Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 09:03
General
-
Target
ce5dc4645b0930f40123fc7688cf7261e79dea32c934183eab601be78cd51acfN.dll
-
Size
714KB
-
MD5
872ac794e9aa6d0a7e9febbb3c077500
-
SHA1
8fbd5e613d5dfa8adcd8989732d49b0f2f800e72
-
SHA256
ce5dc4645b0930f40123fc7688cf7261e79dea32c934183eab601be78cd51acf
-
SHA512
ade939c7cfe9d2d3c0abb4734dff13574a797feb6c47fc5433d454f8f4efa4397a505b598e9e8bdcdbcc5daa44d5e8534f321c6313654512b348e106bec07284
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q05:jDgtfRQUHPw06MoV2nwTBlhm8h
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ce5dc4645b0930f40123fc7688cf7261e79dea32c934183eab601be78cd51acfN.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ce5dc4645b0930f40123fc7688cf7261e79dea32c934183eab601be78cd51acfN.dll,#12⤵
- System Location Discovery: System Language Discovery
-