Analysis
-
max time kernel
139s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
25-05-2022 00:06
Static task
static1
Behavioral task
behavioral1
Sample
a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe
Resource
win10v2004-20220414-en
General
-
Target
a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe
-
Size
2.1MB
-
MD5
9de8c58bce50d47be7ac227d4c0b1d57
-
SHA1
dc0aa1bf3ef425b40df474a3b7f49dbfe55950fc
-
SHA256
a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5
-
SHA512
469655b3a0bea6d160e02a291a9aef22d137e6e68bab12c8b5a2c94e33e40c25d11bc1946dc26aeda592af525103009b868556968ca2b656ac601626dcdaee78
Malware Config
Extracted
sendsafe
UNREGISTERED
91.220.131.131:50011
91.220.131.131:50012
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1776-55-0x0000000000400000-0x0000000000731000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exepid process 1776 a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe