yunsip | 92b6ab2fa8c7dd21bc2788aac270165274ce615d726bdb415dc405ea00d4e84e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 04:15

Target

699db575a24d9fb5c29982279981a570_NeikiAnalytics.dll
Size

779KB
MD5

699db575a24d9fb5c29982279981a570
SHA1

ffaf0fea4f767b73df8b4adeeb3c602e4e1a4fac
SHA256

92b6ab2fa8c7dd21bc2788aac270165274ce615d726bdb415dc405ea00d4e84e
SHA512

cfb3a26159625940e3b284c0ed56cf91283506590c9e6c697022da25ffc364a623aa0e8e750ac6b3124fa4a55adc8c04f77f7cdd8cbd3fda81993677ffd1f8e5
SSDEEP

6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYQ:o6RI1Fo/wT3cJYYYYYYYYYYYYQ

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\699db575a24d9fb5c29982279981a570_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\699db575a24d9fb5c29982279981a570_NeikiAnalytics.dll,#1
  2⤵
  PID:2656