yunsip | 908c33ff27e37c9e9f90bb333eb10ed8990e432ffec2b9e71501357a108f33f2

Analysis

max time kernel
83s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 12:53

Target

908c33ff27e37c9e9f90bb333eb10ed8990e432ffec2b9e71501357a108f33f2.dll
Size

251KB
MD5

b149c054688c5631390ea0529350c820
SHA1

ce2498dbbaf2a63ae9de6f3b6a0573214448f206
SHA256

908c33ff27e37c9e9f90bb333eb10ed8990e432ffec2b9e71501357a108f33f2
SHA512

f8d3ccb5910d2f8730fa7485dea68edc364c8b0e21bab737b19c9a6eebf6e76f451dbb2f24b91fe8ffd7456d81276f9d2951b105664386c05537ededc9aeb04e
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0E:jDgtfRQUHPw06MoV2nwTBlhm8c

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 2680	3544	rundll32.exe	76
PID 3544 wrote to memory of 2680	3544	rundll32.exe	76
PID 3544 wrote to memory of 2680	3544	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\908c33ff27e37c9e9f90bb333eb10ed8990e432ffec2b9e71501357a108f33f2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\908c33ff27e37c9e9f90bb333eb10ed8990e432ffec2b9e71501357a108f33f2.dll,#1
  2⤵
  PID:2680