yunsip | 33a6fcbdbfe8d6f234c4fc4d149af6cb88f0c7972d8c640b8eb6381704024477

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 00:49

Target

bd095d31c3fda1f0913f3fe779225448.dll
Size

281KB
MD5

bd095d31c3fda1f0913f3fe779225448
SHA1

4d0eb36a03199c82df3ec57efc165ac63b4eb05d
SHA256

33a6fcbdbfe8d6f234c4fc4d149af6cb88f0c7972d8c640b8eb6381704024477
SHA512

6158a4230a3abb259274ca06e78290e940c43fe581f4a678dd20bd0e9ddf477b0adf7c38a2b4a89253c0d816b95a307fb797663a91bf56fbb8b295a71f904174
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0L:jDgtfRQUHPw06MoV2nwTBlhm8z

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2084	2360	rundll32.exe	17
PID 2360 wrote to memory of 2084	2360	rundll32.exe	17
PID 2360 wrote to memory of 2084	2360	rundll32.exe	17
PID 2360 wrote to memory of 2084	2360	rundll32.exe	17
PID 2360 wrote to memory of 2084	2360	rundll32.exe	17
PID 2360 wrote to memory of 2084	2360	rundll32.exe	17
PID 2360 wrote to memory of 2084	2360	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd095d31c3fda1f0913f3fe779225448.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd095d31c3fda1f0913f3fe779225448.dll,#1
  2⤵
  PID:2084