Analysis
-
max time kernel
156s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220722-en -
resource tags
arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2022 04:26
Static task
static1
Behavioral task
behavioral1
Sample
d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe
Resource
win10v2004-20220722-en
General
-
Target
d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe
-
Size
2.1MB
-
MD5
49de3cafbabd4b2877e2f5d9382b1dc3
-
SHA1
9672d252fa5c58d99bce7c2b2f424397a65a1757
-
SHA256
d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00
-
SHA512
a50e9f85c3b92ce4dd7deaf384c92e42d6c7f64b4674b202f344af39896b5d8e9e7535c795bec7bfd1012c26680553d03c0077d51f11ae9d6df39f86a58d7d96
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.47:50017
31.44.184.47:50018
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3492-133-0x0000000000400000-0x0000000000618000-memory.dmp sendsafe behavioral2/memory/3492-135-0x0000000000400000-0x0000000000618000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exepid process 3492 d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe 3492 d579786f0f9d26894e2a96a987acac8101aae2ba609cb20f75896edc6eb05e00.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3492-132-0x0000000002760000-0x0000000002912000-memory.dmpFilesize
1.7MB
-
memory/3492-133-0x0000000000400000-0x0000000000618000-memory.dmpFilesize
2.1MB
-
memory/3492-134-0x0000000002760000-0x0000000002912000-memory.dmpFilesize
1.7MB
-
memory/3492-135-0x0000000000400000-0x0000000000618000-memory.dmpFilesize
2.1MB