Analysis
-
max time kernel
170s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-01-2023 16:34
Static task
static1
Behavioral task
behavioral1
Sample
9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exe
Resource
win10v2004-20221111-en
General
-
Target
9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exe
-
Size
1.9MB
-
MD5
a8e52a262ca1139f04900a85a6c76e34
-
SHA1
15829cac86d11939fb4233304f67816d53c42c97
-
SHA256
9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7
-
SHA512
a0e98f53e12395654fa5c1f804cfbfe7ad164b302ce51c7151e01c26cf7b4f8ffa0cccc8a97d997bc835b0e9b7a71bb64cc9a58c930e38c59dca17b0693f4a45
-
SSDEEP
49152:6oWrHHJeSUtbtMCiwwxi53lkH4R7+RiiKUE0HcL1ML:orHMSUECiizkYARBlE0HQuL
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.47:50035
31.44.184.47:50036
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4840-133-0x0000000000400000-0x00000000005EA000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exepid process 4840 9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exe 4840 9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exe