yunsip | c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93

Analysis

max time kernel
66s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 08:41

Target

c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93.dll
Size

321KB
MD5

0fea80191538d49523d3a55d65b06610
SHA1

7619bb73da35603c939a9c515292dd8d515bc196
SHA256

c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93
SHA512

6d7f255c1f4cdd23b5d3387fb030ad60161a01e682293f95983731de9ef05c8608e974084d295aa4fcd3d533ce78f4fb868be6eb395bb74a65c20bef9ceb9171
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0h:jDgtfRQUHPw06MoV2nwTBlhm8Z

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 2004	4232	rundll32.exe	81
PID 4232 wrote to memory of 2004	4232	rundll32.exe	81
PID 4232 wrote to memory of 2004	4232	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2c6faae05a264117f09934c1382636ffbc79d7625e4a70d1ebdeae7c0615a93.dll,#1
  2⤵
  PID:2004