Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7KEY FRP TO...pi.dll
windows7-x64
3KEY FRP TO...pi.dll
windows10-2004-x64
3KEY FRP TO...pi.dll
windows7-x64
1KEY FRP TO...pi.dll
windows10-2004-x64
3KEY FRP TO....1.exe
windows7-x64
3KEY FRP TO....1.exe
windows10-2004-x64
3KEY FRP TO...db.exe
windows7-x64
1KEY FRP TO...db.exe
windows10-2004-x64
1KEY FRP TO...rp.bat
windows7-x64
1KEY FRP TO...rp.bat
windows10-2004-x64
1KEY FRP TO...rp.bin
debian-9-armhf
1Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23/02/2024, 16:25
Behavioral task
behavioral1
Sample
KEY FRP TOOL V1.1/AdbWinApi.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
KEY FRP TOOL V1.1/AdbWinApi.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
KEY FRP TOOL V1.1/AdbWinUsbApi.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
KEY FRP TOOL V1.1/AdbWinUsbApi.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
KEY FRP TOOL V1.1/KEY FRP TOOL V1.1.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
KEY FRP TOOL V1.1/KEY FRP TOOL V1.1.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
KEY FRP TOOL V1.1/adb.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
KEY FRP TOOL V1.1/adb.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
KEY FRP TOOL V1.1/frp.bat
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
KEY FRP TOOL V1.1/frp.bat
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
KEY FRP TOOL V1.1/frp.bin
Resource
debian9-armhf-20240221-en
General
-
Target
KEY FRP TOOL V1.1/frp.bat
-
Size
234B
-
MD5
41bb0dbeb14933436dac6407b1095edb
-
SHA1
07db0d7f8e76387bdfcc11c7a5b464a2ac99e080
-
SHA256
1a30973ad3c980e4b5d2324888a0d01d3a9a096f17cffbc54c6f18c901624687
-
SHA512
98b4c14e417ca8b831d518d6c6f0e639ea89cb805178a941bae762f351824b36006c3291bfd4ae6bda07484491ed59b72c1df944935aa4b8e77ad886faf504f0
Malware Config
Signatures
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
pid Process 2228 adb.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2228 2164 cmd.exe 29 PID 2164 wrote to memory of 2228 2164 cmd.exe 29 PID 2164 wrote to memory of 2228 2164 cmd.exe 29 PID 2164 wrote to memory of 2228 2164 cmd.exe 29 PID 2228 wrote to memory of 1692 2228 adb.exe 30 PID 2228 wrote to memory of 1692 2228 adb.exe 30 PID 2228 wrote to memory of 1692 2228 adb.exe 30 PID 2228 wrote to memory of 1692 2228 adb.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\frp.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\adb.exeadb wait-for-device2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Users\Admin\AppData\Local\Temp\KEY FRP TOOL V1.1\adb.exeadb -L tcp:5037 fork-server server --reply-fd 2403⤵PID:1692
-
-