Analysis
-
max time kernel
102s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
05-11-2024 16:49
General
-
Target
be97e94befb8421724780b35accc308e76322b56f418e0a7f7e4250a20a0a8a9N.dll
-
Size
582KB
-
MD5
4067cd4b993c656782137b6b4b4f62c0
-
SHA1
9cbed67c2dba2b3b758b3f210caae3ca40e44166
-
SHA256
be97e94befb8421724780b35accc308e76322b56f418e0a7f7e4250a20a0a8a9
-
SHA512
16783114dbad0e17f3c0fe5a7890942484fd1878eb775932eb6b0c6626450174603432fb1cdb68683b7b83a15f4d735023edcb0b08115ff5ebe22f012990540f
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0Z:jDgtfRQUHPw06MoV2nwTBlhm8B
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be97e94befb8421724780b35accc308e76322b56f418e0a7f7e4250a20a0a8a9N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be97e94befb8421724780b35accc308e76322b56f418e0a7f7e4250a20a0a8a9N.dll,#12⤵
- System Location Discovery: System Language Discovery
-