1509db56062fad0a68c96aa84caaac90240b9235e180263f4876af1113d5d506

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 16:25

Target

KEY FRP TOOL V1.1/frp.bat
Size

234B
MD5

41bb0dbeb14933436dac6407b1095edb
SHA1

07db0d7f8e76387bdfcc11c7a5b464a2ac99e080
SHA256

1a30973ad3c980e4b5d2324888a0d01d3a9a096f17cffbc54c6f18c901624687
SHA512

98b4c14e417ca8b831d518d6c6f0e639ea89cb805178a941bae762f351824b36006c3291bfd4ae6bda07484491ed59b72c1df944935aa4b8e77ad886faf504f0

Score

1^/10

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2228	adb.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2228	2164	cmd.exe	29
PID 2164 wrote to memory of 2228	2164	cmd.exe	29
PID 2164 wrote to memory of 2228	2164	cmd.exe	29
PID 2164 wrote to memory of 2228	2164	cmd.exe	29
PID 2228 wrote to memory of 1692	2228	adb.exe	30
PID 2228 wrote to memory of 1692	2228	adb.exe	30
PID 2228 wrote to memory of 1692	2228	adb.exe	30
PID 2228 wrote to memory of 1692	2228	adb.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\frp.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\adb.exe
  adb wait-for-device
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\adb.exe
    adb -L tcp:5037 fork-server server --reply-fd 240
    3⤵
    PID:1692