Analysis
-
max time kernel
170s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 19:31
Static task
static1
Behavioral task
behavioral1
Sample
a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exe
Resource
win10v2004-20220414-en
General
-
Target
a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exe
-
Size
1.8MB
-
MD5
e690adaff12871a45813256de96a26f9
-
SHA1
07de85cfdd152fbf45d68ec5f25c083bc37fcb88
-
SHA256
a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924
-
SHA512
d639096fc4ea8076879f1a89a7a26e0fcd2be4a9d87f88ef6c3540109742d8247c7fb8a71da8303a1963a564da919770db92b3fd03d0a5655f208e155cd724e3
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.151:50017
31.44.184.151:50018
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4888-131-0x0000000000400000-0x00000000005CC000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exepid process 4888 a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exe 4888 a77a697ba2f3323a53c1b05f89212296ae5e4f73529c8fa264ae18a94d268924.exe