Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
15-05-2022 21:50
General
-
Target
73c8d229db1d6f5df574c501f2e59963ecb7e7025474040356db9ef21d537177.exe
-
Size
2.1MB
-
MD5
ba4913867c60cf1d2ec88b3bb09046af
-
SHA1
0a044d6f06de935034f59fb819e4251b05ef0b6e
-
SHA256
73c8d229db1d6f5df574c501f2e59963ecb7e7025474040356db9ef21d537177
-
SHA512
8c530028ad2e450ede059b1fdda479432254428d0967c5a7d4249969bb755e76f144612e5d85e3168514dd9d182c5d9ef324b81404c743ede8e07e0b5c50c779
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.110:50005
31.44.184.110:50006
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
-
SendSafe Payload 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73c8d229db1d6f5df574c501f2e59963ecb7e7025474040356db9ef21d537177.exe"C:\Users\Admin\AppData\Local\Temp\73c8d229db1d6f5df574c501f2e59963ecb7e7025474040356db9ef21d537177.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1708-54-0x00000000758D1000-0x00000000758D3000-memory.dmpFilesize
8KB
-
memory/1708-55-0x0000000002090000-0x0000000002242000-memory.dmpFilesize
1.7MB
-
memory/1708-56-0x0000000000400000-0x0000000000618000-memory.dmpFilesize
2.1MB