yunsip | 74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872

Analysis

max time kernel
147s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08-11-2022 16:16

Target

74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872.dll
Size

486KB
MD5

032928848596677ee373af532466e560
SHA1

fd295d4757a30ff8448c2b65ab4b433f97412558
SHA256

74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872
SHA512

83fd62e8c19c6ccbffd048b69e06de5e1570c194fb0551232a054e2559d28bbd2c1622dadb388494af708d4103b7700818ae1c307f592da5aabc38c7f2b470f2
SSDEEP

3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZD0:o6C5AXbMn7UI1FoV2gwTBlrIckPe

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 1132	924	rundll32.exe	77
PID 924 wrote to memory of 1132	924	rundll32.exe	77
PID 924 wrote to memory of 1132	924	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872.dll,#1
  2⤵
  PID:1132