Analysis
-
max time kernel
152s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
22-06-2022 06:45
General
-
Target
2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe
-
Size
2.1MB
-
MD5
2de1126686410aa5f13dd7bd965986df
-
SHA1
980e751f7cfc36bc6a7eaa0174e4636218db628a
-
SHA256
2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63
-
SHA512
48884eb7234503c9d9e21a14143d761d698fc1627e2dc3cd56d6deaab502931b0b86a25d75ced32d0e942977fcb32ba27be284d3bac870caf3e8b285eb8f7f7b
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.47:50013
31.44.184.47:50014
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
-
SendSafe Payload 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe"C:\Users\Admin\AppData\Local\Temp\2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1472-54-0x0000000074F21000-0x0000000074F23000-memory.dmpFilesize
8KB
-
memory/1472-55-0x00000000020C0000-0x0000000002272000-memory.dmpFilesize
1.7MB
-
memory/1472-56-0x0000000000400000-0x0000000000613000-memory.dmpFilesize
2.1MB
-
memory/1472-57-0x00000000020C0000-0x0000000002272000-memory.dmpFilesize
1.7MB