yunsip | 9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 15:05

Target

9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766.dll
Size

346KB
MD5

05cde7fe4b14f2af2fee9040942ba4cc
SHA1

dab6b16ce7b4fc668518f8002e690b79b4264675
SHA256

9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766
SHA512

8bf586730cb3a0d74c137600b9c32225ac7cca1eb5d13da5e22d148bb64b52574d4fc0a67776320012c01428d0d8a5a8484eb55849de93739d231d3af5dc8c26
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q09:jDgtfRQUHPw06MoV2nwTBlhm8V

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766.dll,#1
  2⤵
  PID:1968

memory/1968-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download