yunsip | 4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 21:23

Target

4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5.dll
Size

530KB
MD5

afba29c02ca4d776e33c86be12d9bf29
SHA1

4e2e9d252584c1a8c3d84ad50bd8e5cbb5684e93
SHA256

4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5
SHA512

bdcea19a58d9d5aa9f5e45950766c06a59fbd4d6c9ddb6c6a655cc71ac96085981bf785949399f7536349dbf9393538b8f0f05d12b4114d5faae52af23a35853
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0P:jDgtfRQUHPw06MoV2nwTBlhm8H

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2200 wrote to memory of 1612	2200	rundll32.exe	rundll32.exe
PID 2200 wrote to memory of 1612	2200	rundll32.exe	rundll32.exe
PID 2200 wrote to memory of 1612	2200	rundll32.exe	rundll32.exe
PID 2200 wrote to memory of 1612	2200	rundll32.exe	rundll32.exe
PID 2200 wrote to memory of 1612	2200	rundll32.exe	rundll32.exe
PID 2200 wrote to memory of 1612	2200	rundll32.exe	rundll32.exe
PID 2200 wrote to memory of 1612	2200	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5.dll,#1
2⤵
PID:1612