yunsip | fea9bc8bcbe46a6763ce2a7ef8a80ce46219b436aa43dadf97c40419ea58a4e1

Analysis

max time kernel
29s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 01:24

Target

fea9bc8bcbe46a6763ce2a7ef8a80ce46219b436aa43dadf97c40419ea58a4e1.dll
Size

868KB
MD5

0c37a3924cfe6bbc97ef7e384f1bbb70
SHA1

42953d75add7af293fe0045df3671eb21dcbc432
SHA256

fea9bc8bcbe46a6763ce2a7ef8a80ce46219b436aa43dadf97c40419ea58a4e1
SHA512

07c76a1dcf756bfb1551d410ab94f5d050124b1748438f1da6a60902a4fbf468a549a7b0b2b8eb15f0c6c00337973a32e76dcc86d45ae95a92f625fe8d7a9659
SSDEEP

12288:jDgN6MoIwT3qOOOOOOOOOOOOOOOOOOOOOOm:jTtT3qOOOOOOOOOOOOOOOOOOOOOOm

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1204	904	rundll32.exe	14
PID 904 wrote to memory of 1204	904	rundll32.exe	14
PID 904 wrote to memory of 1204	904	rundll32.exe	14
PID 904 wrote to memory of 1204	904	rundll32.exe	14
PID 904 wrote to memory of 1204	904	rundll32.exe	14
PID 904 wrote to memory of 1204	904	rundll32.exe	14
PID 904 wrote to memory of 1204	904	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fea9bc8bcbe46a6763ce2a7ef8a80ce46219b436aa43dadf97c40419ea58a4e1.dll,#1
1⤵
PID:1204

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fea9bc8bcbe46a6763ce2a7ef8a80ce46219b436aa43dadf97c40419ea58a4e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904

memory/1204-55-0x0000000075661000-0x0000000075663000-memory.dmp

Filesize
8KB

Download