yunsip | 29eb9ab17a6eab29731b74b48b6d9a2809818d4ee4892ba362b31c7d4a072b2e

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 22:05

Target

14839615db4b261d73f21e05d63a2624.dll
Size

306KB
MD5

14839615db4b261d73f21e05d63a2624
SHA1

47b2670d7d3dcc52572844e7c8f0a720c4be7790
SHA256

29eb9ab17a6eab29731b74b48b6d9a2809818d4ee4892ba362b31c7d4a072b2e
SHA512

577ede8b9cf330e32f37ef349e2503b57184185ec9e6b8edbd6685c04f32caace7b85a7797cb81a0939d95c13f6d2a18c25891108968c6e0386cc7f39add83e5
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q08:jDgtfRQUHPw06MoV2nwTBlhm8E

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 3716	4540	rundll32.exe	14
PID 4540 wrote to memory of 3716	4540	rundll32.exe	14
PID 4540 wrote to memory of 3716	4540	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14839615db4b261d73f21e05d63a2624.dll,#1
1⤵
PID:3716

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14839615db4b261d73f21e05d63a2624.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4540