-Tools-v2.exe	28
PID 2816 wrote to memory of 2752	2816	A60-Tools-v2.exe	28
PID 2816 wrote to memory of 2752	2816	A60-Tools-v2.exe	28

C:\Users\Admin\AppData\Local\Temp\驱动教程ROOT\A60-Tools-v2.exe
"C:\Users\Admin\AppData\Local\Temp\驱动教程ROOT\A60-Tools-v2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\281E3BA.bat" "C:\Users\Admin\AppData\Local\Temp\????ROOT\A60-Tools-v2.exe""
  2⤵
  PID:2752

C:\Users\Admin\AppData\Local\Temp\281E3BA.bat

Filesize
5KB

MD5
d5f5de44d12e7fea1b2aa20f570e3158

SHA1
004385c095e73716736c1ededb410c6cd9b0e957

SHA256
f63c29e6c5c5c86c2bd48dc6d8e49208a00b6ce80b4442420ebd32649e756cf2

SHA512
081f5e92139eb46d170fd360ad113800dfe9a133bb688ae5505cc839de67bc3efed8afb084b8d85b214322b48dcf7bb208508bc034d4210d82a513ba795257df

Download Submit
memory/2816-3-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download