Overview
overview
10Static
static
ScanClient...1C.dll
windows7_x64
1ScanClient...1C.dll
windows10-2004_x64
1ScanClient...l1.dll
windows7_x64
1ScanClient...l1.dll
windows10-2004_x64
1ScanClient...em.dll
windows7_x64
1ScanClient...em.dll
windows10-2004_x64
1ScanClient...rd.dll
windows7_x64
1ScanClient...rd.dll
windows10-2004_x64
1ScanClient...te.lnk
windows7_x64
10ScanClient...te.lnk
windows10-2004_x64
10Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
14-01-2022 16:01
Static task
static1
Behavioral task
behavioral1
Sample
ScanClientUpdate/KM.EKeyAlmaz1C.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ScanClientUpdate/KM.EKeyAlmaz1C.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
ScanClientUpdate/KM.EKeyCrystal1.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
ScanClientUpdate/KM.EKeyCrystal1.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral5
Sample
ScanClientUpdate/KM.FileSystem.dll
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
ScanClientUpdate/KM.FileSystem.dll
Resource
win10v2004-en-20220112
Behavioral task
behavioral7
Sample
ScanClientUpdate/KM.IDCard.dll
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
ScanClientUpdate/KM.IDCard.dll
Resource
win10v2004-en-20220112
Behavioral task
behavioral9
Sample
ScanClientUpdate/ScanClientUpdate.lnk
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
ScanClientUpdate/ScanClientUpdate.lnk
Resource
win10v2004-en-20220112
General
-
Target
ScanClientUpdate/KM.EKeyAlmaz1C.dll
-
Size
165KB
-
MD5
021e42c964102fd263d474427ee78193
-
SHA1
8a6227b6db02b8ba278e13ccd6eece907e3657f0
-
SHA256
2fbe9b3eda5da1e2eded989941fdbb4e967245a53231d9c0c9333eb6486215c7
-
SHA512
d517bcb9cfdd4082242ed6a2d12abef54db5fb31da19ce3d91665268a9006a9d9cda69bf28a8395b501df1cc8b22d0968b7af965e8a120c2db6c1f85c2e528e2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1564 wrote to memory of 1680 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1680 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1680 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1680 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1680 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1680 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1680 1564 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.EKeyAlmaz1C.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.EKeyAlmaz1C.dll,#12⤵