Analysis
-
max time kernel
174s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2022 17:33
Static task
static1
Behavioral task
behavioral1
Sample
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe
Resource
win10v2004-20220721-en
General
-
Target
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe
-
Size
2.1MB
-
MD5
1fc6b77668c03b3bfaa49b78a2570fbd
-
SHA1
9ce75b025047027fe608abde93cbb6141d0a373c
-
SHA256
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e
-
SHA512
5c4ab3f0880c345ff8d76c3976666994c6ef6c6f02f9e4f9e8f6675acf793a8f73041babbd88273e3ecdfbcfb9fa6f6a24fabd5473af8edbc35484bd6bf23a21
Malware Config
Extracted
sendsafe
UNREGISTERED
91.220.131.75:50005
91.220.131.75:50006
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4556-131-0x0000000000400000-0x000000000061B000-memory.dmp sendsafe behavioral2/memory/4556-132-0x0000000000400000-0x000000000061B000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exepid process 4556 54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe 4556 54f00762755f80dae7b5f20736629f1921d0b13c17381eda53516aad55ea997e.exe