Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
16-10-2024 18:04
General
-
Target
014c7e872b5c0913d830a121ed9ddfbf1ee2a7fb449345261ccb319ed4e6ae7e.dll
-
Size
868KB
-
MD5
77a876475e0c2b03919fddfa1ac29365
-
SHA1
e9d3868c1f77308585e8d42b69b659f3452309ce
-
SHA256
014c7e872b5c0913d830a121ed9ddfbf1ee2a7fb449345261ccb319ed4e6ae7e
-
SHA512
6c5c7bdf815e3043d024812deb3fed7c7056c711fea1ecff9ef81c58a1e75126a612a948002087d68b947a8f7e79ad66e051956269e618f200121d081204e60a
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0T:jDgtfRQUHPw06MoV2nwTBlhm8L
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\014c7e872b5c0913d830a121ed9ddfbf1ee2a7fb449345261ccb319ed4e6ae7e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\014c7e872b5c0913d830a121ed9ddfbf1ee2a7fb449345261ccb319ed4e6ae7e.dll,#12⤵
- System Location Discovery: System Language Discovery
-