Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2022 04:26

General

  • Target

    d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe

  • Size

    2.1MB

  • MD5

    49de3cafbabd4b2877e2f5d9382b1dc3

  • SHA1

    9672d252fa5c58d99bce7c2b2f424397a65a1757

  • SHA256

    d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00

  • SHA512

    a50e9f85c3b92ce4dd7deaf384c92e42d6c7f64b4674b202f344af39896b5d8e9e7535c795bec7bfd1012c26680553d03c0077d51f11ae9d6df39f86a58d7d96

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.47:50017

31.44.184.47:50018

Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

  • SendSafe payload 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe
    "C:\Users\Admin\AppData\Local\Temp\d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1780-54-0x0000000076601000-0x0000000076603000-memory.dmp
    Filesize

    8KB

  • memory/1780-55-0x00000000020B0000-0x0000000002262000-memory.dmp
    Filesize

    1.7MB

  • memory/1780-56-0x0000000000400000-0x0000000000618000-memory.dmp
    Filesize

    2.1MB

  • memory/1780-57-0x0000000000400000-0x0000000000618000-memory.dmp
    Filesize

    2.1MB