Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
29-10-2021 00:47
Static task
static1
Behavioral task
behavioral1
Sample
cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe
Resource
win10-en-20211014
General
-
Target
cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe
-
Size
1.8MB
-
MD5
6ce7ffaf76ea85421e115392ad7c7ba9
-
SHA1
23c4bf77d07bea66a11e0d2cdf1b19034f718fd4
-
SHA256
cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c
-
SHA512
039c75fd6cda94a5f467be95a7ef093197b3f56eff53590a0edee6d08a008f892132f49746f4623554bdbe85390a47f445eff822e9cd5e90b29753b1e22fe5b4
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.119:50073
31.44.184.119:50074
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3736-116-0x0000000000400000-0x00000000005D8000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exepid process 3736 cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe 3736 cecbb3cbe018dc3419300d5b350cdfbbb78adc3fb4d97e6738273c45c36bbf0c.exe