Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-07-2022 09:12
Static task
static1
Behavioral task
behavioral1
Sample
4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3.exe
Resource
win10v2004-20220414-en
General
-
Target
4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3.exe
-
Size
2.6MB
-
MD5
88aaabfa7462cf22c521309a75c8b077
-
SHA1
983a0b0f77c80f0deb3771377041d9f070fa66c1
-
SHA256
4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3
-
SHA512
de7017ef3c09c2b08d7e1752d5aeb68c3fc6bf3e9bd839998ec82e9e0c6bf99665902a5fb19960fb1ef3098229214b2310d2ea0dfd3e1d4f6904d6fc6d2b17fc
Malware Config
Extracted
sendsafe
UNREGISTERED
91.220.131.68:50005
91.220.131.68:50006
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 5 IoCs
Processes:
resource yara_rule behavioral1/memory/892-58-0x0000000000400000-0x0000000000692000-memory.dmp sendsafe behavioral1/memory/892-60-0x0000000000400000-0x0000000000692000-memory.dmp sendsafe behavioral1/memory/892-61-0x0000000000400000-0x0000000000692000-memory.dmp sendsafe behavioral1/memory/892-62-0x0000000000400000-0x0000000000692000-memory.dmp sendsafe behavioral1/memory/892-64-0x0000000000400000-0x0000000000692000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3.exepid process 892 4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3.exe