Overview
overview
10Static
static
ScanClient...1C.dll
windows7_x64
1ScanClient...1C.dll
windows10-2004_x64
1ScanClient...l1.dll
windows7_x64
1ScanClient...l1.dll
windows10-2004_x64
1ScanClient...em.dll
windows7_x64
1ScanClient...em.dll
windows10-2004_x64
1ScanClient...rd.dll
windows7_x64
1ScanClient...rd.dll
windows10-2004_x64
1ScanClient...te.lnk
windows7_x64
10ScanClient...te.lnk
windows10-2004_x64
10Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
14-01-2022 16:01
Static task
static1
Behavioral task
behavioral1
Sample
ScanClientUpdate/KM.EKeyAlmaz1C.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ScanClientUpdate/KM.EKeyAlmaz1C.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
ScanClientUpdate/KM.EKeyCrystal1.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
ScanClientUpdate/KM.EKeyCrystal1.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral5
Sample
ScanClientUpdate/KM.FileSystem.dll
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
ScanClientUpdate/KM.FileSystem.dll
Resource
win10v2004-en-20220112
Behavioral task
behavioral7
Sample
ScanClientUpdate/KM.IDCard.dll
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
ScanClientUpdate/KM.IDCard.dll
Resource
win10v2004-en-20220112
Behavioral task
behavioral9
Sample
ScanClientUpdate/ScanClientUpdate.lnk
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
ScanClientUpdate/ScanClientUpdate.lnk
Resource
win10v2004-en-20220112
General
-
Target
ScanClientUpdate/KM.IDCard.dll
-
Size
224KB
-
MD5
f7fa5d0c24b508e4be1bd11ad15a7971
-
SHA1
d0efe19b25d1cf63ab131653e60c6fbae5271df5
-
SHA256
44f79ddc089fbcd5325f7786389b22dd99cdaa0c5d0857248f78a3f9abd542d0
-
SHA512
70cfbeb64728c14d38661264d5c422e36162a56805f7d20f5b288346e87394724b00b079f6145c2cc75bf2598a2796184092c7f0e6e92af30ec03e94f933414b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1776 wrote to memory of 1220 1776 rundll32.exe rundll32.exe PID 1776 wrote to memory of 1220 1776 rundll32.exe rundll32.exe PID 1776 wrote to memory of 1220 1776 rundll32.exe rundll32.exe PID 1776 wrote to memory of 1220 1776 rundll32.exe rundll32.exe PID 1776 wrote to memory of 1220 1776 rundll32.exe rundll32.exe PID 1776 wrote to memory of 1220 1776 rundll32.exe rundll32.exe PID 1776 wrote to memory of 1220 1776 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.IDCard.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ScanClientUpdate\KM.IDCard.dll,#12⤵