Analysis
-
max time kernel
170s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 19:31
General
-
Target
a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exe
-
Size
1.8MB
-
MD5
e690adaff12871a45813256de96a26f9
-
SHA1
07de85cfdd152fbf45d68ec5f25c083bc37fcb88
-
SHA256
a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924
-
SHA512
d639096fc4ea8076879f1a89a7a26e0fcd2be4a9d87f88ef6c3540109742d8247c7fb8a71da8303a1963a564da919770db92b3fd03d0a5655f208e155cd724e3
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.151:50017
31.44.184.151:50018
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
-
SendSafe Payload 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exe"C:\Users\Admin\AppData\Local\Temp\a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4888-130-0x0000000002530000-0x00000000026E2000-memory.dmpFilesize
1.7MB
-
memory/4888-131-0x0000000000400000-0x00000000005CC000-memory.dmpFilesize
1.8MB