yunsip | 37b46b7e38d3bd9323533db6c1acf09292f973f9a84eef810c182aedd99c9ae1

Analysis

max time kernel
186s
max time network
217s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2023 15:12

Target

dac78d292e458aa9110548122dba3820_dll32_JC.dll
Size

186KB
MD5

dac78d292e458aa9110548122dba3820
SHA1

a0e7763d31a1a4e39f3598f6a5a3b5239c358873
SHA256

37b46b7e38d3bd9323533db6c1acf09292f973f9a84eef810c182aedd99c9ae1
SHA512

f320061232d24b5cdee797786c6834b4fe7ed83d606f58592704cd500f90130ea80e0e8c476ee04983826eed425a8972d8a3e9be033e21ff16c0596d8f64123d
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0B:jDgtfRQUHPw06MoV2nwTBlhm85

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1076 wrote to memory of 4960	1076	rundll32.exe	rundll32.exe
PID 1076 wrote to memory of 4960	1076	rundll32.exe	rundll32.exe
PID 1076 wrote to memory of 4960	1076	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dac78d292e458aa9110548122dba3820_dll32_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dac78d292e458aa9110548122dba3820_dll32_JC.dll,#1
2⤵
PID:4960