Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-09-2024 18:51

General

  • Target

    114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323.dll

  • Size

    1.0MB

  • MD5

    e909718353327e160e98e242745d2d3a

  • SHA1

    e44d98a891a607508dc531b5a8d58fb23e045ae7

  • SHA256

    114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323

  • SHA512

    0b74e4a9cd26b4bb73963f795ddd6898304143f6de3accda75a82d54c8e52e1fac9bdc0e9f468d70d8b9f4f3e010e4624672c6ea85f18e88765ff55510f8b3d8

  • SSDEEP

    6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY2:o6RI1Fo/wT3cJYYYYYYYYYYYY2

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.