yunsip | b526dde8b94fe9925fab933cb6f6210ab3b3944af48a4c5084dcb0071d00a04b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 17:10

Target

fceddd0e5cb85f38b20bd8d7a2568850_NeikiAnalytics.dll
Size

507KB
MD5

fceddd0e5cb85f38b20bd8d7a2568850
SHA1

7dfb78bc35090c0c8b9938569c02bbb61b5d14ed
SHA256

b526dde8b94fe9925fab933cb6f6210ab3b3944af48a4c5084dcb0071d00a04b
SHA512

b428c357d7f9f775493786f15f8995ac850e38ca4d565e6d94e58d558dc192ef682a587fe13413e4e94a254ab73e59e8812f64a2427373fb8f6277ba615bda6b
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0d:jDgtfRQUHPw06MoV2nwTBlhm8F

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2200	2336	rundll32.exe	28
PID 2336 wrote to memory of 2200	2336	rundll32.exe	28
PID 2336 wrote to memory of 2200	2336	rundll32.exe	28
PID 2336 wrote to memory of 2200	2336	rundll32.exe	28
PID 2336 wrote to memory of 2200	2336	rundll32.exe	28
PID 2336 wrote to memory of 2200	2336	rundll32.exe	28
PID 2336 wrote to memory of 2200	2336	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fceddd0e5cb85f38b20bd8d7a2568850_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fceddd0e5cb85f38b20bd8d7a2568850_NeikiAnalytics.dll,#1
  2⤵
  PID:2200