64ae1e92920768b17b0adef22b5a61bf82c83c5deb2ab6f24b3829bf25581d37

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 04:53

Target

Android/scrcpy.bat
Size

33B
MD5

2afb0fa8000ac7d2dd07ca2f320ba4bb
SHA1

5bf43cbf5e090b66559dda41c692549b7c2f6c5c
SHA256

282e5bdeaf1315e9dfaef1ca3fcbd49fbe658b169f4a6eeba202a652e99d4185
SHA512

89732225ddf7b2b4a4b76e3156f56fb91d952fcafd90e3b2c7acb6026f6b3f55a96af7af184bb47ebb4a69b06000198505e27a9e6a6c916d801eb59fcb5fca29

Score

1^/10

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2304	adb.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2304	2976	cmd.exe	29
PID 2976 wrote to memory of 2304	2976	cmd.exe	29
PID 2976 wrote to memory of 2304	2976	cmd.exe	29
PID 2976 wrote to memory of 2304	2976	cmd.exe	29
PID 2304 wrote to memory of 2540	2304	adb.exe	30
PID 2304 wrote to memory of 2540	2304	adb.exe	30
PID 2304 wrote to memory of 2540	2304	adb.exe	30
PID 2304 wrote to memory of 2540	2304	adb.exe	30
PID 2976 wrote to memory of 296	2976	cmd.exe	31
PID 2976 wrote to memory of 296	2976	cmd.exe	31
PID 2976 wrote to memory of 296	2976	cmd.exe	31
PID 296 wrote to memory of 3020	296	scrcpy.exe	32
PID 296 wrote to memory of 3020	296	scrcpy.exe	32
PID 296 wrote to memory of 3020	296	scrcpy.exe	32
PID 296 wrote to memory of 3020	296	scrcpy.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Android\scrcpy.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Users\Admin\AppData\Local\Temp\Android\adb.exe
  adb devices
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Android\adb.exe
    adb -L tcp:5037 fork-server server --reply-fd 244
    3⤵
    PID:2540
- C:\Users\Admin\AppData\Local\Temp\Android\scrcpy.exe
  scrcpy
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:296
- - C:\Users\Admin\AppData\Local\Temp\Android\adb.exe
    adb push scrcpy-server.jar /data/local/tmp/scrcpy-server.jar
    3⤵
    PID:3020

memory/296-5-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/296-6-0x000000006C740000-0x000000006C891000-memory.dmp

Filesize
1.3MB

Download
memory/296-7-0x000007FEF7010000-0x000007FEF70C7000-memory.dmp

Filesize
732KB

Download
memory/296-8-0x000007FEF5FE0000-0x000007FEF65BF000-memory.dmp

Filesize
5.9MB

Download
memory/296-9-0x000007FEF29A0000-0x000007FEF5FD9000-memory.dmp

Filesize
54.2MB

Download
memory/296-10-0x000007FEF6F70000-0x000007FEF7009000-memory.dmp

Filesize
612KB

Download
memory/2304-3-0x0000000000400000-0x00000000005D7000-memory.dmp

Filesize
1.8MB

Download
memory/2540-11-0x0000000000400000-0x00000000005D7000-memory.dmp

Filesize
1.8MB

Download
memory/2540-12-0x0000000000400000-0x00000000005D7000-memory.dmp

Filesize
1.8MB

Download
memory/3020-4-0x0000000000400000-0x00000000005D7000-memory.dmp

Filesize
1.8MB

Download