Overview

overview

10

Static

static

14ca56c1af...d7.exe

windows7_x64

10

14ca56c1af...d7.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    182s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    02-06-2022 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exe

  • Size

    2.6MB

  • MD5

    27feba883821607443248c4a71f088f0

  • SHA1

    a28cdf62cdf55b50a4faef37b239a0a983227794

  • SHA256

    14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7

  • SHA512

    77685608bdaf287dc08a361eabe0a8ff68b65dbaa3c083bdfdde1e99ab7653c2453a9e77ed5a1d915cdfb77dd4d463df6770dbf5c539c13dd5b0e8027acfba00

Score
10/10
sendsafeunregisteredbotnetspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.68:50011

91.220.131.68:50012
Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

    spambotnetsendsafe
  • SendSafe Payload 2 IoCs
    botnet
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exe
    "C:\Users\Admin\AppData\Local\Temp\14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3436-130-0x0000000002630000-0x00000000027E2000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/3436-131-0x0000000000400000-0x00000000006A3000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/3436-132-0x0000000000400000-0x00000000006A3000-memory.dmp
    Filesize

    2.6MB

    Download