Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

367706be25...17.dll

windows7-x64

10

367706be25...17.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2025, 22:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    367706be25c97a45c6cd40aaaee709f7902ae33a1e6b071743e525a8a392ac17.dll

  • Size

    774KB

  • MD5

    f0568460f201546ed14b99f216c256be

  • SHA1

    7bd1bc93fbc8c58ff7983f8e3f364bfc634cca4c

  • SHA256

    367706be25c97a45c6cd40aaaee709f7902ae33a1e6b071743e525a8a392ac17

  • SHA512

    4294c5021bd753bd9c12a825b3fba1ddfb70a5d56ea2b90bb7bf5dba3ac310d9c55ee77284e783e2d79172db8d4c2b6e90be5fd07173a09e427cb8c6938882c2

  • SSDEEP

    3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0X:jDgtfRQUHPw06MoV2nwTBlhm8P

Score
10/10
yunsipbankerdiscoverytrojan

Malware Config

Signatures

  • Yunsip

    Remote backdoor which communicates with a C2 server to receive commands.

    trojanbankeryunsip
  • Yunsip family
    yunsip
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\367706be25c97a45c6cd40aaaee709f7902ae33a1e6b071743e525a8a392ac17.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\367706be25c97a45c6cd40aaaee709f7902ae33a1e6b071743e525a8a392ac17.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:640

Network

  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 707951
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 845794855EB74CDEBCCB0D59C88EBAE3 Ref B: FRA31EDGE0122 Ref C: 2025-02-25T22:14:25Z
    date: Tue, 25 Feb 2025 22:14:25 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301477_14PVM3YMRTCSD2NZ8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301477_14PVM3YMRTCSD2NZ8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 694757
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A61FB1C32B2F4CDCB6FF72E64946D3F2 Ref B: FRA31EDGE0122 Ref C: 2025-02-25T22:14:26Z
    date: Tue, 25 Feb 2025 22:14:25 GMT
  • 150.171.28.10:443
    tls, https
    164 B
     40 B
     2
    1
  • 150.171.28.10:443
    322 B
     7
  • 150.171.28.10:443
    322 B
     7
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    3.2kB
     7.0kB
     20
    14
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301477_14PVM3YMRTCSD2NZ8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    57.3kB
     1.5MB
     1117
    1112

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301477_14PVM3YMRTCSD2NZ8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.