Overview

overview

10

Static

static

4ba9c14e81...f3.exe

windows7_x64

10

4ba9c14e81...f3.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    12-07-2022 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3.exe

  • Size

    2.6MB

  • MD5

    88aaabfa7462cf22c521309a75c8b077

  • SHA1

    983a0b0f77c80f0deb3771377041d9f070fa66c1

  • SHA256

    4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3

  • SHA512

    de7017ef3c09c2b08d7e1752d5aeb68c3fc6bf3e9bd839998ec82e9e0c6bf99665902a5fb19960fb1ef3098229214b2310d2ea0dfd3e1d4f6904d6fc6d2b17fc

Score
10/10
sendsafeunregisteredbotnetspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.68:50005

91.220.131.68:50006
Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

    spambotnetsendsafe
  • SendSafe payload 5 IoCs
    botnet
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3.exe
    "C:\Users\Admin\AppData\Local\Temp\4ba9c14e8123fd90208e8d4abfba407aa1832055acc64451c120d17d179b6af3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/892-54-0x00000000763B1000-0x00000000763B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/892-55-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/892-56-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/892-58-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/892-60-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/892-61-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/892-62-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/892-63-0x0000000001F70000-0x0000000002122000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/892-64-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download