Overview

overview

10

Static

static

cecbb3cbe0...0c.exe

windows7_x64

10

cecbb3cbe0...0c.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    29-10-2021 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe

  • Size

    1.8MB

  • MD5

    6ce7ffaf76ea85421e115392ad7c7ba9

  • SHA1

    23c4bf77d07bea66a11e0d2cdf1b19034f718fd4

  • SHA256

    cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c

  • SHA512

    039c75fd6cda94a5f467be95a7ef093197b3f56eff53590a0edee6d08a008f892132f49746f4623554bdbe85390a47f445eff822e9cd5e90b29753b1e22fe5b4

Score
10/10
sendsafeunregisteredbotnetspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.119:50073

31.44.184.119:50074
Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

    spambotnetsendsafe
  • SendSafe Payload 1 IoCs
    botnet
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe
    "C:\Users\Admin\AppData\Local\Temp\cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3736-116-0x0000000000400000-0x00000000005D8000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/3736-115-0x0000000002320000-0x00000000024D2000-memory.dmp
    Filesize

    1.7MB

    Download