Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
-
submitted
25-07-2022 04:26
General
-
Target
d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe
-
Size
2.1MB
-
MD5
49de3cafbabd4b2877e2f5d9382b1dc3
-
SHA1
9672d252fa5c58d99bce7c2b2f424397a65a1757
-
SHA256
d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00
-
SHA512
a50e9f85c3b92ce4dd7deaf384c92e42d6c7f64b4674b202f344af39896b5d8e9e7535c795bec7bfd1012c26680553d03c0077d51f11ae9d6df39f86a58d7d96
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.47:50017
31.44.184.47:50018
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
-
SendSafe payload 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe"C:\Users\Admin\AppData\Local\Temp\d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1780-54-0x0000000076601000-0x0000000076603000-memory.dmpFilesize
8KB
-
memory/1780-55-0x00000000020B0000-0x0000000002262000-memory.dmpFilesize
1.7MB
-
memory/1780-56-0x0000000000400000-0x0000000000618000-memory.dmpFilesize
2.1MB
-
memory/1780-57-0x0000000000400000-0x0000000000618000-memory.dmpFilesize
2.1MB