Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2023 18:39

General

  • Target

    458442cb31be688b8cbbc26f4eb55be0_JC.dll

  • Size

    787KB

  • MD5

    458442cb31be688b8cbbc26f4eb55be0

  • SHA1

    07b72c6e65f871ca44c65117987f74aaaaa0bb1b

  • SHA256

    5bd90431dd51f7c357c11acde901bd94262d1c4cdbff4869bf4977a10868bc76

  • SHA512

    80b59ba7b46b209a2261da73642692ce309cfb3918dc2a5e3d8aee7d52f1973331a5723835f84c5ed7fd4a91bceabc61774d49115300da85f53e382727ca3ad6

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0KIgXTN:jDgtfRQUHPw06MoV2nwTBlhm8vw

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\458442cb31be688b8cbbc26f4eb55be0_JC.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\458442cb31be688b8cbbc26f4eb55be0_JC.dll,#1
      2⤵
        PID:4628

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads