Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-06-2022 22:29
General
-
Target
2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exe
-
Size
1.9MB
-
MD5
8d771bb22bcb38f1c7b47e13678d36b1
-
SHA1
46e428de1757248bad10aa79ea86c18f360475c3
-
SHA256
2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c
-
SHA512
ada911d8a3fd31590d8740c20d68f926558839d2ef3ea52782f43deaf881ebfd67c986f5d7962afb76da1fdbd3a29133f55f35bb8ae43baed1c07362aa533ffb
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.32:50013
31.44.184.32:50014
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
-
SendSafe Payload 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exe"C:\Users\Admin\AppData\Local\Temp\2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/868-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmpFilesize
8KB
-
memory/868-55-0x0000000002120000-0x00000000022D2000-memory.dmpFilesize
1.7MB
-
memory/868-56-0x0000000000400000-0x00000000005F0000-memory.dmpFilesize
1.9MB
-
memory/868-57-0x0000000002120000-0x00000000022D2000-memory.dmpFilesize
1.7MB