Analysis
-
max time kernel
4294203s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
19-03-2022 11:42
Static task
static1
Behavioral task
behavioral1
Sample
ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe
Resource
win10v2004-20220310-en
General
-
Target
ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe
-
Size
1.7MB
-
MD5
8ad1d303eb8cd37ccd68916bb007cc8a
-
SHA1
db4f8e16d7c1fa6c9a2aa92bb8be72e7bd7db000
-
SHA256
ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358
-
SHA512
dd6affd15b225886e9abf0d1d03978c0b8d856a387992cdce293a7b3d521574fd792b6321740e0c3b499fcacb6d0d67d33b1b46044b0a3e3b036d86de8f98e60
Malware Config
Extracted
sendsafe
UNREGISTERED
195.2.240.119:50099
195.2.240.119:50100
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1656-56-0x0000000000400000-0x00000000005C9000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exepid process 1656 ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe