yunsip | 88aa3f5f252b63e0aeb85d3b0b7e214962145dd4c911b3481ada7da5fba7de52

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 23:30

Target

88aa3f5f252b63e0aeb85d3b0b7e214962145dd4c911b3481ada7da5fba7de52.dll
Size

779KB
MD5

64866ce93b45a54859006295f5eb6a10
SHA1

e3573ebd004b41e789bbd3fbc34faaf614ca0139
SHA256

88aa3f5f252b63e0aeb85d3b0b7e214962145dd4c911b3481ada7da5fba7de52
SHA512

163786174bf4ad3efa287e1f1dd10d998d68637dfb54269b8217fc52022918f68763474646c4818b8bc7dc9a69cad5c0dee4349418c524743ede14407ba1c672
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0X:jDgtfRQUHPw06MoV2nwTBlhm8P

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\88aa3f5f252b63e0aeb85d3b0b7e214962145dd4c911b3481ada7da5fba7de52.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\88aa3f5f252b63e0aeb85d3b0b7e214962145dd4c911b3481ada7da5fba7de52.dll,#1
  2⤵
  PID:2288