yunsip | 55d56ff650ccc8e151182aeb5144d8c5ec281286ad5ba3756b29a972b5105643

Analysis

max time kernel
14s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 18:29

Target

55d56ff650ccc8e151182aeb5144d8c5ec281286ad5ba3756b29a972b5105643.dll
Size

438KB
MD5

49753dd9fe4bede8e1791844db189080
SHA1

fd55ebeef85abb56d4d244822493dafea962af39
SHA256

55d56ff650ccc8e151182aeb5144d8c5ec281286ad5ba3756b29a972b5105643
SHA512

26b80a80d7b85952b67a2c3425d2f4d74f3b3864ab58f371ef18998c51338f21099206653fff368b1bad1c309baa11014dd58bc27db9e3becf5dcc0a281b2111
SSDEEP

3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDG:o6C5AXbMn7UI1FoV2gwTBlrIckPM

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55d56ff650ccc8e151182aeb5144d8c5ec281286ad5ba3756b29a972b5105643.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55d56ff650ccc8e151182aeb5144d8c5ec281286ad5ba3756b29a972b5105643.dll,#1
  2⤵
  PID:2196