Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-06-2022 22:29
Static task
static1
Behavioral task
behavioral1
Sample
2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exe
Resource
win10v2004-20220414-en
General
-
Target
2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exe
-
Size
1.9MB
-
MD5
8d771bb22bcb38f1c7b47e13678d36b1
-
SHA1
46e428de1757248bad10aa79ea86c18f360475c3
-
SHA256
2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c
-
SHA512
ada911d8a3fd31590d8740c20d68f926558839d2ef3ea52782f43deaf881ebfd67c986f5d7962afb76da1fdbd3a29133f55f35bb8ae43baed1c07362aa533ffb
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.32:50013
31.44.184.32:50014
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/868-56-0x0000000000400000-0x00000000005F0000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exepid process 868 2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exepid process 868 2462d5526bf60986a139f7dba41606a4bafd574431f31c38048d573a1ca3f52c.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/868-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmpFilesize
8KB
-
memory/868-55-0x0000000002120000-0x00000000022D2000-memory.dmpFilesize
1.7MB
-
memory/868-56-0x0000000000400000-0x00000000005F0000-memory.dmpFilesize
1.9MB
-
memory/868-57-0x0000000002120000-0x00000000022D2000-memory.dmpFilesize
1.7MB