Analysis
-
max time kernel
182s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
02-06-2022 18:11
Static task
static1
Behavioral task
behavioral1
Sample
14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exe
Resource
win10v2004-20220414-en
General
-
Target
14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exe
-
Size
2.6MB
-
MD5
27feba883821607443248c4a71f088f0
-
SHA1
a28cdf62cdf55b50a4faef37b239a0a983227794
-
SHA256
14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7
-
SHA512
77685608bdaf287dc08a361eabe0a8ff68b65dbaa3c083bdfdde1e99ab7653c2453a9e77ed5a1d915cdfb77dd4d463df6770dbf5c539c13dd5b0e8027acfba00
Malware Config
Extracted
sendsafe
UNREGISTERED
91.220.131.68:50011
91.220.131.68:50012
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3436-131-0x0000000000400000-0x00000000006A3000-memory.dmp sendsafe behavioral2/memory/3436-132-0x0000000000400000-0x00000000006A3000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exepid process 3436 14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exe 3436 14ca56c1afc02cdc7af89c3ccf6355cceb7277b67f9401ff6dda766b27be8fd7.exe