Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
29-09-2021 14:17
Static task
static1
Behavioral task
behavioral1
Sample
79.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
79.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
79.exe
-
Size
1.9MB
-
MD5
5750a2f99d01b109567946629a2a0c6f
-
SHA1
37a34e3d50dca788fba8920f89cfe646bfad58cc
-
SHA256
7ff200e60567310e60ee9e6e94cfea71058a648b81c757f2841b243fd4102279
-
SHA512
f903c25a6e4f855177e730500537c48d4c094d6ef2023854512a79db64a2a297eeba15fed01e296de69e5bdd6959718f53d07fcabe643f6f6b6e0526bdfeb469
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.79:50063
31.44.184.79:50064
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2072-116-0x0000000000400000-0x00000000005EA000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
79.exepid process 2072 79.exe 2072 79.exe