yunsip | 758f3d2ba8130302a90b31c91862250ebcfe4e6a3a99bcef12ed7ce2f914c868

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30-01-2023 02:24

Target

758f3d2ba8130302a90b31c91862250ebcfe4e6a3a99bcef12ed7ce2f914c868.dll
Size

356KB
MD5

dccafd855960c17fc7d5aa4f86600fa0
SHA1

5e7320c412444a6f79820a89da8677ece3dd7759
SHA256

758f3d2ba8130302a90b31c91862250ebcfe4e6a3a99bcef12ed7ce2f914c868
SHA512

5a2bc1d30ce9c31f10802d18a9c496b52e2ee1ae7c4f38e3b016c25cb1a684a4167ef5c1f38fda90818b7209c6a7c52350457bf60b94785c8155395a5b3caa9d
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0H:jDgtfRQUHPw06MoV2nwTBlhm8f

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1716	2000	rundll32.exe	28
PID 2000 wrote to memory of 1716	2000	rundll32.exe	28
PID 2000 wrote to memory of 1716	2000	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\758f3d2ba8130302a90b31c91862250ebcfe4e6a3a99bcef12ed7ce2f914c868.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\758f3d2ba8130302a90b31c91862250ebcfe4e6a3a99bcef12ed7ce2f914c868.dll,#1
  2⤵
  PID:1716