Analysis

  • max time kernel
    41s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 17:44

General

  • Target

    61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890.dll

  • Size

    281KB

  • MD5

    2b32cc51f5495323f3c7c9cb2104f3c0

  • SHA1

    73ad2476ee20bc7eb396f4c63d4719dcb2f7ae41

  • SHA256

    61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890

  • SHA512

    b042cf1316d0e10be4561fed13d5f65571b41a433b31a86ba2032c7c2938f3a37155a9751d5456ab0a848515e84ab0815ce575068f72bf4b0845f6a73b982dba

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0L:jDgtfRQUHPw06MoV2nwTBlhm8T

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:108
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890.dll,#1
      2⤵
        PID:872

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/872-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

      Filesize

      8KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.