yunsip | c51d4514e9cbd14ce193c47bfe548eb607e408d63368f897d6a45ce519aae4d3

Analysis

max time kernel
170s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 02:43

Target

c51d4514e9cbd14ce193c47bfe548eb607e408d63368f897d6a45ce519aae4d3.dll
Size

215KB
MD5

e7ccc9360ab7be9f919eaf5a0af64e0f
SHA1

9d97fedea35c0d2de430903bf28066f222248f7a
SHA256

c51d4514e9cbd14ce193c47bfe548eb607e408d63368f897d6a45ce519aae4d3
SHA512

f1c159a200708f50651bd2aa18685d29e048c651db2e36d42b7b970390125833e91724d103ffea0a98861c11ec1ef7fb55776f58ae4eb03d559351eba5e80978
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0y:jDgtfRQUHPw06MoV2nwTBlhm86

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 2436	4328	rundll32.exe	80
PID 4328 wrote to memory of 2436	4328	rundll32.exe	80
PID 4328 wrote to memory of 2436	4328	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c51d4514e9cbd14ce193c47bfe548eb607e408d63368f897d6a45ce519aae4d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c51d4514e9cbd14ce193c47bfe548eb607e408d63368f897d6a45ce519aae4d3.dll,#1
  2⤵
  PID:2436