Overview

overview

10

Static

static

3

NEAS.14c43...f0.dll

windows7-x64

10

NEAS.14c43...f0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-10-2023 21:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.14c43ccbe5cd08a3287bda6bf7ca61f0.dll

  • Size

    1019KB

  • MD5

    14c43ccbe5cd08a3287bda6bf7ca61f0

  • SHA1

    9fd766ed3eb9b40605eb0a6f245a1cb3e20a26f5

  • SHA256

    886f8852d035b0512200b37a8747aff7345c4ab3ba8b1ee9ca72203f4b3bb903

  • SHA512

    ebdaef86657cf68350f4d74b4b6b1e3a95a087ad152d05392efeafc3707a730bba6d8363dd9ae4e7dbe036d115b82dac78fa9afa4576721e1d680d62a3323377

  • SSDEEP

    6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY4:o6RI1Fo/wT3cJYYYYYYYYYYYY4

Score
10/10
yunsipbankertrojan

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

    trojanbankeryunsip
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.14c43ccbe5cd08a3287bda6bf7ca61f0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.14c43ccbe5cd08a3287bda6bf7ca61f0.dll,#1
      2⤵
        PID:2676

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads