Analysis
-
max time kernel
141s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 04:13
Static task
static1
Behavioral task
behavioral1
Sample
00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe
Resource
win10v2004-20220414-en
General
-
Target
00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe
-
Size
1.8MB
-
MD5
9335cda793a9425d621cd3a5c742c9b4
-
SHA1
527da31382a0c7b902465ff72d2798cfa369993c
-
SHA256
00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179
-
SHA512
4f1e6129daa8d7a60c6d3e38e70f990050327156c13f26b69a1dcd8921f50bdcf73fda01b11926cf627bd4f82bdf1413f6a798b057ea263e4bfe190c03a73455
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.108:50017
31.44.184.108:50018
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1764-56-0x0000000000400000-0x00000000005CC000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exepid process 1764 00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exepid process 1764 00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe"C:\Users\Admin\AppData\Local\Temp\00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage