Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 19:30

General

  • Target

    22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7.dll

  • Size

    515KB

  • MD5

    4213f5e7a5f1638f13a8a41652b5055e

  • SHA1

    7c10369c5efba5dd74377cb09c572ad6a1169519

  • SHA256

    22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7

  • SHA512

    da90b88f951b40727bb0539172aac2d0d31a955a3dbb9b5dcf78cd98ce345cacb72952c45807f33b096ecd95a82723a0880a9bde4a05a464cb1d4bd9006da050

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0O:jDgtfRQUHPw06MoV2nwTBlhm8m

Score
10/10

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7.dll,#1
      2⤵
        PID:2940

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.