yunsip | da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 02:38

Target

da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd.dll
Size

786KB
MD5

483dc51a57754640acf1f3422fdccc10
SHA1

d2e9c7bb879b942be15918e46f61b3fb5f53a22c
SHA256

da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd
SHA512

4236972ac4788d2bbbbe24b7767a2d5206a92382afd03d2a5f13ae5a5479c9ff1a801f3b277a016c2d119fa6de0a2431c44315654fab6e8b066734e6607d96fb
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0X:jDgtfRQUHPw06MoV2nwTBlhm8P

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 4580	3884	rundll32.exe	81
PID 3884 wrote to memory of 4580	3884	rundll32.exe	81
PID 3884 wrote to memory of 4580	3884	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd.dll,#1
  2⤵
  PID:4580