Analysis
-
max time kernel
155s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
22-06-2022 06:45
Static task
static1
Behavioral task
behavioral1
Sample
2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe
Resource
win10v2004-20220414-en
General
-
Target
2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe
-
Size
2.1MB
-
MD5
2de1126686410aa5f13dd7bd965986df
-
SHA1
980e751f7cfc36bc6a7eaa0174e4636218db628a
-
SHA256
2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63
-
SHA512
48884eb7234503c9d9e21a14143d761d698fc1627e2dc3cd56d6deaab502931b0b86a25d75ced32d0e942977fcb32ba27be284d3bac870caf3e8b285eb8f7f7b
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.47:50013
31.44.184.47:50014
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/920-132-0x0000000000400000-0x0000000000613000-memory.dmp sendsafe behavioral2/memory/920-134-0x0000000000400000-0x0000000000613000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exepid process 920 2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe 920 2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/920-131-0x0000000002590000-0x0000000002742000-memory.dmpFilesize
1.7MB
-
memory/920-132-0x0000000000400000-0x0000000000613000-memory.dmpFilesize
2.1MB
-
memory/920-133-0x0000000002590000-0x0000000002742000-memory.dmpFilesize
1.7MB
-
memory/920-134-0x0000000000400000-0x0000000000613000-memory.dmpFilesize
2.1MB