yunsip | fe66b4975fcb8a321e6b55d7e7fa626baf4daa389c038fda0a7d07eeed26183c

Analysis

max time kernel
186s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2022 21:57

Target

fe66b4975fcb8a321e6b55d7e7fa626baf4daa389c038fda0a7d07eeed26183c.dll
Size

128KB
MD5

24293ebdce464adf81fa7df9b69cbc67
SHA1

9a4c183ae33d3ec5a43e0c2330bd7328190da6a3
SHA256

fe66b4975fcb8a321e6b55d7e7fa626baf4daa389c038fda0a7d07eeed26183c
SHA512

4d2bfef4c01efb595c3e66f0b5998e277c4f488fdd51899e18812344617ab88c46b2af5183d27cdf07acc1b67d4d5929c3b19f5631240845fe5f841f0570f392
SSDEEP

3072:sAxv9I4I5taw3nI9sLVWGqeAzV2CdJSTBftoMY5dOf3QK:sAV9q5ww3nI+xboV2UJSTBlinsP

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 480	2276	rundll32.exe	78
PID 2276 wrote to memory of 480	2276	rundll32.exe	78
PID 2276 wrote to memory of 480	2276	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe66b4975fcb8a321e6b55d7e7fa626baf4daa389c038fda0a7d07eeed26183c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe66b4975fcb8a321e6b55d7e7fa626baf4daa389c038fda0a7d07eeed26183c.dll,#1
  2⤵
  PID:480