46f18091cf10d22dfb79b372c9c0d44f3547ec2fb9f0f7c772ef08b33ed53a83 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-en-20211208
submitted
14-01-2022 16:01

Sharing

Report Analysis Logs

General

Target

ScanClientUpdate/KM.EKeyAlmaz1C.dll
Size

165KB
MD5

021e42c964102fd263d474427ee78193
SHA1

8a6227b6db02b8ba278e13ccd6eece907e3657f0
SHA256

2fbe9b3eda5da1e2eded989941fdbb4e967245a53231d9c0c9333eb6486215c7
SHA512

d517bcb9cfdd4082242ed6a2d12abef54db5fb31da19ce3d91665268a9006a9d9cda69bf28a8395b501df1cc8b22d0968b7af965e8a120c2db6c1f85c2e528e2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1564 wrote to memory of 1680	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1680	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1680	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1680	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1680	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1680	1564	rundll32.exe	rundll32.exe
PID 1564 wrote to memory of 1680	1564	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.EKeyAlmaz1C.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1564

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.EKeyAlmaz1C.dll,#1
2⤵
PID:1680

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-54-0x0000000000000000-mapping.dmp

Download
memory/1680-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download