1509db56062fad0a68c96aa84caaac90240b9235e180263f4876af1113d5d506 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 16:25

Sharing

Report Analysis Logs

General

Target

KEY FRP TOOL V1.1/frp.bat
Size

234B
MD5

41bb0dbeb14933436dac6407b1095edb
SHA1

07db0d7f8e76387bdfcc11c7a5b464a2ac99e080
SHA256

1a30973ad3c980e4b5d2324888a0d01d3a9a096f17cffbc54c6f18c901624687
SHA512

98b4c14e417ca8b831d518d6c6f0e639ea89cb805178a941bae762f351824b36006c3291bfd4ae6bda07484491ed59b72c1df944935aa4b8e77ad886faf504f0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 4444	1280	cmd.exe	88
PID 1280 wrote to memory of 4444	1280	cmd.exe	88
PID 1280 wrote to memory of 4444	1280	cmd.exe	88
PID 4444 wrote to memory of 3972	4444	adb.exe	91
PID 4444 wrote to memory of 3972	4444	adb.exe	91
PID 4444 wrote to memory of 3972	4444	adb.exe	91

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\frp.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\adb.exe
  adb wait-for-device
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4444
- - C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\adb.exe
    adb -L tcp:5037 fork-server server --reply-fd 600
    3⤵
    PID:3972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads