Overview
overview
5Static
static
3Samsung_FR...o].exe
windows7-x64
5Samsung_FR...o].exe
windows10-2004-x64
5Samsung_FR...-1.dll
windows7-x64
1Samsung_FR...-1.dll
windows10-2004-x64
1Samsung_FR....0.dll
windows7-x64
1Samsung_FR....0.dll
windows10-2004-x64
1Samsung_FR...n1.dll
windows7-x64
1Samsung_FR...n1.dll
windows10-2004-x64
1Samsung_FR...dk.exe
windows7-x64
1Samsung_FR...dk.exe
windows10-2004-x64
1Samsung_FR...09.dll
windows7-x64
1Samsung_FR...09.dll
windows10-2004-x64
1Samsung_FR...86.dll
windows7-x64
1Samsung_FR...86.dll
windows10-2004-x64
1Samsung_FR...b0.dll
windows7-x64
1Samsung_FR...b0.dll
windows10-2004-x64
1Samsung_FR...b0.sys
windows7-x64
1Samsung_FR...b0.sys
windows10-2004-x64
1Samsung_FR...86.exe
windows7-x64
1Samsung_FR...86.exe
windows10-2004-x64
1Samsung_FR...bK.dll
windows7-x64
1Samsung_FR...bK.dll
windows10-2004-x64
1Samsung_FR...bK.sys
windows7-x64
1Samsung_FR...bK.sys
windows10-2004-x64
1Samsung_FR...86.dll
windows7-x64
1Samsung_FR...86.dll
windows10-2004-x64
1Samsung_FR...r2.dll
windows7-x64
1Samsung_FR...r2.dll
windows10-2004-x64
1Samsung_FR...64.exe
windows7-x64
1Samsung_FR...64.exe
windows10-2004-x64
1Samsung_FR...86.exe
windows7-x64
1Samsung_FR...86.exe
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26/03/2024, 03:21
Static task
static1
Behavioral task
behavioral1
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/SamsungFrp2020_[HardReset.info].exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/SamsungFrp2020_[HardReset.info].exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/cyggcc_s-1.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/cyggcc_s-1.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/cygusb-1.0.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/cygusb-1.0.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/cygwin1.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/cygwin1.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/linux-adk.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/linux-adk.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/WdfCoInstaller01009.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/WdfCoInstaller01009.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusb-1.0_x86.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusb-1.0_x86.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusb0.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral16
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusb0.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusb0.sys
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusb0.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusb0_x86.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusb0_x86.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusbK.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusbK.dll
Resource
win10v2004-20240319-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusbK.sys
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral24
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusbK.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusbK_x86.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/libusbK_x86.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/winusbcoinstaller2.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral28
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/amd64/winusbcoinstaller2.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/install_x64.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/install_x64.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/install_x86.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
Samsung_FRP_Bypass_tool_[HardReset.info]/drivers/install_x86.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
Samsung_FRP_Bypass_tool_[HardReset.info]/bin/cyggcc_s-1.dll
-
Size
109KB
-
MD5
d6c813d4571c2957ba9e5bc652f80966
-
SHA1
8773c9b63715b095699bdae47da43c6ed61ba4d0
-
SHA256
6e928df3452d150df15308977fe24f7c004e49f9d73070313029ec330c06f51c
-
SHA512
3605d46a9e698935896989d74f7bf279d1615986069e4f70bebbe2ae5f17c389c938163a5e501be8c56cbfc4ffc273bad79da56c2ac0655b2404e3bae22e89e0
-
SSDEEP
3072:vJzW5hXNdCee3oMdneEv0imF0YX8NsHaMl2:RzW5h/CeepeEKVks6Mk
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 5028 rundll32.exe Token: SeBackupPrivilege 5028 rundll32.exe Token: SeDebugPrivilege 5028 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3132 wrote to memory of 5028 3132 rundll32.exe 89 PID 3132 wrote to memory of 5028 3132 rundll32.exe 89 PID 3132 wrote to memory of 5028 3132 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Samsung_FRP_Bypass_tool_[HardReset.info]\bin\cyggcc_s-1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3132 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Samsung_FRP_Bypass_tool_[HardReset.info]\bin\cyggcc_s-1.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
PID:5028
-