Overview

overview

10

Static

static

3

6079f2d16b...18.exe

windows7-x64

10

6079f2d16b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 18:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    6079f2d16be35cd6aa4d6225d6d61dd5

  • SHA1

    c47b3d3936041acfb2069a883ea25a8d17b976ef

  • SHA256

    f714d214cbc968eabb697e2a63427ae7cfa86a358c0e80da0e887bbaf33b0245

  • SHA512

    c4c04947d45307b8d17c7eae8ff28da6e02de198791708767bb03c82a0207d529a7e34d97b01ab2ebc4678f1a32b212d17ee47f91a03ac1da47511e2b2296d50

  • SSDEEP

    49152:rEOYCOyarEdD8YPujyuAJhqDI0quQql3DnxN:slyacIAuyJhqEEQql3t

Score
10/10
sendsafeunregisteredbotnetspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.184.198.249:50003

31.184.198.249:50004
Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

    spambotnetsendsafe
  • SendSafe payload 2 IoCs
    botnet
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2660-0-0x0000000001FE0000-0x0000000002192000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2660-1-0x0000000000400000-0x00000000005C9000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/2660-2-0x0000000000400000-0x00000000005C9000-memory.dmp
    Filesize

    1.8MB

    Download