Analysis

  • max time kernel
    90s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2022 17:21

General

  • Target

    e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556.dll

  • Size

    704KB

  • MD5

    09ca79ea116cddbbb6939426481adde0

  • SHA1

    74bac539c9172128f45900cc2a14d4063e7cc6f4

  • SHA256

    e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556

  • SHA512

    41deaa702a3602812dbfd023b8bda80f88bb93f9b6de2f7f249bed3dd57e61031421f125892a35594577b732dc0aa533a779ed011d8415bfc80be7e3ef8991e8

  • SSDEEP

    3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDW:o6C5AXbMn7UI1FoV2gwTBlrIckPI

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5004
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556.dll,#1
      2⤵
        PID:4896

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads