Overview
overview
10Static
static
ScanClient...1C.dll
windows7_x64
1ScanClient...1C.dll
windows10-2004_x64
1ScanClient...l1.dll
windows7_x64
1ScanClient...l1.dll
windows10-2004_x64
1ScanClient...em.dll
windows7_x64
1ScanClient...em.dll
windows10-2004_x64
1ScanClient...rd.dll
windows7_x64
1ScanClient...rd.dll
windows10-2004_x64
1ScanClient...te.lnk
windows7_x64
10ScanClient...te.lnk
windows10-2004_x64
10Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
14-01-2022 16:01
Static task
static1
Behavioral task
behavioral1
Sample
ScanClientUpdate/KM.EKeyAlmaz1C.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ScanClientUpdate/KM.EKeyAlmaz1C.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
ScanClientUpdate/KM.EKeyCrystal1.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
ScanClientUpdate/KM.EKeyCrystal1.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral5
Sample
ScanClientUpdate/KM.FileSystem.dll
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
ScanClientUpdate/KM.FileSystem.dll
Resource
win10v2004-en-20220112
Behavioral task
behavioral7
Sample
ScanClientUpdate/KM.IDCard.dll
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
ScanClientUpdate/KM.IDCard.dll
Resource
win10v2004-en-20220112
Behavioral task
behavioral9
Sample
ScanClientUpdate/ScanClientUpdate.lnk
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
ScanClientUpdate/ScanClientUpdate.lnk
Resource
win10v2004-en-20220112
General
-
Target
ScanClientUpdate/KM.FileSystem.dll
-
Size
282KB
-
MD5
66534e53d8751a24a767221fed01268d
-
SHA1
fc781887fd0579044bbf783e6c408eb0eea43485
-
SHA256
3b94cc71c325f9068105b9e7d5c9667b1de2bde85b7abc5b29ff649fd54715c4
-
SHA512
1f1b784b280bc34761ae93893ae7d95ebc6e5515542f153df7c91b00adfa796b3b2bee1a5857e0bb07d13c93b4df0eec3e1fd85911c79153b2d6c824a3a79369
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 944 wrote to memory of 964 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 964 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 964 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 964 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 964 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 964 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 964 944 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.FileSystem.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.FileSystem.dll,#12⤵