Analysis

  • max time kernel
    116s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2022 01:25

General

  • Target

    c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b.dll

  • Size

    241KB

  • MD5

    0a00b06a4f398dbe2b7c3ab635f1d291

  • SHA1

    51e6117d50393f2e1a0237258e97064fe51472cc

  • SHA256

    c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b

  • SHA512

    140ea817218a920903df480a6dc1f9829cb6fe3ca3e6a23a750a823a26cac4d808f50f8a9ff718b8c484bc91509fca51f2301d59ca5d87a36ae0b2454b089d84

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0f:jDgtfRQUHPw06MoV2nwTBlhm8n

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b.dll,#1
      2⤵
        PID:4812

    Network

      No results found
    • 72.21.91.29:80
      46 B
      40 B
      1
      1
    • 20.73.194.208:443
    • 72.21.81.240:80
    • 40.126.31.73:443
    • 72.21.81.240:80
    • 20.189.173.13:443
    • 52.109.13.63:443
    • 72.21.91.29:80
    • 52.152.110.14:443
    • 40.126.31.73:443
    • 104.80.225.205:443
    • 95.101.78.82:80
    • 95.101.78.82:80
    • 209.197.3.8:80
    • 52.152.110.14:443
    • 20.190.159.68:443
    • 52.152.110.14:443
    • 72.21.81.240:80
    • 20.190.159.73:443
    • 52.242.97.97:443
    • 40.127.240.158:443
    • 40.125.122.176:443
    • 40.125.122.176:443
    • 209.197.3.8:80
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.