Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 04:10

General

  • Target

    d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082.dll

  • Size

    1.1MB

  • MD5

    63b24d82d837f5478c7bd9d66d4c2708

  • SHA1

    5e7a762feaf83ab244133a2ce59bb6db6a5ee78d

  • SHA256

    d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082

  • SHA512

    fa4bb4c1937514e60629ddc713be22e9e0c40504d8b9eeb7cc77a9cbc997d2d8be86406b4b6b1d976af2444ae1098ec4c83e8a9b901605eb12ab54e48db540c3

  • SSDEEP

    12288:jDgN6MoIwT3qOOOOOOOOOOOOOOOOOOOOOOV:jTtT3qOOOOOOOOOOOOOOOOOOOOOOV

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads