Overview

overview

10

Static

static

cecbb3cbe0...0c.exe

windows7_x64

10

cecbb3cbe0...0c.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    29-10-2021 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe

  • Size

    1.8MB

  • MD5

    6ce7ffaf76ea85421e115392ad7c7ba9

  • SHA1

    23c4bf77d07bea66a11e0d2cdf1b19034f718fd4

  • SHA256

    cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c

  • SHA512

    039c75fd6cda94a5f467be95a7ef093197b3f56eff53590a0edee6d08a008f892132f49746f4623554bdbe85390a47f445eff822e9cd5e90b29753b1e22fe5b4

Score
10/10
sendsafeunregisteredbotnetspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.119:50073

31.44.184.119:50074
Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

    spambotnetsendsafe
  • SendSafe Payload 1 IoCs
    botnet
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe
    "C:\Users\Admin\AppData\Local\Temp\cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:964
  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\WaitUninstall.wmf"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/964-54-0x0000000001E60000-0x0000000002012000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/964-55-0x0000000000400000-0x00000000005D8000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1676-56-0x000007FEFBA11000-0x000007FEFBA13000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1676-57-0x0000000001CF0000-0x0000000001CF1000-memory.dmp
    Filesize

    4KB

    Download