Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 04:13

General

  • Target

    00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe

  • Size

    1.8MB

  • MD5

    9335cda793a9425d621cd3a5c742c9b4

  • SHA1

    527da31382a0c7b902465ff72d2798cfa369993c

  • SHA256

    00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179

  • SHA512

    4f1e6129daa8d7a60c6d3e38e70f990050327156c13f26b69a1dcd8921f50bdcf73fda01b11926cf627bd4f82bdf1413f6a798b057ea263e4bfe190c03a73455

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.108:50017

31.44.184.108:50018

Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

  • SendSafe Payload 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe
    "C:\Users\Admin\AppData\Local\Temp\00dae3b8c11ec21ffa25d9c4044f909422f96a8ec31d71786d01dd5595f4a179.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1764-54-0x0000000074F91000-0x0000000074F93000-memory.dmp
    Filesize

    8KB

  • memory/1764-55-0x0000000002030000-0x00000000021E2000-memory.dmp
    Filesize

    1.7MB

  • memory/1764-56-0x0000000000400000-0x00000000005CC000-memory.dmp
    Filesize

    1.8MB