Overview

overview

10

Static

static

2ed4cb4576...63.exe

windows7_x64

10

2ed4cb4576...63.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    155s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    22-06-2022 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe

  • Size

    2.1MB

  • MD5

    2de1126686410aa5f13dd7bd965986df

  • SHA1

    980e751f7cfc36bc6a7eaa0174e4636218db628a

  • SHA256

    2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63

  • SHA512

    48884eb7234503c9d9e21a14143d761d698fc1627e2dc3cd56d6deaab502931b0b86a25d75ced32d0e942977fcb32ba27be284d3bac870caf3e8b285eb8f7f7b

Score
10/10
sendsafeunregisteredbotnetspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.47:50013

31.44.184.47:50014
Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

    spambotnetsendsafe
  • SendSafe Payload 2 IoCs
    botnet
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe
    "C:\Users\Admin\AppData\Local\Temp\2ed4cb4576786d557046e1478d6e40f423daf7f3146cc92a8c3103092b40ca63.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/920-131-0x0000000002590000-0x0000000002742000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/920-132-0x0000000000400000-0x0000000000613000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/920-133-0x0000000002590000-0x0000000002742000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/920-134-0x0000000000400000-0x0000000000613000-memory.dmp
    Filesize

    2.1MB

    Download