Analysis
-
max time kernel
187s -
max time network
193s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
16-05-2022 12:31
Static task
static1
Behavioral task
behavioral1
Sample
1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exe
Resource
win10v2004-20220414-en
General
-
Target
1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exe
-
Size
1.9MB
-
MD5
397149c43cba3dc36aa008e8e1e7b430
-
SHA1
866f579d72d2e817a0e31a1837673b687f0b447b
-
SHA256
1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4
-
SHA512
0c100e7153e8b59a12ada7ae48c61cbfb06def7b5f1c0413f70f26f59b040299ce42ba31cedc18b92227346fb3c40e3ccda8b78bf2dfedb31ec7f50853a4c938
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.106:50005
31.44.184.106:50006
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1764-56-0x0000000000400000-0x00000000005DD000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exepid process 1764 1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exepid process 1764 1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exe"C:\Users\Admin\AppData\Local\Temp\1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage