yunsip | 6a39f101f52c356cc286ff2534317ea7b99571c7a5202a4a7da0217697a0788d

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 23:52

Target

6a39f101f52c356cc286ff2534317ea7b99571c7a5202a4a7da0217697a0788d.dll
Size

714KB
MD5

972f43aeaacb87a5ff3065792036f81f
SHA1

1d53f39a0e78ba39db3f49f13e48c82672d64d67
SHA256

6a39f101f52c356cc286ff2534317ea7b99571c7a5202a4a7da0217697a0788d
SHA512

7cca3719018ef1fcd8007b0803a91d574170ad2b0e133540cfc63596f02fc33dc208744ec2a87df197caa5a0f040a0c6c4d58df1ebbc31082ab11aa53ca4d6a3
SSDEEP

6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYk:o6RI1Fo/wT3cJYYYYYYYYYYYYk

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1540 wrote to memory of 2696	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2696	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2696	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2696	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2696	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2696	1540	rundll32.exe	rundll32.exe
PID 1540 wrote to memory of 2696	1540	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a39f101f52c356cc286ff2534317ea7b99571c7a5202a4a7da0217697a0788d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1540

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a39f101f52c356cc286ff2534317ea7b99571c7a5202a4a7da0217697a0788d.dll,#1
2⤵
PID:2696