Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
06-12-2024 21:24
General
-
Target
374022bab0c830094064df75870499053c3b6cdd99c326696f90db06b81d4dbe.dll
-
Size
722KB
-
MD5
a47c3c62452901abc0e70b1db9b36adb
-
SHA1
2b720a3ecc71d08fa98fe2c68f96fabd26452cb2
-
SHA256
374022bab0c830094064df75870499053c3b6cdd99c326696f90db06b81d4dbe
-
SHA512
7d2330b58e8270d41df069830465d2afebbd75a4510741dc78ee6a8be7a8468bcf9305b36f9d8b56ca7020ae4e03536e3e808d52052648f3519532465e1ecf93
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYH:o6RI1Fo/wT3cJYYYYYYYYYYYYH
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\374022bab0c830094064df75870499053c3b6cdd99c326696f90db06b81d4dbe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\374022bab0c830094064df75870499053c3b6cdd99c326696f90db06b81d4dbe.dll,#12⤵
- System Location Discovery: System Language Discovery
-