Analysis

  • max time kernel
    171s
  • max time network
    236s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2022 00:11

General

  • Target

    ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll

  • Size

    316KB

  • MD5

    906bfb685a68444886c6986539960040

  • SHA1

    2c646fd86f23560539ac1f2b76dab165181e1bcb

  • SHA256

    ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421

  • SHA512

    61785dfc5fb244557f97bf6f60fbf51cf86c5698d8e44f1de4a4840edbf7a0e4222a8de81062cbe4ba7134f4b5484dd67934198c99ce8930c122790469c06852

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0/:jDgtfRQUHPw06MoV2nwTBlhm83

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll,#1
      2⤵
        PID:1028

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1028-132-0x0000000000000000-mapping.dmp