yunsip | 79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 23:32

Target

79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87.dll
Size

1.0MB
MD5

f1e3ef3b0259f14ce98a649f121422c7
SHA1

b348dd7607d141a8c5fed2867dd315dbbe327710
SHA256

79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87
SHA512

20fde6ec3c8c886ac93fdcd46397771f37430b7528c90a605b918124f4959c6f0445faf2c94c7e441725d8c5457c2023e3f3b0202495679fa00e89fbb8612b5e
SSDEEP

6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYF:o6RI1Fo/wT3cJYYYYYYYYYYYYF

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 2596	4696	rundll32.exe	83
PID 4696 wrote to memory of 2596	4696	rundll32.exe	83
PID 4696 wrote to memory of 2596	4696	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\79810b8c1bc2b3591d591e0d3f74742b78ebdc1d92785cb0899b665a7eddec87.dll,#1
  2⤵
  PID:2596