Analysis
-
max time kernel
153s -
max time network
160s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
25-07-2022 17:33
Static task
static1
Behavioral task
behavioral1
Sample
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe
Resource
win10v2004-20220721-en
General
-
Target
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe
-
Size
2.1MB
-
MD5
1fc6b77668c03b3bfaa49b78a2570fbd
-
SHA1
9ce75b025047027fe608abde93cbb6141d0a373c
-
SHA256
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e
-
SHA512
5c4ab3f0880c345ff8d76c3976666994c6ef6c6f02f9e4f9e8f6675acf793a8f73041babbd88273e3ecdfbcfb9fa6f6a24fabd5473af8edbc35484bd6bf23a21
Malware Config
Extracted
sendsafe
UNREGISTERED
91.220.131.75:50005
91.220.131.75:50006
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1320-55-0x0000000000400000-0x000000000061B000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exepid process 1320 54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exepid process 1320 54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe"C:\Users\Admin\AppData\Local\Temp\54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage