Analysis
-
max time kernel
139s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26-07-2024 05:59
General
-
Target
cb7e4c3078f07315ef2c27581e55ace30b1eebbeff6ab19a0461e5829126b413.dll
-
Size
567KB
-
MD5
65deb07195f409b9bf6c3fd929ce2d6a
-
SHA1
04c6c9ffe45f7c69fa99186e85d6444abfbcf700
-
SHA256
cb7e4c3078f07315ef2c27581e55ace30b1eebbeff6ab19a0461e5829126b413
-
SHA512
ffc7a343abea59bbabe2a38bff447f64ddc75a78988829030001ac335a2a30fec9d2ee0f07ca01a26e0c97e10fd93bc9df447f0b31992df2e262f3b6baee50bc
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0:jDgtfRQUHPw06MoV2nwTBlhm8
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cb7e4c3078f07315ef2c27581e55ace30b1eebbeff6ab19a0461e5829126b413.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cb7e4c3078f07315ef2c27581e55ace30b1eebbeff6ab19a0461e5829126b413.dll,#12⤵
- System Location Discovery: System Language Discovery
-