yunsip | c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93

Analysis

max time kernel
19s
max time network
202s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 08:41

Target

c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93.dll
Size

321KB
MD5

0fea80191538d49523d3a55d65b06610
SHA1

7619bb73da35603c939a9c515292dd8d515bc196
SHA256

c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93
SHA512

6d7f255c1f4cdd23b5d3387fb030ad60161a01e682293f95983731de9ef05c8608e974084d295aa4fcd3d533ce78f4fb868be6eb395bb74a65c20bef9ceb9171
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0h:jDgtfRQUHPw06MoV2nwTBlhm8Z

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2032	2020	rundll32.exe	28
PID 2020 wrote to memory of 2032	2020	rundll32.exe	28
PID 2020 wrote to memory of 2032	2020	rundll32.exe	28
PID 2020 wrote to memory of 2032	2020	rundll32.exe	28
PID 2020 wrote to memory of 2032	2020	rundll32.exe	28
PID 2020 wrote to memory of 2032	2020	rundll32.exe	28
PID 2020 wrote to memory of 2032	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93.dll,#1
  2⤵
  PID:2032

memory/2032-55-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download