yunsip | 9283bd22f1d577833106c54fad47efb621ba5ffaba091708385b663c32bf7c0c

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 00:36

Target

9283bd22f1d577833106c54fad47efb621ba5ffaba091708385b663c32bf7c0c.dll
Size

1.2MB
MD5

50a21aefbc247904878f8c15964e390a
SHA1

11c518c70467dd2ac5b426d365af06ff7640ef7c
SHA256

9283bd22f1d577833106c54fad47efb621ba5ffaba091708385b663c32bf7c0c
SHA512

1ca3016518b91860f8c37d99c2bcb0d6959ee6b854e548b0563da96da627301f89c2bf0ad0ac87d1072ac294b71d6213f5b282802715093439bbcad86e1ffef4
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q03:jDgtfRQUHPw06MoV2nwTBlhm8/

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28
PID 1924 wrote to memory of 2472	1924	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9283bd22f1d577833106c54fad47efb621ba5ffaba091708385b663c32bf7c0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9283bd22f1d577833106c54fad47efb621ba5ffaba091708385b663c32bf7c0c.dll,#1
  2⤵
  PID:2472