Overview

overview

10

Static

static

08b181ad19...a7.dll

windows7-x64

10

08b181ad19...a7.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-11-2022 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7.dll

  • Size

    746KB

  • MD5

    07cc0b8a5f5595167b3ff62221770b10

  • SHA1

    76fb49e567cbbfa1c6bd9404b64cfb530a9af089

  • SHA256

    08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7

  • SHA512

    87ecba8b9332bb96c661c3a70920089123654b23b5900cd8287004c7a1f6db2209f05373889e42d6ba9025cdcb865d025a479ec01879ea7dbc5156549bec1969

  • SSDEEP

    6144:jDgtfRQUHPw06MoV2nwTBlhm8zDgtfRQUHPw06MoV2nwTBlhm8T:jDgN6MoIwT3vDgN6MoIwT33

Score
10/10
yunsipbankertrojan

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

    trojanbankeryunsip
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7.dll,#1
      2⤵
        PID:2360

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2360-132-0x0000000000000000-mapping.dmp
      Download