Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    22-06-2022 06:45

General

  • Target

    2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe

  • Size

    2.1MB

  • MD5

    2de1126686410aa5f13dd7bd965986df

  • SHA1

    980e751f7cfc36bc6a7eaa0174e4636218db628a

  • SHA256

    2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63

  • SHA512

    48884eb7234503c9d9e21a14143d761d698fc1627e2dc3cd56d6deaab502931b0b86a25d75ced32d0e942977fcb32ba27be284d3bac870caf3e8b285eb8f7f7b

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.47:50013

31.44.184.47:50014

Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

  • SendSafe Payload 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe
    "C:\Users\Admin\AppData\Local\Temp\2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1472-54-0x0000000074F21000-0x0000000074F23000-memory.dmp
    Filesize

    8KB

  • memory/1472-55-0x00000000020C0000-0x0000000002272000-memory.dmp
    Filesize

    1.7MB

  • memory/1472-56-0x0000000000400000-0x0000000000613000-memory.dmp
    Filesize

    2.1MB

  • memory/1472-57-0x00000000020C0000-0x0000000002272000-memory.dmp
    Filesize

    1.7MB