yunsip | 9082a672b8d3489c7087e0e684f8909fdd2ce1c7ba0aebbcabed01a7529698ad

Analysis

max time kernel
100s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 01:54

Target

48f2b68c346a3976fd824154e2cfcf30N.dll
Size

956KB
MD5

48f2b68c346a3976fd824154e2cfcf30
SHA1

6af3e9ab224aef6330caf277f83d6cef7f8c8286
SHA256

9082a672b8d3489c7087e0e684f8909fdd2ce1c7ba0aebbcabed01a7529698ad
SHA512

a6d98cfea3b359c6cf13e005a16fccb86f0e2c44836f0f66ee7fe72365a27fe69692b2a86903716485284822a0c168f270cb3a8ed444c66cdc75ea6bacf59443
SSDEEP

6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY2jjjjjjjjjjjjjjjjjjjjjjK:o6RI1Fo/wT3cJYYYYYYYYYYYYt

Score

10^/10

Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
trojan banker yunsip

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 2952	4864	rundll32.exe	83
PID 4864 wrote to memory of 2952	4864	rundll32.exe	83
PID 4864 wrote to memory of 2952	4864	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48f2b68c346a3976fd824154e2cfcf30N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48f2b68c346a3976fd824154e2cfcf30N.dll,#1
  2⤵
  PID:2952