Analysis
-
max time kernel
138s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
21-04-2024 21:19
General
-
Target
4962726b0eca4e2314373315cb238033fcc45440f41579174bc549726eb661dd.dll
-
Size
886KB
-
MD5
e683c6d908395043be7bec5596673cd2
-
SHA1
db875067ab75af7c769a5e7e5db4feeeeaaba0a5
-
SHA256
4962726b0eca4e2314373315cb238033fcc45440f41579174bc549726eb661dd
-
SHA512
c1b81dd6102351cad623b3a5448754ea1592d18d91fd94eabe5f125e471727574d5f3e10df17d3f897f347c7f8c1b1e4088538d69b4e5e55bebc0d8be87c56e8
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY2jjjjjjjjjjjjjjjjjjjjjjo:o6RI1Fo/wT3cJYYYYYYYYYYYYf
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4962726b0eca4e2314373315cb238033fcc45440f41579174bc549726eb661dd.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4962726b0eca4e2314373315cb238033fcc45440f41579174bc549726eb661dd.dll,#12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:81⤵