46f18091cf10d22dfb79b372c9c0d44f3547ec2fb9f0f7c772ef08b33ed53a83 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211208
submitted
14-01-2022 16:01

Sharing

Report Analysis Logs

General

Target

ScanClientUpdate/KM.FileSystem.dll
Size

282KB
MD5

66534e53d8751a24a767221fed01268d
SHA1

fc781887fd0579044bbf783e6c408eb0eea43485
SHA256

3b94cc71c325f9068105b9e7d5c9667b1de2bde85b7abc5b29ff649fd54715c4
SHA512

1f1b784b280bc34761ae93893ae7d95ebc6e5515542f153df7c91b00adfa796b3b2bee1a5857e0bb07d13c93b4df0eec3e1fd85911c79153b2d6c824a3a79369

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 944 wrote to memory of 964	944	rundll32.exe	rundll32.exe
PID 944 wrote to memory of 964	944	rundll32.exe	rundll32.exe
PID 944 wrote to memory of 964	944	rundll32.exe	rundll32.exe
PID 944 wrote to memory of 964	944	rundll32.exe	rundll32.exe
PID 944 wrote to memory of 964	944	rundll32.exe	rundll32.exe
PID 944 wrote to memory of 964	944	rundll32.exe	rundll32.exe
PID 944 wrote to memory of 964	944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.FileSystem.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.FileSystem.dll,#1
2⤵
PID:964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x0000000000000000-mapping.dmp

Download
memory/964-55-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download