yunsip | 49c7c6914243ce2615f3a360a501efee92bc65653a18498f32c6a83c10831a3e

Analysis

max time kernel
88s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 12:55

Target

49c7c6914243ce2615f3a360a501efee92bc65653a18498f32c6a83c10831a3e.dll
Size

309KB
MD5

edc236c595a5c76ead85eff84ba2bbb0
SHA1

cc13d25779817bd404a906bae86ffde1e7975bbe
SHA256

49c7c6914243ce2615f3a360a501efee92bc65653a18498f32c6a83c10831a3e
SHA512

71e1a2c24e7a402fb43f949c4ff33e5b36a215601e19e6cd6909a036e7f2884b532651cdd5a434bb9883cb17f1aa233ca0cb4fd27a574d00c6d99238b4b3538e
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0S:jDgtfRQUHPw06MoV2nwTBlhm8K

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 1668	952	rundll32.exe	28
PID 952 wrote to memory of 1668	952	rundll32.exe	28
PID 952 wrote to memory of 1668	952	rundll32.exe	28
PID 952 wrote to memory of 1668	952	rundll32.exe	28
PID 952 wrote to memory of 1668	952	rundll32.exe	28
PID 952 wrote to memory of 1668	952	rundll32.exe	28
PID 952 wrote to memory of 1668	952	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49c7c6914243ce2615f3a360a501efee92bc65653a18498f32c6a83c10831a3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49c7c6914243ce2615f3a360a501efee92bc65653a18498f32c6a83c10831a3e.dll,#1
  2⤵
  PID:1668

memory/1668-55-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download