Overview

overview

10

Static

static

9bd0b45588...f7.exe

windows7-x64

10

9bd0b45588...f7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    170s
  • max time network
    196s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2023 16:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exe

  • Size

    1.9MB

  • MD5

    a8e52a262ca1139f04900a85a6c76e34

  • SHA1

    15829cac86d11939fb4233304f67816d53c42c97

  • SHA256

    9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7

  • SHA512

    a0e98f53e12395654fa5c1f804cfbfe7ad164b302ce51c7151e01c26cf7b4f8ffa0cccc8a97d997bc835b0e9b7a71bb64cc9a58c930e38c59dca17b0693f4a45

  • SSDEEP

    49152:6oWrHHJeSUtbtMCiwwxi53lkH4R7+RiiKUE0HcL1ML:orHMSUECiizkYARBlE0HQuL

Score
10/10
sendsafeunregisteredbotnetspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.47:50035

31.44.184.47:50036
Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

    spambotnetsendsafe
  • SendSafe payload 1 IoCs
    botnet
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exe
    "C:\Users\Admin\AppData\Local\Temp\9bd0b45588eaf697ba933bdff0afc8448456023512711ff42feba380d1ced5f7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4840-132-0x0000000002400000-0x00000000025B2000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/4840-133-0x0000000000400000-0x00000000005EA000-memory.dmp
    Filesize

    1.9MB

    Download