Analysis

  • max time kernel
    150s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-03-2024 17:43

General

  • Target

    168f29f10d9d5bace166fe82fe0ae1d63e4de0658bc21e606e615e34f4555ab2.dll

  • Size

    181KB

  • MD5

    2b158e10981db4362648ff36f5050a32

  • SHA1

    3c7559077170be28f204722fced4508626cca3ec

  • SHA256

    168f29f10d9d5bace166fe82fe0ae1d63e4de0658bc21e606e615e34f4555ab2

  • SHA512

    df169a20551cc5e30a0b258b96641486a9404d49f8f397177a6f37738430ab8cca8b8a245a5572a7cca69d2a6bb87afeb0edaaf701e025e16837c8ad681beff7

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0R:jDgtfRQUHPw06MoV2nwTBlhm8Z

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\168f29f10d9d5bace166fe82fe0ae1d63e4de0658bc21e606e615e34f4555ab2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\168f29f10d9d5bace166fe82fe0ae1d63e4de0658bc21e606e615e34f4555ab2.dll,#1
      2⤵
        PID:4204
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=748 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1952

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads