Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2023 01:42

General

  • Target

    NEAS.5e570d6b32ff73d56f710c5ab4147e10.dll

  • Size

    1.0MB

  • MD5

    5e570d6b32ff73d56f710c5ab4147e10

  • SHA1

    2de75b526aaa19c5444eec5bf18e2c42a0696db8

  • SHA256

    ccf2b257e73da20556ae15488abb02e2c0d15b46e7036186ee6ab68ffb7c5ee7

  • SHA512

    068e67c6952ba0b962eb5b378d3bf682b05a71a14ef3e3ad688a962d1da11b5611072df5e48c33a7df07719346ae86224bc8dd10f6e1872087ddf72c5552b609

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0o:jDgtfRQUHPw06MoV2nwTBlhm8A

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.5e570d6b32ff73d56f710c5ab4147e10.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4780
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.5e570d6b32ff73d56f710c5ab4147e10.dll,#1
      2⤵
        PID:4232

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads