Analysis
-
max time kernel
90s -
max time network
91s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
24/02/2025, 22:43
General
-
Target
23fdf99cf1786df11e54fab195e1c2e5bc03ff3a9cf453f179f0e76dee42ed44N.dll
-
Size
523KB
-
MD5
5ab7fae18148357ea20c757dd2564800
-
SHA1
ecf3136ecb02ab9cf728a699acaa3703c3d4fb5d
-
SHA256
23fdf99cf1786df11e54fab195e1c2e5bc03ff3a9cf453f179f0e76dee42ed44
-
SHA512
e42c344f14652030b96eadc37761accc8c0cd19189f09b77b667b2003ece3264595520322df98962668b6524d39457df3f4bb998a5ef9f5df7a554af57550ec1
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0F:jDgtfRQUHPw06MoV2nwTBlhm8d
Score
10/10
Malware Config
Signatures
-
Yunsip
Remote backdoor which communicates with a C2 server to receive commands.
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\23fdf99cf1786df11e54fab195e1c2e5bc03ff3a9cf453f179f0e76dee42ed44N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\23fdf99cf1786df11e54fab195e1c2e5bc03ff3a9cf453f179f0e76dee42ed44N.dll,#12⤵
- System Location Discovery: System Language Discovery
-