yunsip | cc56e26ebf7a9c4896dfc0e57e113c66d0f45755b3618c29365baf1777139435

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 15:05

Target

cc56e26ebf7a9c4896dfc0e57e113c66d0f45755b3618c29365baf1777139435.dll
Size

547KB
MD5

0df1af9153c36b0ee76ee0a174f47b00
SHA1

b62d3f6518d3786defcf20e523eac6afac24f5e2
SHA256

cc56e26ebf7a9c4896dfc0e57e113c66d0f45755b3618c29365baf1777139435
SHA512

784c95901bfc030cb2557b5de1c4ee6f0e7f27a92c628c528e5593f022a57ffc0859fdabc6fcb0d94fa748f7605b160e238a9e4fdf6d84ffec2f7101d617e46b
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0f:jDgtfRQUHPw06MoV2nwTBlhm8n

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 388	2200	rundll32.exe	80
PID 2200 wrote to memory of 388	2200	rundll32.exe	80
PID 2200 wrote to memory of 388	2200	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc56e26ebf7a9c4896dfc0e57e113c66d0f45755b3618c29365baf1777139435.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc56e26ebf7a9c4896dfc0e57e113c66d0f45755b3618c29365baf1777139435.dll,#1
  2⤵
  PID:388