yunsip | cd3c97ebe389a6f27bc6acaee0af750c386381620281d2481c402f3293f6e291

Analysis

max time kernel
92s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 04:27

Target

cd3c97ebe389a6f27bc6acaee0af750c386381620281d2481c402f3293f6e291.dll
Size

549KB
MD5

55f8dc38f9a9548147f92cbcb6844185
SHA1

6bdcb7a629b5faed3fe777247e33685162ac9b22
SHA256

cd3c97ebe389a6f27bc6acaee0af750c386381620281d2481c402f3293f6e291
SHA512

67068f318d84fbfd7793a9acc5fc00a73378c7f585f8b6ca82058fb4026959fd0021ad5cc08bdec28dd801e0a1b911b1968e004296314e843d84da59f5f79e31
SSDEEP

3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0h:jDgtfRQUHPw06MoV2nwTBlhm8J

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3724	2024	rundll32.exe	82
PID 2024 wrote to memory of 3724	2024	rundll32.exe	82
PID 2024 wrote to memory of 3724	2024	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd3c97ebe389a6f27bc6acaee0af750c386381620281d2481c402f3293f6e291.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd3c97ebe389a6f27bc6acaee0af750c386381620281d2481c402f3293f6e291.dll,#1
  2⤵
  PID:3724