Analysis

  • max time kernel
    183s
  • max time network
    207s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 08:40

General

  • Target

    d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f.dll

  • Size

    429KB

  • MD5

    1793160b219c5b87342b1213683bfe80

  • SHA1

    ac2287f59e52953cb659ec6a4b81cbbd66f028d2

  • SHA256

    d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f

  • SHA512

    3a030f6aced84350ea85d5bd6c054ba3dc52c7eb238e8868fe530f52de9726cd2eead836c5b3198ce19ff7fcba7fa20f027a4b6614c76ebb0483d0bac785cd64

  • SSDEEP

    3072:aDKpt9sSR0HUHPwZWLnWVfEAzV2IMwTBftZmc+z+f3Q0J:aDgtfRQUHPw06MoV2dwTBlxm8h

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:540
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f.dll,#1
      2⤵
        PID:632

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads