sendsafe | d4dfb771a01eff68343bcafb01614a72d294c80a70c5eaddf300b0b0ad5d253f

Analysis

max time kernel
140s
max time network
142s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06-05-2024 00:21

Target

19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe
Size

1.9MB
MD5

19e04ede9a9657c6b6a984150a226923
SHA1

fe121bb0b2a9c3da49a39ba9a99061b715dafc74
SHA256

d4dfb771a01eff68343bcafb01614a72d294c80a70c5eaddf300b0b0ad5d253f
SHA512

a26e48c284a885d6de6c0f24cd5a20a22e41fe40a519c248e3197d607f9c95cad7c1b918346f5a77920f3e64c054458c95d8d4e2f020a6a6beb538b077661f8a
SSDEEP

24576:R825Kz3iScbWjRZ0L006Dk/mZfUanuoUSyetjIJRWbVX8UKzpr8enO6w:TM3eonpQ/mpvuvSye9IObp89prM6

Score

10^/10

Family

sendsafe

Botnet

UNREGISTERED

91.220.131.59:50003

91.220.131.59:50004

Attributes

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

SendSafe payload 2 IoCs

botnet

Processes:

resource	yara_rule
behavioral1/memory/2356-1-0x0000000000400000-0x00000000005C9000-memory.dmp	sendsafe
behavioral1/memory/2356-2-0x0000000000400000-0x00000000005C9000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe

pid process

2356 19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe

pid process

2356 19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe

pid	process
2356	19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe

pid	process
2356	19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe

memory/2356-0-0x0000000001DE0000-0x0000000001F92000-memory.dmp

Filesize
1.7MB

Download
memory/2356-1-0x0000000000400000-0x00000000005C9000-memory.dmp

Filesize
1.8MB

Download
memory/2356-2-0x0000000000400000-0x00000000005C9000-memory.dmp

Filesize
1.8MB

Download