Analysis
-
max time kernel
142s -
max time network
145s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
28-10-2021 13:06
Static task
static1
Behavioral task
behavioral1
Sample
79.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
79.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
79.exe
-
Size
1.8MB
-
MD5
b062ac64f0dd8e1812478b6d3dc163b8
-
SHA1
b294106c1d49b71d9b550f657553e9a5c096985a
-
SHA256
48d0e0d078cf974050b177c18d5f805ca0ad916a37ee15573fc4328da613d84e
-
SHA512
57e97346704284b5b188b25277f3e5a4f83a9b4dc5d962adbb60dbb9b3606cd649ac8a07d66bcef89a9f4cc6384fb2259582d6a1559d171391f7b9d6ce7f54ce
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.79:50073
31.44.184.79:50074
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/420-116-0x0000000000400000-0x00000000005D8000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
79.exepid process 420 79.exe 420 79.exe