yunsip | 281a1f1850386820c6423b51ecd77096cd92013f3c6a3d2bf725d3c181eaa418

Analysis

max time kernel
130s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 20:41

Target

2281d20981212bbbcb298048288c2650_NeikiAnalytics.dll
Size

618KB
MD5

2281d20981212bbbcb298048288c2650
SHA1

7256f119aa0aefdbf3aa29b1071d8202148da963
SHA256

281a1f1850386820c6423b51ecd77096cd92013f3c6a3d2bf725d3c181eaa418
SHA512

81316b8a096c146bfe3895042837d4984baaf512c0a5142f54e0b900402c723b30cab19b2e118c8f2b625d836bbb859ad0cb2ce4c712d9bce96001548463378d
SSDEEP

6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY5:o6RI1Fo/wT3cJYYYYYYYYYYYY5

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3100 wrote to memory of 3892	3100	rundll32.exe	rundll32.exe
PID 3100 wrote to memory of 3892	3100	rundll32.exe	rundll32.exe
PID 3100 wrote to memory of 3892	3100	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2281d20981212bbbcb298048288c2650_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3100

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2281d20981212bbbcb298048288c2650_NeikiAnalytics.dll,#1
2⤵
PID:3892