yunsip | 4da0c11e344f0662683c5020f4f07e8b02641dc55077bd70ca0a60fe83a52d8a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 14:48

Target

dac1bb35af763e15946f856f34161c50_NeikiAnalytics.dll
Size

932KB
MD5

dac1bb35af763e15946f856f34161c50
SHA1

b5708ddfe414c6dbb44191932de5b8a802d87913
SHA256

4da0c11e344f0662683c5020f4f07e8b02641dc55077bd70ca0a60fe83a52d8a
SHA512

e9d867b243e739a37e9ea53935f16c77da0c2c18a89d241670fa68f6ae04ed9a7a4bd4f0dfba5795ac045e142c32939a3040a1507c9b7a95c315dc5f76d2dfea
SSDEEP

6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY2jjjjjjjjjjjjjjjjjjjjjjH:o6RI1Fo/wT3cJYYYYYYYYYYYYg

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28
PID 2240 wrote to memory of 2244	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dac1bb35af763e15946f856f34161c50_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dac1bb35af763e15946f856f34161c50_NeikiAnalytics.dll,#1
  2⤵
  PID:2244