a6c637d71147caa571c431d6a49df6c4d737217bdc4679a5b452a290fbc6de50

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 03:21

Target

Samsung_FRP_Bypass_tool_[HardReset.info]/bin/cygwin1.dll
Size

3.2MB
MD5

26dc9423dabf300185c57fc9aee36a38
SHA1

ced29695fb9033e48223ef188a96d8b7d213cbb3
SHA256

aa4e55537722731c64a3ec520d63b02291d8640178c5129df2c1c5c4e8f9c90e
SHA512

76dd2f9fcf06c45403d368e8e07b9c75db0b94f4c862a7d43be6e18717551b027bf01def586b47f0f04e7dfedb622875bb3e5044abd9ac60d17ac08422f5c363
SSDEEP

98304:tZk9IDGbx19Mx0Mr7YaZFt3WG00Khy7wYMe1u4CU5NbWN5obRfhAS:Xk9IueFpVv

Score

1^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 1680	2336	rundll32.exe	30
PID 2336 wrote to memory of 1680	2336	rundll32.exe	30
PID 2336 wrote to memory of 1680	2336	rundll32.exe	30
PID 2336 wrote to memory of 1680	2336	rundll32.exe	30
PID 2336 wrote to memory of 1680	2336	rundll32.exe	30
PID 2336 wrote to memory of 1680	2336	rundll32.exe	30
PID 2336 wrote to memory of 1680	2336	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Samsung_FRP_Bypass_tool_[HardReset.info]\bin\cygwin1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Samsung_FRP_Bypass_tool_[HardReset.info]\bin\cygwin1.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1680

memory/1680-1-0x0000000061000000-0x00000000614F0000-memory.dmp

Filesize
4.9MB

Download