Overview

overview

10

Static

static

b7d83dd34f...62.dll

windows7_x64

10

b7d83dd34f...62.dll

windows10_x64

10

Analysis

  • max time kernel
    61s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-11-2020 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62.dll

  • Size

    729KB

  • MD5

    eb13bd884b6f3b2f3968c1ade3357605

  • SHA1

    f5cfe567e9020cd15357b0e8cc9517d4cd09f20e

  • SHA256

    b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62

  • SHA512

    6846b07eaaa0a0a134b0e80c42f84abb1ec89d947622e177d8ca82ce328a768ce50c5c2dfc0b46c8d117ffa66d7d0e2a6c6761abaa052d1259fc7370b7cc11e6

Score
10/10
yunsipbankertrojan

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

    trojanbankeryunsip
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3408
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7d83dd34fcb48d543d7dbc5cef52b040609dbf831754ec3318e2c6197b20c62.dll,#1
      2⤵
        PID:3332

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3332-0-0x0000000000000000-mapping.dmp
      Download