Overview

overview

10

Static

static

a57f21da27...bf.dll

windows7_x64

10

a57f21da27...bf.dll

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    18-05-2021 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll

  • Size

    1002KB

  • MD5

    3dfa424e87ef1785685fd60f77403568

  • SHA1

    5e7907151feafab5674b68c352eb607799de3302

  • SHA256

    a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf

  • SHA512

    471a83da4f42f224cc3ceb5b95bb9bdc934ecee5f2e715dae3313aaf4ad58a864082e603da0af0b6c20c749bcaa963b05fc6dc368df4b392a81ecc9f40cf4ada

Score
10/10
yunsipbankertrojan

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

    trojanbankeryunsip
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4048
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll,#1
      2⤵
        PID:3940

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3940-114-0x0000000000000000-mapping.dmp
      Download