yunsip | 79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 23:32

Target

79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87.dll
Size

1.0MB
MD5

f1e3ef3b0259f14ce98a649f121422c7
SHA1

b348dd7607d141a8c5fed2867dd315dbbe327710
SHA256

79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87
SHA512

20fde6ec3c8c886ac93fdcd46397771f37430b7528c90a605b918124f4959c6f0445faf2c94c7e441725d8c5457c2023e3f3b0202495679fa00e89fbb8612b5e
SSDEEP

6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYF:o6RI1Fo/wT3cJYYYYYYYYYYYYF

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1780	2196	rundll32.exe	28
PID 2196 wrote to memory of 1780	2196	rundll32.exe	28
PID 2196 wrote to memory of 1780	2196	rundll32.exe	28
PID 2196 wrote to memory of 1780	2196	rundll32.exe	28
PID 2196 wrote to memory of 1780	2196	rundll32.exe	28
PID 2196 wrote to memory of 1780	2196	rundll32.exe	28
PID 2196 wrote to memory of 1780	2196	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87.dll,#1
  2⤵
  PID:1780