Analysis
-
max time kernel
13s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-05-2021 12:47
General
-
Target
981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880.dll
-
Size
852KB
-
MD5
afeef977b427a3de1b104bc3d2d9024a
-
SHA1
877679d55502a2f5d346f694c7939bec894f7fc5
-
SHA256
981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880
-
SHA512
d7726ad5f36cf2e7e9ecad6b2b948cdc8653ffddc5affe36b8bd59fa5d2fcef1e8ba2555ec4c3572e35cdc806913677553e0e900046180c71d997381ad6c9602
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\981f2016fca94ac87569dfa68bd21bb132cee34b6a3cd2b9ac9ca4914c3f1880.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3852-114-0x0000000000000000-mapping.dmp