Analysis

  • max time kernel
    40s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2022 21:20

General

  • Target

    82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a.dll

  • Size

    832KB

  • MD5

    4016ab60cce0601d0a2f54c067a1afe0

  • SHA1

    98c553eb636064a4e971507a06cc7dd15fd0c9ef

  • SHA256

    82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a

  • SHA512

    5cd1112408522283d0e6c55537ecad044f160ee502086c576c216c487df74920394d95976261c09d13548a98990437ba20bba993f15d21fb67d548064ce74295

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q04:jDgtfRQUHPw06MoV2nwTBlhm8w

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a.dll,#1
      2⤵
        PID:544

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/544-54-0x0000000000000000-mapping.dmp

    • memory/544-55-0x0000000076151000-0x0000000076153000-memory.dmp

      Filesize

      8KB