Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
05-10-2021 17:35
Static task
static1
Behavioral task
behavioral1
Sample
119.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
119.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
119.exe
-
Size
1.9MB
-
MD5
5ccc9d91153304f7cfca984270a74e6d
-
SHA1
3718f5677d7c4a8fb09a65862691ba370b84cb56
-
SHA256
5839f634f394ae2780b42f8fafb36a8fb452c853cf8ae160725bcd9acec60fdf
-
SHA512
40671e882cb91a82e4960ba303bb1be03077291dd68c0afb86704df1d20ea732b3917086261cc46b8270bc324c4c8044a5e18adafe4badc6e77ca4c5a121b5d5
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.119:50065
31.44.184.119:50066
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2384-116-0x0000000000400000-0x00000000005EA000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
119.exepid process 2384 119.exe 2384 119.exe