Analysis
-
max time kernel
133s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-10-2024 00:08
General
-
Target
a5bca4662299449b6cd9f826c7dd828378891905e854c4b89d6163c371d36182N.dll
-
Size
577KB
-
MD5
7277e3b72f3e6b0dd365b607c7397c80
-
SHA1
0f143d99c7f37e8f87f2b1d1687d774bbc2b6451
-
SHA256
a5bca4662299449b6cd9f826c7dd828378891905e854c4b89d6163c371d36182
-
SHA512
22c4302961b4b7eecd41bc07b234fa50be8033e438680b8f2dd616388732fb9d5c8ac3c4dfc88ea0f3ebd8f78ccf2f6a1d0c666d874958587835f844bdf80543
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYN:o6RI1Fo/wT3cJYYYYYYYYYYYYN
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a5bca4662299449b6cd9f826c7dd828378891905e854c4b89d6163c371d36182N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a5bca4662299449b6cd9f826c7dd828378891905e854c4b89d6163c371d36182N.dll,#12⤵
- System Location Discovery: System Language Discovery
-