yunsip | 1d20a650186d32fa75d7234762e75c8605748cd5990a2ff8607eaca9303c3721

Analysis

max time kernel
129s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2024 22:35

Target

1d20a650186d32fa75d7234762e75c8605748cd5990a2ff8607eaca9303c3721_NeikiAnalytics.dll
Size

1.0MB
MD5

58933208b58b655c3e58244ea465b9a0
SHA1

3fda8d0bb00891e4a6b27778e535e3ce0c722cdf
SHA256

1d20a650186d32fa75d7234762e75c8605748cd5990a2ff8607eaca9303c3721
SHA512

f42022d91c6b41fd5bbeaad53eedbb64012c272f7e649ae5a58786c553f305bd688c6d8f8e8c0c53fa21524c28fa1939f5f932f6730a4743a5afb8a0fa5e83b4
SSDEEP

6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY6:o6RI1Fo/wT3cJYYYYYYYYYYYY6

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 452 wrote to memory of 1556	452	rundll32.exe	rundll32.exe
PID 452 wrote to memory of 1556	452	rundll32.exe	rundll32.exe
PID 452 wrote to memory of 1556	452	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d20a650186d32fa75d7234762e75c8605748cd5990a2ff8607eaca9303c3721_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:452

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d20a650186d32fa75d7234762e75c8605748cd5990a2ff8607eaca9303c3721_NeikiAnalytics.dll,#1
2⤵
PID:1556