Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    15-05-2022 21:50

General

  • Target

    73c8d229db1d6f5df574c501f2e59963ecb7e7025474040356db9ef21d537177.exe

  • Size

    2.1MB

  • MD5

    ba4913867c60cf1d2ec88b3bb09046af

  • SHA1

    0a044d6f06de935034f59fb819e4251b05ef0b6e

  • SHA256

    73c8d229db1d6f5df574c501f2e59963ecb7e7025474040356db9ef21d537177

  • SHA512

    8c530028ad2e450ede059b1fdda479432254428d0967c5a7d4249969bb755e76f144612e5d85e3168514dd9d182c5d9ef324b81404c743ede8e07e0b5c50c779

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.110:50005

31.44.184.110:50006

Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

  • SendSafe Payload 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73c8d229db1d6f5df574c501f2e59963ecb7e7025474040356db9ef21d537177.exe
    "C:\Users\Admin\AppData\Local\Temp\73c8d229db1d6f5df574c501f2e59963ecb7e7025474040356db9ef21d537177.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1708-54-0x00000000758D1000-0x00000000758D3000-memory.dmp
    Filesize

    8KB

  • memory/1708-55-0x0000000002090000-0x0000000002242000-memory.dmp
    Filesize

    1.7MB

  • memory/1708-56-0x0000000000400000-0x0000000000618000-memory.dmp
    Filesize

    2.1MB