Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17-04-2024 20:15
General
-
Target
3384f95ca83e0d4df6ed7470721b684dc3c12d8ba7a604cfc89d70185eb082a3.dll
-
Size
697KB
-
MD5
6a94421fa081a941fc1c4fd4deda5880
-
SHA1
bbdbfd6401887daa3a18a06ea6a84f5191b0cd84
-
SHA256
3384f95ca83e0d4df6ed7470721b684dc3c12d8ba7a604cfc89d70185eb082a3
-
SHA512
5e4f05344216b5ce07fe457c5bb4c3f8e59d7876b546a09d8829f32fd285909cf8a4bb1b8763f252a89e231cf3cb1bb1f90ace03b7c1b2bf5f693da10e1261b4
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYC:o6RI1Fo/wT3cJYYYYYYYYYYYYC
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3384f95ca83e0d4df6ed7470721b684dc3c12d8ba7a604cfc89d70185eb082a3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3384f95ca83e0d4df6ed7470721b684dc3c12d8ba7a604cfc89d70185eb082a3.dll,#12⤵