Overview
overview
10Static
static
ScanClient...1C.dll
windows7_x64
1ScanClient...1C.dll
windows10-2004_x64
1ScanClient...l1.dll
windows7_x64
1ScanClient...l1.dll
windows10-2004_x64
1ScanClient...em.dll
windows7_x64
1ScanClient...em.dll
windows10-2004_x64
1ScanClient...rd.dll
windows7_x64
1ScanClient...rd.dll
windows10-2004_x64
1ScanClient...te.lnk
windows7_x64
10ScanClient...te.lnk
windows10-2004_x64
10Analysis
-
max time kernel
4265059s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
14-01-2022 16:01
Static task
static1
Behavioral task
behavioral1
Sample
ScanClientUpdate/KM.EKeyAlmaz1C.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ScanClientUpdate/KM.EKeyAlmaz1C.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
ScanClientUpdate/KM.EKeyCrystal1.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
ScanClientUpdate/KM.EKeyCrystal1.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral5
Sample
ScanClientUpdate/KM.FileSystem.dll
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
ScanClientUpdate/KM.FileSystem.dll
Resource
win10v2004-en-20220112
Behavioral task
behavioral7
Sample
ScanClientUpdate/KM.IDCard.dll
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
ScanClientUpdate/KM.IDCard.dll
Resource
win10v2004-en-20220112
Behavioral task
behavioral9
Sample
ScanClientUpdate/ScanClientUpdate.lnk
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
ScanClientUpdate/ScanClientUpdate.lnk
Resource
win10v2004-en-20220112
General
-
Target
ScanClientUpdate/KM.EKeyCrystal1.dll
-
Size
78KB
-
MD5
c21cccc561ca98da7ec8ef95b48ab8a7
-
SHA1
0fc6747f2bd560326ca40e76babd086420b184a8
-
SHA256
83b3bfd458fd458c6e95a1b580adb5c8b7e0e029468d348ea05879638a9aa243
-
SHA512
35831e39e8e3c1e90d284ffd8afcb60c1c5e84014aef6d02e736257e2f68bdb9c92e1797fcaf167515b52d9be2f5e0dd2d7825a7de6af8d56340d3103536767c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1320 wrote to memory of 3012 1320 rundll32.exe rundll32.exe PID 1320 wrote to memory of 3012 1320 rundll32.exe rundll32.exe PID 1320 wrote to memory of 3012 1320 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.EKeyCrystal1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.EKeyCrystal1.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3012-130-0x0000000000000000-mapping.dmp