Analysis
-
max time kernel
143s -
max time network
143s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
19-10-2021 17:19
Static task
static1
Behavioral task
behavioral1
Sample
79.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
79.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
79.exe
-
Size
1.8MB
-
MD5
657ce5ecaa9fa76d02a1a246bd0a585e
-
SHA1
6215082020db55ed27551ce11e78bee29f6475f2
-
SHA256
a0c2f11617206b674b728d12b9a6f8e0c16ccaa633e3d21dc051733a65564827
-
SHA512
4cf4ccb338e22ee8e69c0c50aae44dbb68421f3834796272ca1afa7b7a19cf1d522ebea79b79754e3d066e0b941159be364bb0f2de645c6052cf6f809c9e5810
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.79:50071
31.44.184.79:50072
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1684-55-0x0000000000400000-0x00000000005D8000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
79.exepid process 1684 79.exe