Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
16-12-2024 05:12
General
-
Target
2e61093f46440639698c0c2ce373ade6558612c28e84c0b87cfbc4cc5d1086ebN.dll
-
Size
1.5MB
-
MD5
344eedf663edd4f261668d0a74daf970
-
SHA1
12c90a9cf21e3e8ac1a0ff0737603f9b3c99da04
-
SHA256
2e61093f46440639698c0c2ce373ade6558612c28e84c0b87cfbc4cc5d1086eb
-
SHA512
cf27751eb67b07cb6d8ddff627232ab9b89cb08790d30f24527833ffd6b6c7fcc1e61a483d4839f0af63b657551749f9c3c6eeb849e6aed15ecdc11b524d4303
-
SSDEEP
6144:jDgtfRQUHPw06MoV2nwTBlhm8zDgtfRQUHPw06MoV2nwTBlhm8N:jDgN6MoIwT3vDgN6MoIwT3p
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2e61093f46440639698c0c2ce373ade6558612c28e84c0b87cfbc4cc5d1086ebN.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2e61093f46440639698c0c2ce373ade6558612c28e84c0b87cfbc4cc5d1086ebN.dll,#12⤵
- System Location Discovery: System Language Discovery
-