Analysis
-
max time kernel
141s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 09:17
Static task
static1
Behavioral task
behavioral1
Sample
30871838cccaa52d8d99195969509454.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
30871838cccaa52d8d99195969509454.exe
Resource
win10v2004-20231215-en
General
-
Target
30871838cccaa52d8d99195969509454.exe
-
Size
2.1MB
-
MD5
30871838cccaa52d8d99195969509454
-
SHA1
86c160bd03bc2967e66ee78d17110fbef4fe6131
-
SHA256
9843da0234145d9ca5cb3a5b389db04bd285b2bca8ee265e5b99d2ad3de17f23
-
SHA512
54514b37144e84795ebeb44d6c1a3f760017d8075a292e54c28daff4d4877968030b45b5f89e204f4b475429102e58d9054320ce34ab6b49c2e4a8fbc61bd7dc
-
SSDEEP
49152:dgyrkMY8zYZx1970lO+gFiQknJXE4/d8wESU+tc1aW:dTQ7/B5BiQkn+gd8LSBtckW
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.47:50077
31.44.184.47:50078
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2028-1-0x0000000000400000-0x000000000061E000-memory.dmp sendsafe behavioral1/memory/2028-2-0x0000000000400000-0x000000000061E000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
30871838cccaa52d8d99195969509454.exepid process 2028 30871838cccaa52d8d99195969509454.exe